Crypto exploits near $1.4B this year as hackers target CeFi: Report
(Coin Telegraph)-10/07/2024
According to cybersecurity firm Cyvers’ mid-year Web3 security report, the total volume of stolen crypto funds in 2024 is approaching $1.4 billion as centralized exchanges emerge as the new ground zero for exploits.
In the second quarter of 2024, total crypto losses exceeded $600 million, marking a 100% increase over the same period in 2023. The surge in stolen funds was driven primarily by a 900% increase in losses on centralized exchanges, according to the report.
“This quarter has witnessed a significant shift in attack vectors, with centralized exchanges (CEX) bearing the brunt of major incidents, while decentralized finance (DeFi) protocols show improved resilience,” the report stated, adding, “This trend may be attributed to the concentration of assets in centralized platforms and potentially lax security measures in some exchanges.”
Access control breaches — often in the form of phishing attacks — accounted for the overwhelming majority of stolen funds, around $490 million in Q2 alone, according to Cyvers. That figure dwarfs losses from smart contract exploits, which saw less than $70 million drained during the same period.
Quick action by decentralized finance (DeFi) protocols to freeze compromised smart contracts has protected users, but Cyvers cautioned that exploit risk remains prevalent as hackers unearth new vulnerabilities in complex contracts. Cross-chain bridges are also becoming a significant attack vector, the report noted, citing the $1.44 million exploit of XBridge in April.
The high-profile breach of Japanese cryptocurrency exchange DMM in May heavily impacted Cyvers’ Q2 data. The hack — reportedly caused by a compromised private key — drained over $300 million. Another significant outlier was the Turkish cryptocurrency exchange BtcTurk, which lost around $50 million to hackers in June.
The report noted that explicit victims are having greater success than before in recovering lost funds, with total funds recovered increasing by 42% in Q2 over the same period in 2023. Still, the vast majority of lost funds (some 76%) have not been retrieved.
Web3 users should remain on the lookout for emergent threats posed by artificial intelligence and quantum computing, which could provide hackers with sophisticated new tools for bypassing onchain security measures, Cyvers said.