A recent report from blockchain security firm CertiK reveals that crypto-related security breaches led to losses totaling $129.6 million in October. The report highlights that the majority of these losses came from exploits, alongside exit scams and flash loan attacks affecting various users and protocols.
The breakdown of losses includes $1.2 million from exit scams, $1.5 million from flash loan attacks, and a staggering $127 million from exploits alone. The largest incident involved Radiant Capital, a lending protocol, which reported over $50 million in losses following an attack on October 16. Other significant events included a phishing scam targeting a high-value wallet, resulting in a $36-million loss, and a $13-million hack on the crypto exchange M2, both of which contributed heavily to the overall figures.
These incidents occurred throughout October, with major losses recorded mid-month and at month’s end. For example, the Radiant Capital hack took place on October 16, while the $36-million phishing scam occurred on October 11. The M2 exchange hack on October 31 capped off a challenging month for crypto security, marking a 2.91% increase in losses from September but a notable drop of 60% from the $324.7 million lost in May.
The breaches impacted several global platforms, particularly those operating on prominent blockchains such as BNB Chain and Arbitrum. Radiant Capital’s hack disrupted its operations on these chains, while the M2 crypto exchange reported losses of assets including Bitcoin, Ether, and Solana from its hot wallets.
The rise in losses is attributed to vulnerabilities within blockchain protocols and the effectiveness of phishing attacks. Radiant Capital’s post-incident analysis revealed that hackers compromised core developer devices using malware, allowing them to breach private keys and drain digital assets from the protocol.
In response to the attacks, Radiant Capital temporarily suspended operations, implementing new security practices. On November 1, the protocol resumed its Ethereum markets with enhanced safety measures, including a timelock contract that requires a 72-hour delay for any changes. Meanwhile, M2 assured users that customer funds had been restored after the hack and stated that the situation was “fully resolved.” These incidents highlight the ongoing need for improved cybersecurity within the crypto space to protect assets from sophisticated cyber threats.