Smart contracts are no longer the primary concern in the crypto hacks surge, as hackers are now vying for easier targets, such as private key breaches.
In 2024, cryptocurrency hackers and exploiters may be on the brink of a more prosperous year, potentially surpassing their accomplishments from 2023.
Hackers stole digital assets valued at $542.7 million in the first quarter of 2024, a 42% increase from the same period in 2023.
According to Mriganka Pattnaik, co-founder and CEO of Merkle Science, a crypto risk and intelligence platform, the primary cause is the constant evolution of hackers’ attack vectors and their pursuit of more straightforward targets.
Pattnaik disclosed to Cointelegraph:
“While smart contract vulnerabilities remain a concern, hackers increasingly target areas outside smart contracts, like private key leaks. These leaks, often due to phishing attacks or insecure storage practices, have led to significant losses.”
Hackers employ phishing attacks to obtain sensitive information, such as private keys for crypto wallets. Address poisoning scams and other phishing assaults are designed to deceive investors into sending funds to a fraudulent address resembling an address they have previously interacted with.
In the most high-profile phishing attack of the year, a trader lost $71 million in cryptocurrency in May. The assailant deceived the trader into transferring 99% of their funds to the attacker’s address.
However, in an unusual turn of events, the unidentified criminal returned the $71 million to the victim over a week later when the incident caught the attention of blockchain investigation firms. The attacker’s location was ultimately determined.
Smart contracts are becoming more secure, but hackers are looking for easier targets
Intelligent contract vulnerabilities were previously among the most frequently targeted infrastructures by hackers.
Nevertheless, the 2024 HackHub report from Merkle Science indicates that the amount of money compromised due to smart contract vulnerabilities decreased by 92% to $179 million in 2023, a significant decrease from the $2.6 billion lost in 2022.
Private key leaks are presently the most pressing issue, as per Pattnaik:
“While smart contract vulnerabilities remain a security concern, a significant portion of financial losses are now attributable to attack vectors outside the realm of smart contracts. The biggest security concern right now is the rapid increase in losses due to private key leaks.”
Private key breaches resulted in the loss of more than 55% of the digital assets hacked in 2023.
Pattnaik attributed the decline in smart contract exploits to hackers seeking more straightforward targets and developing more sophisticated security tools.
“New security tools are helping to identify and fix weaknesses in smart contracts before they can be exploited. Finally, hackers may be looking for easier targets that require less technical knowledge to exploit, such as stealing private keys.”
Growing crypto valuations are attracting more hackers
Since the commencement of the year, cryptocurrency prices have experienced substantial growth. The total market capitalization of all cryptocurrencies has increased by 54% year-to-date (YTD), as indicated by CoinMarketCap data.
In addition to increasing the potential bounty for exploiters, the increasing prices of cryptocurrency are also attracting a growing number of hackers to the crypto space, as per Pattnaik:
“The surge in crypto asset values creates a tempting target for hackers, as successful exploits can net them significantly more stolen funds than the previous year.”
According to a June 1 X post by PeckShield, the number of digital assets lost during May 2024 was over $574 million, with a 666% month-over-month increase. This was the result of 30 individual crypto breaches.
