A staggering $208.5 million initially vanished, but with about $4.5 million retrieved, the total unrecovered losses exceeded $204 million.

As per a report published on June 27 by the Web3 portfolio app De.Fi, decentralized finance (DeFi) scams and security breaches resulted in losses exceeding $204 million in Q2 2023. The report, aptly titled “Q2 De.Fi Rekt Report,” derives its conclusions partly from data provided by De.Fi’s “Rekt Database.” During the quarter, a whopping $208.5 million initially went missing, though approximately $4.5 million was subsequently regained through prosecutions, negotiations with cybercriminals, and other recovery strategies.

The report reveals a nearly seven-fold year-on-year increase in DeFi security breaches during Q2, with 117 incidents reported during this period compared to just 17 in the same quarter of 2022. The total losses in the first half of 2023 amounted to a staggering $665 million.

The five major security breaches of the quarter impacted Atomic Wallet, Fintoch, MEV-Boost, Bitrue, and GDAC. The Atomic Wallet breach on June 3 accounted for $35 million, or roughly 17% of the quarter’s total losses. Fintoch users experienced losses amounting to $30.6 million due to an alleged rug pull, and the MEV-Boost attack led to a loss of $26.1 million. These three incidents alone were responsible for more than 45% of the total losses in Q2.

The primary cause of these losses, according to De.Fi, was “access control issues,” where a threat actor gained unauthorized control over a wallet. This resulted in losses amounting to $75.8 million, which is a quarter of the total losses. Exploits were the second most common cause, resulting in losses worth $55.3 million. Rug pulls or exit scams also resulted in users losing $47.3 million during Q2.

Despite these losses, DeFi scams and security breaches in Q2 actually saw a decrease in comparison to Q1. CertiK reported in April that more than $320 million had been lost between January and March.