A new report by blockchain security company Beosin revealed that the total amount of crypto assets lost to exit scams and rug pulls was higher than the amount stolen from decentralized finance (DeFi) projects through exploits and attacks last month.
Beosin also discovered that losses from the exploits in May were down 79 compared to April, signaling a continued decline for two consecutive months.
Losses From Rug Pulls Surpass DeFi Exploits
Over $45 million was lost to crypto rug pulls in May across six incidents. The largest exit scam was that of DeFi lending protocol Fintoch – suspected of being a Ponzi scheme – which vanished with 31.6 million USDT ($31.6 million) in users funds on May 24.
The second-largest rug pull was the theft of roughly $5.9 million by Inferno Drainer, a multi-chain scam service provider, which affected about 5,000 victims. Another notable rug pull was executed by the developers of decentralized exchange (DEX) Swaprum on May 19. The team drained $3 million in Ether (ETH) tokens from the protocol’s liquidity pools.
On the other hand, DeFi exploits amounted to $19.6 million worth of stolen crypto assets. The largest exploit was the attack on Arbitrum-based liquidity protocol Jimbos, which compromised over 4,000 ETH worth about $7.5 million. The Ethereum-based crypto mixer Tornado Cash was also hacked for roughly $2 million.
DeFi protocol Deus Finance, which has fallen victim to many attacks, was hacked again on May 5 through a public burn vulnerability on its stablecoin DEI (DEI). The attacker exploited the DEI token contracts on the BNB Smart Chain (BSC) and Arbitrum network and made away with more than $6 million.
Raising Anti-Fraud Awareness
The blockchain security firm also noted that hardware wallet-related security incidents increased in May. Beosin warned against a new type of coin theft using shared or public charging devices to implant malicious programs that could steal private keys.
“The amount involved in Rug Pulls exceeded that in attacks this month, and new ways of stealing coins such as using shared rechargeables to steal private keys also emerged. Hackers and scammers are gradually shifting the target of their attacks from various project parties to ordinary users,” Beosin said.
The firm urged users to raise anti-fraud awareness, learn several methods for safeguarding their assets, and conduct due diligence on projects before investing in them. The largest exit scam in May was executed by Fintoch, which absconded with users’ funds worth $31.6 million.