In the first quarter of 2024, hackers and fraudsters managed to steal $336 million from Web3 protocols, with almost half of the capital being stolen in January alone. Despite the high amount, this figure represents a 23% decrease compared to the same period in 2023. There has been nearly $100 billion locked across Web3 protocols as of March 2024, making it an appealing target for blackhat hackers. However, $73,885,000 has been recovered from stolen Web3 capital in seven specific situations, including $62 million from the Munchables exploit and $5.3 million from the Seneca exploit.
A report by Immunefi reveals that a total of $336,311,217 was lost in 61 Web3 incidents in the first quarter of 2024. Hacks were responsible for $321,645,400 in losses across 46 specific incidents, while fraud resulted in another $14,665,817 stolen across 15 specific incidents. Notably, the majority of the losses occurred in January, with over $133 million being stolen in that month alone. Decentralized finance (DeFi) remains the main target for exploits, with a 22.8% decrease in losses compared to the same period in 2023.
DeFi accounted for 100% of the total losses in the first quarter of 2024, with CeFi not experiencing any attacks. Ethereum once again surpassed BNB Chain as the most targeted chain, with 33 incidents accounting for 51% of total losses across targeted chains. BNB Chain suffered 14 incidents, making up 22% of total losses. Together, these two chains accounted for over half of the losses in the first quarter of 2024. Other affected chains include Arbitrum, Solana, Optimism, Bitcoin, Blast, Polygon, Conflux Network, and Base.
The majority of the $336 million lost in the first quarter of 2024 was attributed to two projects. In January, Orbit Bridge, the bridging service of the cross-chain protocol Orbit Chain, experienced an $81.7 million exploit. In March, Munchables, a non-fungible token (NFT) game on the Ethereum layer 2 Blast, suffered an exploit resulting in $62.8 million in losses. These two projects accounted for $144,480,000 in total losses, representing 43% of the losses in the first quarter.
Hacks continue to be the leading cause of fund loss in the Web3 sector, accounting for 95.6% of losses in the first quarter of 2024. Fraud, on the other hand, only accounted for 4.4% of losses. Hackers stole $321,645,400 across 46 specific incidents, marking a 23.1% decrease compared to the same period in 2023. Meanwhile, $14,665,817 was lost to fraud across 15 incidents, representing a 22.4% decrease compared to Q3 2022. Immunefi, which protects over $60 billion in Web3 user capital, offers over $155 million in available bounty rewards and has paid out over $95 million in total bounties, saving over $25 billion in user funds.
