A Single Phishing Attack Drives $364M in April Crypto Losses: CertiK

April proved to be a brutal month for crypto security, with over $364 million lost to exploits, hacks, and scams, according to blockchain security firm CertiK.

In its latest monthly update, shared in a post on X, CertiK reported that net losses for last month totaled just over $345 million. Around $18.2 million was recovered — largely thanks to whitehat hackers who returned funds from incidents involving KiloEx, Loopscale, and zkSync.

What’s more, the vast majority of the total losses in April, around $330 million, stemmed from a single phishing attack.

April’s net damage represents a 1,097% increase from March’s, which recorded around $28.8 million lost after approximately $4.8 million was returned, CertiK revealed in a previous X post. Approximately $4.5 million of March’s total can be attributed to phishing.

The findings underscore a growing concern in the crypto industry: user-targeted scams like phishing continue to pose a persistent and costly threat.

The $330 million scam that rocked the industry

Last week, more than $330 million worth of Bitcoin (BTC) was stolen and laundered, according to onchain investigator ZachXBT, who flagged a suspicious transfer of 3,520 BTC to a unique address.

The stolen funds were quickly laundered through multiple instant exchanges and converted into Monero (XMR), causing the privacy coin’s price to spike by 50%. In a follow-up post on Wednesday, April 30, ZachXBT revealed that the victim of the social engineering attack was an elderly individual in the U.S.

The incident comes amid a broader trend: in 2024, up to $51.3 billion in crypto was sent to illicit addresses, according to a report by Chainalysis.