Crypto hacks hit $1.4B in 2024 as stolen funds on centralized exchanges increased 900% yearly in the second quarter.
The total volume of stolen crypto funds this year is approaching $1.4 billion, as centralized exchanges have emerged as the new ground zero for exploits, according to the mid-year Web3 security report from cybersecurity firm Cyvers.
The total crypto losses in the second quarter of 2024 surpassed $600 million, a 100% increase from the same period in the previous year. According to the report, the primary factor contributing to the increase in stolen funds was a 900% increase in losses on centralized exchanges.
“This quarter has seen a substantial change in attack vectors, with centralized exchanges (CEX) being the primary target of major incidents, while decentralized finance (DeFi) protocols have demonstrated increased resilience,” the report stated.
“This trend may be attributed to the concentration of assets in centralized platforms and potentially lax security measures in some exchanges.”
According to Cyvers, approximately $490 million in Q2, most stolen funds resulted from access control intrusions, frequently manifested as phishing attacks. Losses from smart contract exploits, less than $70 million during the same period, pale compared to that.
Cyvers warned that exploit risk remains prevalent as hackers uncover new vulnerabilities in complex contracts, despite the fact that users have been safeguarded by the swift action of decentralized finance (DeFi) protocols to halt compromised smart contracts.
The report also cited the $1.44 million XBridge exploit in April as evidence that cross-chain bridges are becoming a significant attack vector.
Cyvers’ Q2 data was significantly affected by the high-profile breach of Japanese cryptocurrency exchange DMM in May. The breach, which was purportedly the result of a compromised private key, resulted in the loss of approximately $300 million.
BtcTurk, a Turkish cryptocurrency exchange, was another notable aberration, as it suffered a loss of approximately $50 million to hackers in June.
The report observed that explicit victims are experiencing greater success than ever in recovering their lost funds, with a 42% increase in the total funds recovered in Q2 compared to the same period last year. However, most of the lost funds—approximately 76%—have not been recovered.
According to Cyvers, Web3 users should be vigilant for emergent threats posed by quantum computation and artificial intelligence, which could grant hackers access to sophisticated new tools for circumventing on-chain security measures.
