Quantstamp, a decentralized finance (DeFi) security startup, has identified the top five smart contract protocols that suffered the most losses from exploits and hackers in January.

In a post on X social media platform, Quantstamp highlighted that the actions of bad actors, using various attack methods like smart contract hacks, key compromises, and scams, resulted in a total loss of $38.9 million.

$38.9M has been lost to web3 security incidents so far in January 2024

Let's take a look at 5 of the largest smart contract hacks so far ⬇️

— Quantstamp (@Quantstamp) January 30, 2024

At the beginning of the new year, Radiant Capital faced a $4.5 million loss in an empty market exploit. Peckshield noted that the root cause was not unique and originated from a short timeframe when new markets were activated on lending protocols.

The DeFi lender halted its USDC pool on Arbitrum to fix the problem. Radiant clarified that user funds were secure, and operations resumed after an investigation.

To initiate the compensation process for asset recovery, we kindly request our users to fill out the Google Form linked below.

️ The form will be open for one week, and we will prioritize compensation for those who submit their claims.

⤵️Form below. https://t.co/8Hm79uTdwZ

— Goledo Finance (@GoledoFinance) January 30, 2024

Gamma Strategies faced a flash loan attack on Jan 4, hours after the Radiant attack, resulting in a code bug that enabled attackers to siphon $6.1 million from Gamma’s public-facing vaults. To address the issue, Gamma temporarily halted deposits, closing the vulnerability.

Wise Lending suffered a loss of at least $460,000 in a flash loan attack on Jan. 12. This specific exploit involved manipulating the price oracle used by Wise Lending and marked the second attack on the protocol in six months. The Web3 lending app was drained of 170 Ether ( ETH ).

Related: Unwanted emails from Patreon? Crypto users say it might be a phishing scam

On Jan. 16, Socket, a multichain protocol, experienced a security breach due to a vulnerability in user verification input. This allowed hackers to steal nearly 2,000 ETH, valued at over $4 million. However, Socket has recovered 1,032 ETH (approximately $2.3 million) and reimbursed all affected users as part of its plan to restore user funds.

Goledo Finance experienced a security breach similar to Gamma’s exploit on Jan.28, involving a flash loan attack resulting in a theft of $1.7 million. Negotiations with the perpetrator are still ongoing, and Goledo has announced a reward for the return of the funds.

The lending protocol announced that the hacker’s accounts on centralized exchanges were frozen. Goledo is evaluating the extent of the loss to formalize a recovery strategy, and local law enforcement has been briefed on the situation.

The Goledo Team has set out its compensation process for its users’ asset recovery. The team provided a Google form to be valid for one week for users to submit their claims.

Magazine: DeFi’s billion-dollar secret: The insiders responsible for hacks