$364 Million Lost in April to Crypto Hacks, Scams: CertiK

New CertiK estimates suggest about $364 million was lost through crypto hacks, scams and exploits in April alone.The cybersecurity firm says the vast majority of this total, $337 million, is related to phishing attacks.#CertiKStatsAlert 🚨Combining all the incidents in April we’ve confirmed ~$364M lost to exploits, hacks and scams after ~$18.2m was returned.KiloEx, Loopscale and zkSync all had funds returned by whitehat exploiters.~$337M of the total is attributed to phishing.More… pic.twitter.com/0GBcSZgdPB— CertiK Alert (@CertiKAlert) April 30, 2025And most of these illicit gains were generated from a single incident, after sophisticated social engineering tactics were used to steal 3,520 BTC from a wallet.MoneroOn Wednesday, ZachXBT confirmed that the victim was “an elderly individual in the U.S.” who had held onto the crypto since 2017.Update: It is confirmed to be a social engineering theft from an elderly individual in the US.— ZachXBT (@zachxbt) April 30, 2025Other notable incidents across April included a $7.5 million attack on the decentralized exchange KiloEX, which was linked to a “price oracle exploit.”A further $5.8 million was stolen from Loopscale, with over $5 million drained from an airdrop contract belonging to Ethereum scaling protocol ZKsync.According to CertiK, all three of these crypto platforms have managed to recoup funds from white-hat hackers.April’s data is a marked jump from the $28.8 million in losses confirmed in March. But it pales in comparison to the record-breaking $1.5 billion stolen in February, when Bybit was targeted in an audacious hack by North Korean hacking outfit Lazarus Group.CertiK’s findings come days after its co-founder Ronghui Gu warned that the security challenges facing blockchain remain “severe,” despite this technology becoming “critical global financial infrastructure” in recent years.EthereumThe cyber security firm says phishing attacks are still on the rise, meaning crypto businesses and investors must take extra care in verifying whether URLs and smart contracts are authentic before transfers are made.Other top tips include utilizing cold storage that’s disconnected from the internet, and not sharing information about crypto holdings on social media.