Crypto hacks siphoned off $2.9 billion in 2024, according to a new report from blockchain security firm Hacken. While Decentralized Finance (DeFi) projects managed to curb their losses significantly, Centralized Finance (CeFi) platforms faced a doubling of losses, highlighting the ongoing challenges in securing digital assets.
CeFi’s Struggles Deepen
CeFi projects bore the brunt of 2024’s crypto hacks, suffering losses of $700 million, more than double the $339 million reported in 2023. Centralized exchanges were particularly vulnerable, with two high-profile incidents dominating the year:
- The DMM Bitcoin hack in May, which resulted in $305 million in losses.
- The WazirX breach in July, costing $290 million.
These two events alone accounted for over 70% of CeFi’s total losses. According to Hacken, the lack of robust access control measures played a significant role in these attacks. The report emphasized that this vulnerability is widespread across Web3 projects, making it the single largest security risk.
DeFi Gains Ground
While CeFi’s security lapses painted a grim picture, DeFi projects offered a glimmer of hope. Losses in the DeFi sector dropped by 40% year-over-year, falling from $794 million in 2023 to $474 million in 2024. This marked a significant improvement driven by several factors:
- Adoption of security audits: More DeFi projects are prioritizing thorough security checks as a standard practice.
- Bug bounty programs: Offering financial rewards for identifying vulnerabilities has become a cornerstone of DeFi security strategies.
- Improved bridge security: Bridges, which connect blockchain networks, saw losses plummet from $1.9 billion in 2022 to just $114 million this year.
The advancements in bridge security were particularly notable. Techniques such as multi-party computation (MPC) and zero-knowledge (ZK) cryptography have made these critical systems harder to breach and less appealing to attackers.
Access Control: The Weakest Link
Access control issues, particularly private key compromises, emerged as the biggest weakness across the crypto space. Hacken’s report revealed some staggering figures:
- $1.72 billion in losses: These stemmed from access control failures, including private key breaches and phishing attacks.
- 78% of total losses: Excluding phishing, access control vulnerabilities accounted for the vast majority of crypto thefts.
The gaming and metaverse sectors also experienced significant setbacks, highlighted by the $290 million PlayDapp hack. Such incidents underscore the importance of securing digital assets across emerging and established sectors alike.
A Look at the Numbers
To illustrate the shifting landscape of crypto security, here’s a breakdown of losses across sectors and attack types:
| Sector/Attack Type | 2023 Losses | 2024 Losses | Change |
|---|---|---|---|
| DeFi | $794 million | $474 million | -40% |
| CeFi | $339 million | $700 million | +106% |
| Bridges | $1.9 billion | $114 million | -94% |
| Access Control Failures | $2.1 billion | $1.72 billion | -18% |
These figures highlight a clear divide between DeFi’s progress and CeFi’s growing struggles, emphasizing the need for more comprehensive security measures across the board.
The Road Ahead for Crypto Security
The crypto industry’s ability to reduce DeFi losses while addressing persistent vulnerabilities in CeFi will likely define its trajectory in the coming years. Hacken’s report suggests that while better security practices are gaining traction, the rapid pace of innovation continues to outstrip defensive measures in some areas.
One thing is certain: with $2.9 billion lost to hackers in 2024, the stakes have never been higher for businesses and investors in the blockchain space.
