Cryptocurrency hacking and fraud resulted in over $2.3 billion in losses this year. This underscores the continued security vulnerabilities in the industry. This figure spans 165 incidents, a 40% increase from the previous year.
The total loss amount is less than the $3.7 billion in 2022, but the persistent increase in attacks indicates that the industry's defenses are still insufficient against advanced threats.
Ethereum, the blockchain with the most fraud...over $1.2 billion in incidents
According to Cyvers' annual report, access control vulnerabilities were a prominent cause of losses, accounting for 81% of the total stolen funds.
While these incidents represented only 41.6% of the total events, their impact reflects the risks of poorly managed security protocols. Ethereum was the blockchain with the largest losses this year, recording over $1.2 billion in losses.
A particularly concerning trend this year was the proliferation of 'Pig Butchering' scams. 'Pig Butchering' refers to a scheme where scammers build rapport with victims and gradually convince them to invest in fraudulent cryptocurrency schemes. This sophisticated fraud scheme focused on the Ethereum blockchain, causing over $3.6 billion in losses.
"The increase in access control breaches and sophisticated scams like Pig Butchering underscores the importance of implementing AI-based risk assessment, transaction verification, and anomaly detection tools. Security needs to stay ahead of increasingly complex and organized attacks." - Cyvers told BeInCrypto.
Additionally, smart contract vulnerabilities have emerged as a major attack vector, particularly in DeFi. The third quarter of 2024 was the worst loss period, with $790 million stolen.
"Cryptocurrency platforms need to deploy robust detection and prevention systems and integrate them with crisis response mechanisms to avoid becoming the next victim of hackers. According to Cyvers data, 9 out of 10 hacked smart contracts had been audited, and in many cases, underwent rigorous penetration testing. This was clearly not enough." - Cyvers researchers noted.
However, in the fourth quarter, malicious activity temporarily decreased, leading to a significant drop in incidents.
Largest cryptocurrency hacks of 2024...WazirX, Radiant Capital, and more
The biggest individual incidents this year have starkly highlighted the vulnerabilities in the cryptocurrency ecosystem.
In July, the Indian cryptocurrency exchange WazirX suffered a devastating hack, losing approximately $234.9 million. The attackers exploited weaknesses in the exchange's multi-signature wallets to gain unauthorized access to the funds.
Multi-signature wallets are considered more secure, as they require multiple private keys to authorize transactions. However, this incident demonstrated how improper implementation of such systems can lead to catastrophic breaches.
WazirX suspended trading and withdrawals and initiated a comprehensive security audit to mitigate the damage. Despite these efforts, the exchange remains offline as it awaits regulatory approval to resume operations.
"We are working to obtain court approval for the plan as soon as possible. In accordance with legal and regulatory requirements, the platform will resume trading after the effective date of the plan." - WazirX recently posted on X (formerly Twitter).
In November, Indian authorities arrested a suspect related to the hack. However, the main perpetrators are still at large. Investigators criticized Liminal Custody, the entity responsible for protecting WazirX's digital wallets, for failing to provide critical information during the investigation.
The blockchain lending platform Radiant Capital was another high-profile victim this year. In October, the platform suffered over $50 million in losses due to a multi-chain attack.
The hackers gained access to three of the platform's private keys, allowing them to drain assets across multiple networks, including Arbitrum, Binance Smart Chain, Base, and Ethereum.
This attack was reported to be perpetrated by North Korea-linked entities, who are increasingly employing sophisticated tactics to target the cryptocurrency sector. The Radiant Capital breach highlights the growing risks associated with cross-chain operations and the need for better private key management.
Meanwhile, the Japanese cryptocurrency exchange DMM Bitcoin experienced one of the most severe incidents of 2024. In May, the platform lost approximately 4,502.9 bitcoins, worth $320 million at the time. This occurred after the attackers compromised the private keys. Efforts to recover the stolen assets and reassure customers continued, but DMM Bitcoin ultimately announced its closure in December.
The exchange began transferring user accounts to SBI VC Trade, signaling a grim end to its operations. This incident particularly underscores the devastating impact of the lack of key security in centralized platforms.
CeFi Risks... Threat of Advanced Technology
The centralized finance platforms (CeFi) still face major challenges. Single points of failure such as insufficient oversight of centralized reserves and key management make these platforms attractive targets for attackers.
Reliance on multi-signature wallets has shown vulnerabilities under certain conditions, further exacerbating these risks. Emerging technologies, including quantum computing and artificial intelligence, are expected to enable increasingly sophisticated attack methods, amplifying the threat.
These developments require proactive security measures to match the dynamic threat environment. Experts suggest that incidents like the WazirX and Radiant Capital breaches could have been averted with the use of proactive threat monitoring solutions.
"We can be confident that major attacks like the $235 million WazirX hack and the $50 million Radiant Capital hack could have been prevented, and 100% of the funds could have been protected." - Cybersec told BeInCrypto.
The surge in malicious activities this year reflects the urgent need for robust defenses across the cryptocurrency ecosystem. Platforms lacking real-time monitoring and proactive security tools are highly vulnerable to breaches, putting user funds at risk.
The industry must prioritize adopting advanced security measures and strengthening collaboration among stakeholders to effectively address these persistent threats.
"Zero-day attacks are unpredictable and not based on previously known practices. Without real-time monitoring and detection mechanisms, and proactive tools, cryptocurrency platforms cannot resolve and mitigate these attacks in real-time." - Cybersec experts pointed out.
As the cryptocurrency sector grows, attackers' creativity in exploiting vulnerabilities will also increase. The incidents this year have made it clear that reactive measures alone are not sufficient.
