Crypto Hack Losses Plummet in June Despite Major Exchange Exploits

In June, the net loss from cryptocurrency-focused hacks and exploits saw a more than 50% decline compared to May.

In June, crypto-focused hacks and exploits saw a 54.2% decline from May, resulting in $176 million in net losses, according to PeckShield. Despite this decrease, Q2 2024 experienced a 115% increase in losses compared to Q2 of 2023, with centralized exchanges being the primary targets. Meanwhile, Floki Inu warned its users of fake tokens while Microsoft revealed a new "Skeleton Key" hack threatening generative AI security. Security firm CertiK has also migrated its cloud infrastructure in Asia to Alibaba Cloud, the cloud computing subsidiary of Chinese e-commerce giant Alibaba.

Crypto Hack Losses in June Decline

In June, the net loss from cryptocurrency-focused hacks and exploits saw an impressive 54.2% decline compared to May. According to data from the crypto analytics firm PeckShield, approximately 20 hacking incidents were reported in the crypto space in June, resulting in a net loss of close to $176 million. 

This is a big decrease from May 2024, when hackers got away with $385 million. The BtcTurk crypto exchange exploit was the largest hack in June, with hackers stealing over $100 million in crypto assets. 

The second-largest exploit involved Lykke, another centralized exchange, with $22 million in losses, while the DeFi lending protocol UwU Lend suffered a $19.4 million loss. Among the top five hacks in June, two centralized exchanges were hit with the highest losses, followed by three decentralized finance protocols.

May was the biggest month in terms of crypto losses in 2024, with nearly $385 million in net losses from crypto hacks, the largest being the May 31 private key hack of crypto exchange DMM, which drained $305 million worth of Bitcoin. February recorded a net loss of $360 million, while April saw the lowest number of hacks and losses, with $60.19 million. 

Despite the decrease in net losses from exploits in June, losses increased by 115% in the second quarter of 2024 compared to the same period in 2023. Over $572 million was lost in Q2 this year, compared to $220 million in Q2 of 2023. 

The majority of the quarter’s losses were attributed to centralized exchange hacks, amounting to $401 million, or 70% of the total. Although losses from centralized exchanges were higher this quarter, data indicates that only a small fraction of all attacks against these exchanges were actually successful. Centralized platforms were exploited only five times this quarter, while decentralized protocols saw a total of 62 successful exploits.

Floki Inu Warns of Fake Tokens

The Floki Inu meme coin team has issued a warning to its users and the broader crypto community about ongoing scams involving unauthorized tokens falsely associated with its brand. These fraudulent tokens have emerged on the Solana and Base blockchains.

The official X account of Floki Inu alerted its followers about the scam tokens, and pointed out that the legitimate Floki Inu (FLOKI) token is available exclusively on the BNB Smart Chain and Ethereum networks. To help users avoid scams, Floki listed the Ethereum address “0xcf0c122c6b73ff809c693db761e7baebe62b6a2e” and BNB Smart Chain address “0xfb5b838b6cfeedc2873ab27866079ac55363d37e” as the correct contract addresses for its tokens. 

Despite these security threats, Floki Inu is focusing hard on enhancing its ecosystem’s functionality and utility. One exciting development is the introduction of the FLOKI Name Service on the BNB Chain mainnet, that allows users to register decentralized domain names with the .floki extension. This service leverages the Space ID architecture to ensure interoperability with numerous decentralized applications (DApps), including popular wallets and exchanges like Trust Wallet and PancakeSwap. 

Floki Inu also surpassed 417,400 holders on the BNB Chain and launched a rewards program that allows holders to claim a percentage of interest rewards. In March, the dog-themed meme coin unveiled its roadmap for 2024, which revealed several upcoming features and utility-focused initiatives. 

Some of these plans include regulated digital banking accounts, and enabling users to create and fund bank accounts using FLOKI tokens. The roadmap also includes a partnership with a licensed fintech firm to enable digital bank accounts with Swift payments and SEPA IBAN capabilities, expanding across Canada, Spain, Dominica, Australia, and the United Arab Emirates. 

However, in January, the Hong Kong Securities and Futures Commission (SFC) warned the public about the “Floki Staking Program” and “TokenFi Staking Program,” noting that these products promise annualized returns from 30% to over 100% but lack authorization for public sale in Hong Kong.

Generative AI at Risk from New Skeleton Key Hack

Microsoft researchers have uncovered a new form of “jailbreak” attack called a “Skeleton Key” that can remove protections preventing generative artificial intelligence (AI) systems from outputting dangerous and sensitive data. According to a Microsoft Security blog post, the Skeleton Key attack works by prompting a generative AI model with text asking it to augment its encoded security features. 

In one example, an AI model initially refused to generate a recipe for a Molotov Cocktail because of safety guidelines. However, when the model was told the user was an expert in a laboratory setting, it then provided a workable recipe. While similar information can still be found through search engines, the real danger lies in the potential exposure of personally identifiable and financial information.

Microsoft stated that the Skeleton Key attack works on most popular generative AI models, including GPT-3.5, GPT-4o, Claude 3, Gemini Pro, and Meta Llama-3 70B. Large language models like Google’s Gemini, Microsoft’s CoPilot, and OpenAI’s ChatGPT are trained on vast data troves, which may include personally identifiable information. 

The risk is heightened for businesses, agencies, or institutions using AI models connected to private data, as a Skeleton Key attack could trick AI systems into sharing sensitive information.

CertiK Migrates Cloud Infrastructure to Alibaba Cloud

Meanwhile, blockchain security firm CertiK has migrated its cloud infrastructure in Asia to Alibaba Cloud, the cloud computing subsidiary of Chinese e-commerce giant Alibaba. This move involves hosting CertiK’s suite of 12 blockchain applications on Alibaba Cloud to provide Web3 services. By taking advantage of Alibaba’s centralized cloud infrastructure, CertiK plans to offer a secure environment for blockchain developers to develop and deploy Web3 applications. 

Previously, Alibaba Cloud integrated with Avalanche blockchain to support Node-as-a-Service initiatives, making it possible for developers to launch new validator nodes and access additional computing, storage, and distribution resources during peak hours. CertiK’s partnership with Alibaba Cloud, which began in May of 2023, allowed CertiK to bring its security suite to Alibaba’s Blockchain as a Service (BaaS) platform. 

This collaboration enabled developers to conduct code reviews, risk assessments, team identity verification, and background checks on Alibaba’s cloud infrastructure. Initially, CertiK integrated its smart contract auditing and layer 1 blockchain auditing services, with plans to introduce penetration testing and the CertiK Skynet due diligence tool.

Beyond blockchain and Web3 applications, Chinese entrepreneurs and investors are heavily investing in AI. In May, four Chinese startups focusing on generative AI surpassed $1 billion in valuation, competing with companies like OpenAI. 

These new unicorns, including Zhipu AI, Moonshot AI, MiniMax, and 01.ai, have received local investor support and are recruiting talent to develop AI products. Additionally, Alibaba’s payment subsidiary, Alipay, recently launched an AI feature on its payments app to help users detect early signs of balding.