According to cybersecurity firm Cyvers’ mid-year Web3 security report, the total volume of stolen crypto funds in 2024 is nearing $1.4 billion, with centralized exchanges (CeFi) emerging as the primary targets for exploits.
In the second quarter of 2024, crypto losses surpassed $600 million, marking a 100% increase compared to the same period in 2023. The dramatic rise in stolen funds is attributed primarily to a staggering 900% increase in losses on centralized exchanges, as detailed in the report.
“This quarter has witnessed a significant shift in attack vectors, with centralized exchanges (CEX) bearing the brunt of major incidents, while decentralized finance (DeFi) protocols show improved resilience,” the report stated. The trend is likely due to the concentration of assets in centralized platforms and potentially lax security measures in some exchanges.
Dominance of Access Control Breaches
Access control breaches, often in the form of phishing attacks, accounted for the overwhelming majority of stolen funds, totaling around $490 million in Q2 alone. This figure far exceeds losses from smart contract exploits, which saw less than $70 million drained during the same period.
Quick action by DeFi protocols to freeze compromised smart contracts has protected users, but Cyvers cautioned that exploit risk remains prevalent as hackers uncover new vulnerabilities in complex contracts. Cross-chain bridges are also becoming significant attack vectors, with the report citing the $1.44 million exploit of XBridge in April.
The high-profile breach of Japanese cryptocurrency exchange DMM in May significantly impacted Cyvers’ Q2 data. The hack, reportedly caused by a compromised private key, resulted in over $300 million being drained. Another significant incident was the Turkish cryptocurrency exchange BtcTurk, which lost around $50 million to hackers in June.
Improvement in Fund Recovery
Despite the increase in stolen funds, the report noted that victims are experiencing greater success in recovering lost funds. Total funds recovered increased by 42% in Q2 compared to the same period in 2023. Nevertheless, the vast majority of lost funds (approximately 76%) remain unrecovered.
Web3 users should be vigilant against emerging threats posed by artificial intelligence and quantum computing, which could provide hackers with sophisticated new tools for bypassing on-chain security measures, Cyvers warned.
| Metric | Q2 2023 | Q2 2024 | Percentage Change |
|---|---|---|---|
| Total Crypto Losses | $300 million | $600 million | +100% |
| Losses on Centralized Exchanges | $50 million | $450 million | +900% |
| Losses from Phishing Attacks | $200 million | $490 million | +145% |
| Losses from Smart Contract Exploits | $80 million | $70 million | -12.5% |
| Total Funds Recovered | $70 million | $100 million | +42% |
| Unrecovered Funds | $230 million | $456 million | +98% |
Analysis of Major Incidents
- DMM Exchange Hack: The DMM exchange in Japan experienced a significant breach in May, resulting in over $300 million in losses. The attack was attributed to a compromised private key, highlighting the critical importance of robust private key security.
- BtcTurk Exchange Hack: In June, Turkish exchange BtcTurk lost approximately $50 million to hackers, further emphasizing the vulnerabilities of centralized exchanges to sophisticated cyber-attacks.
Several factors have contributed to the dramatic increase in crypto losses in 2024, particularly in centralized exchanges:
- Concentration of Assets: Centralized exchanges hold substantial amounts of assets, making them attractive targets for hackers.
- Lax Security Measures: Some exchanges may have inadequate security protocols, leaving them vulnerable to attacks.
- Sophistication of Attacks: Hackers are employing more advanced techniques, including social engineering and sophisticated malware, to breach security systems.
While centralized exchanges have become prime targets, DeFi protocols have shown improved resilience. Quick actions to freeze compromised smart contracts and proactive security measures have helped mitigate losses. However, the risk of exploits remains, especially as hackers continue to find new vulnerabilities.
Cross-chain bridges, which facilitate the transfer of assets between different blockchains, have also become significant attack vectors. The $1.44 million exploit of XBridge in April is a notable example. These bridges, while essential for interoperability, present additional security challenges that need to be addressed.
Looking forward, it is crucial for both centralized exchanges and DeFi protocols to enhance their security measures. Regular audits, robust access controls, and comprehensive risk management strategies are essential to protect against the evolving threat landscape.
- For Centralized Exchanges: Implement multi-factor authentication, regular security audits, and employ advanced monitoring systems to detect and prevent breaches.
- For DeFi Protocols: Continuously update smart contract code, perform thorough security testing, and establish rapid response mechanisms to address potential vulnerabilities.
Cyvers’ mid-year Web3 security report highlights a concerning rise in crypto security breaches, particularly targeting centralized exchanges. With total crypto losses approaching $1.4 billion in 2024, the need for enhanced security measures is paramount. By adopting proactive security practices and fostering collaboration across the ecosystem, the crypto community can better protect its assets and build a more secure digital future.
Featured image credit: flatart via Freepik