A breakdown of the incidents showed that the bulk of the losses, totaling $21 million, stemmed from exploits targeting blockchain protocols. Additionally, users suffered losses of $4.3 million due to exit scams and rug pulls orchestrated by malicious founders, with flash loans contributing a nominal $129,000 to the overall figure.

Meanwhile, CertiK explained to CryptoSlate that the significant decrease in losses was due to the absence of private key compromises, which are typically responsible for substantial losses. Only three such incidents occurred in April, while the industry witnessed 11 occurrences in March.

Nevertheless, April did not escape controversies entirely. The focal point revolved around ZKasino, a decentralized gambling platform, which unilaterally shifted $33 million worth of Ethereum from its users into the liquid staking pool, Lido.

Only three exploits surpassed $1 million.

CertiK said only three breaches surpassed the $1 million mark in April, indicating a degree of resilience within the ecosystem.

The most notable incident unfolded at FixedFloat, a decentralized exchange, which suffered a $2.8 million loss on April 1 due to an exploit on its Ethereum-based hot wallet.

Notably, FixedFloat had previously suffered a breach in February, losing $26 million. The exchange confirmed that the April attack originated from the same group.

In a separate incident, the RWA tokenization platform Grandbase fell victim to a $2 million theft due to a private key leak. The perpetrator minted an excess supply of GB tokens and withdrew and exchanged them for ETH.

Meanwhile, April saw 13 rug pulls, with CondomSol being the most significant. It raised approximately $933,000 in a presale and dumped it on investors.

CORRECTION: Updated percentage decrease from error in original data.

Mentioned in this article