Crypto hacks and fraud have caused over $2.3 billion in losses this year, reflecting the persistent security vulnerabilities in the industry. This includes 165 attacks, marking a 40% increase from the previous year.
While the total losses are lower than the $3.7 billion in 2022, the continuous rise in attacks indicates that the industry's defensive capabilities are still not strong enough to cope with increasingly sophisticated threats.
According to Cyvers' annual report, access control vulnerabilities have become the primary cause of losses, accounting for 81% of the total funds stolen. Although these incidents only represent 41.6% of the total attacks, their impact is severe, clearly reflecting the inherent dangers of weak security protocols. Ethereum was the blockchain most heavily affected this year, with over $1.2 billion in total losses.
A concerning trend this year has been the rise of "Pig Butchering" scams. These sophisticated fraud schemes have swindled over $3.6 billion from unsuspecting users, with the majority of activities focused on the Ethereum blockchain.
"The increase in access control breaches and sophisticated scams like Pig Butchering underscores the importance of deploying risk assessment tools, transaction authentication, and anomaly detection powered by artificial intelligence (AI). Security must evolve proactively to keep pace with the growing complexity and coordination of attacks," Cyvers stated.
Additionally, smart contract vulnerabilities continue to be a driving factor in attacks, particularly in the DeFi sector. Q3 2024 recorded the most severe losses, with $790 million stolen during this period.
"To avoid becoming the next victim of hackers, crypto platforms must implement robust detection and prevention systems, and integrate them with effective crisis response mechanisms. Cyvers' data shows that 9 out of 10 attacked smart contracts had been audited, and many had undergone rigorous penetration testing. However, it is clear that these measures are still not enough," the Cyvers researchers concluded.
Meanwhile, Q4 2024 saw a significant decline in attack activity, suggesting a temporary lull in malicious operations.
The major incidents this year have served as a stark reminder of the vulnerabilities in the crypto ecosystem. In July, the Indian exchange WazirX was severely hacked, losing around $234.9 million. The attackers exploited a weakness in the exchange's multisig wallet system to gain unauthorized access to the assets.
While multisig wallets are generally considered more secure due to the requirement of multiple private keys to approve transactions, this incident demonstrated that improper implementation of these systems can lead to serious breaches. WazirX temporarily suspended trading and withdrawals to limit the damage, and conducted a comprehensive security audit. However, the exchange remains offline and is awaiting regulatory approval to resume operations.
In November, the Indian authorities arrested a suspect related to the hack, although the mastermind remains at large. Investigators have criticized Liminal Custody, the company responsible for WazirX's wallet security, for not providing critical information during the investigation.
Radiant Capital, a blockchain lending company, was also the victim of a multi-chain attack in October, losing over $50 million. The hackers were reportedly able to access three of the platform's private keys, allowing them to withdraw assets across the Arbitrum, Binance Smart Chain, Base, and Ethereum networks.
This attack is believed to have been carried out by North Korea-backed agents, who are increasingly targeting the crypto sector with sophisticated tactics. The Radiant Capital breach reflects the growing risks associated with cross-chain operations and underscores the urgent need to improve private key management to mitigate potential threats.
Meanwhile, Japan's DMM Bitcoin exchange faced a severe incident in May, losing around 4,502.9 Bitcoin, worth $320 million at the time. This hack serves as a testament to the devastating impact of inadequate key security, particularly for centralized platforms. DMM Bitcoin was forced to shut down and transfer user accounts to SBI VC Trade.
Centralized finance (CeFi) platforms continue to face significant challenges. Vulnerabilities such as centralized reserves and inadequate oversight of key management make these platforms attractive targets for hackers. The reliance on multisig wallets, which have proven vulnerable under certain conditions, further exacerbates these risks.
Additionally, emerging technologies like quantum computing and artificial intelligence could create increasingly sophisticated threats, opening up new avenues for complex attacks. These developments demand proactive security measures to keep pace with the dynamic threat landscape.
"Severe attacks like the $235 million WazirX hack and the $50 million Radiant Capital hack could have been prevented if companies utilized proactive threat monitoring solutions."
The sharp increase in attacks this year reflects the urgent need to improve defensive measures across the entire crypto ecosystem. Platforms lacking real-time monitoring tools and preventive security measures remain vulnerable, posing significant risks to user funds.
The crypto industry must prioritize the deployment of advanced security measures and foster stronger collaboration among stakeholders to effectively combat the growing threats.
"Zero-day attacks are unpredictable and not based on known prior activities. Without real-time monitoring and detection mechanisms along with preventive tools, crypto platforms will not be able to cope with and timely prevent such attacks," Cyvers experts warn.
With the continuous development of the crypto field, the attack capabilities of bad actors are also becoming more sophisticated. Incidents this year have clearly shown that reactive measures alone are no longer sufficient to protect this ecosystem.
Disclaimer: This article is for informational purposes only and is not investment advice. Investors should do their own research before making decisions. We are not responsible for your investment decisions.
Join Telegram: https://t.me/tapchibitcoinvn
Twitter (X): https://twitter.com/tapchibtc_io
Tiktok: https://www.tiktok.com/@tapchibitcoin
Itadori
According to BeinCrypto
