Crypto exploits near $1.4B this year as hackers target CeFi: Report
According to cybersecurity firm Cyvers’ mid-year Web3 security report, the total volume of stolen crypto funds in 2024 is approaching $1.4 billion as centralized exchanges emerge as the new ground zero for exploits.
In the second quarter of 2024, total crypto losses exceeded $600 million, marking a 100% increase over the same period in 2023. The surge in stolen funds was driven primarily by a 900% increase in losses on centralized exchanges, according to the report.
“This quarter has witnessed a significant shift in attack vectors, with centralized exchanges (CEX) bearing the brunt of major incidents, while decentralized finance (DeFi) protocols show improved resilience,” the report stated, adding, “This trend may be attributed to the concentration of assets in centralized platforms and potentially lax security measures in some exchanges.”
Access control breaches — often in the form of phishing attacks — accounted for the overwhelming majority of stolen funds, around $490 million in Q2 alone, according to Cyvers. That figure dwarfs losses from smart contract exploits, which saw less than $70 million drained during the same period.
Source: CyversQuick action by decentralized finance (DeFi) protocols to freeze compromised smart contracts has protected users, but Cyvers cautioned that exploit risk remains prevalent as hackers unearth new vulnerabilities in complex contracts. Cross-chain bridges are also becoming a significant attack vector, the report noted, citing the $1.44 million exploit of XBridge in April.
Related: Crypto losses reach $1.19B in H1 2024: CertiK calls for better security
The high-profile breach of Japanese cryptocurrency exchange DMM in May heavily impacted Cyvers’ Q2 data. The hack — reportedly caused by a compromised private key — drained over $300 million. Another significant outlier was the Turkish cryptocurrency exchange BtcTurk, which lost around $50 million to hackers in June.
The report noted that explicit victims are having greater success than before in recovering lost funds, with total funds recovered increasing by 42% in Q2 over the same period in 2023. Still, the vast majority of lost funds (some 76%) have not been retrieved.
Web3 users should remain on the lookout for emergent threats posed by artificial intelligence and quantum computing, which could provide hackers with sophisticated new tools for bypassing onchain security measures, Cyvers said.
Magazine: Crypto-Sec: Phishing scammer goes after Hedera users, address poisoner gets $70K
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Metaplanet Strengthens Bitcoin Holdings with Record $60M Investment
NFT promoters face fraud charges over alleged $22M rug pull
Bridging RWAs to DeFi: Blockchain project expands services with major relaunch
USDX built to support DeFi ecosystem growth: Hex Trust CEO