Blockchain security firm CertiK says the cryptocurrency sector suffered nearly $1 billion in losses in 2023 from scams, rug pulls, exploits, and flash loan attacks, underscoring how security failures and malicious activity continued to weigh on the market throughout the year. According to the firm’s analysis, the total amount misappropriated reached approximately $997.3 million.
August Losses Reached $45.8 Million
CertiK reported that incidents recorded in August resulted in combined losses of roughly $45.8 million. The largest case that month was the PEPE token exit scam, which accounted for about $13.2 million. The Exactly Protocol incident followed with approximately $7.3 million in losses, making it the most significant exploit highlighted for the month.
Breaking August down by category, CertiK said exit scams were responsible for $26 million, flash loan attacks for $6.4 million, and general exploits for $13.5 million. The figures suggest that while the monthly total was below the largest spikes seen earlier in the year, the risk from fraudulent project behavior and protocol weaknesses remained elevated.
Exploits Led Annual Losses
Across 2023, CertiK found that exploits made up the largest share of total losses. The firm estimated that exploits accounted for $596 million during the year. Exit scams, including rug pulls and related deceptive schemes, were linked to another $137 million in losses.
Flash loan attacks, while not the most frequent headline category month after month, still produced major financial damage. CertiK said flash loan-related incidents accounted for a total of $261 million in 2023. The most dramatic monthly surge came in March, when more than $200 million was stolen through flash loan attacks alone.
Monthly Patterns Show Changing Threats
The report also pointed to important monthly shifts in attack patterns. July was the worst month of the year for exploit-related losses, showing how vulnerabilities in smart contracts and protocol design continued to present major attack surfaces. By contrast, May marked the peak month for exit scams, although August came close due to the PEPE incident.
Within August specifically, CertiK identified the Zunami Protocol attack as the month’s largest flash loan issue, while the Exactly Protocol case stood out as the largest exploit. The data illustrates that crypto losses do not come from a single source; rather, the sector remains exposed to a mix of technical vulnerabilities, governance failures, and outright fraud.
Security Remains Central to Market Confidence
The figures add to a broader concern facing the digital asset industry: growth in adoption and innovation continues to be matched by persistent security risks. Smart contract bugs, weak internal controls, and opaque project management structures can all create openings for attackers or insiders to drain funds. At the same time, users often face difficulty distinguishing between legitimate protocols and projects that may later collapse into rug pulls or exit scams.
CertiK’s findings reinforce the idea that security is not a secondary issue in crypto markets but a core factor affecting trust, liquidity, and user participation. For developers and protocol teams, the report highlights the need for stronger auditing, better code review practices, and clearer operational safeguards. For investors, it is another reminder that returns should be weighed alongside contract risk, team credibility, and treasury management practices.
With total 2023 losses approaching $1 billion, the report paints a stark picture of the cost of unresolved security weaknesses across the ecosystem. Even in months without record-breaking hacks, the steady accumulation of scams, exploits, and flash loan incidents can produce substantial damage. As the industry matures, CertiK’s data suggests that reducing these recurring losses may be just as important as attracting new capital into the market.

