The cryptocurrency industry faced a rash of security breaches in Q2 2024, with total losses reaching $629.7 million across 49 incidents, according to a new report from blockchain security firm Cyvers. Despite the staggering figure, only 24% of the stolen funds were recovered, highlighting the ongoing challenges in protecting digital assets.
Since the start of the year, cryptocurrency criminals have seized more than $1.38 billion, much of it the result of “access control breaches.”
Cryptocurrency Recovery Efforts Fail as Losses Mount
The report shows a significant shift in attack vectors, with centralized exchanges (CEXs) becoming the primary targets. Two major incidents accounted for more than 57% of the total losses.
“The sharp increase in CeFi losses by 900% compared to Q2 2023 signals a significant change in the focus of attackers,” Cyvers commented in the latest report. “This trend may be related to the concentration of assets on centralized platforms and potentially weak security measures on some exchanges.”
⚠️⚠️ @Cointelegraph reports alarming rise in crypto losses in Q2 2024.
“A 900% increase in losses on centralized exchanges was the primary factor behind the surge in stolen funds.” Total losses doubled from Q2 2023, exceeding $600 million.
Read more:… pic.twitter.com/Ck5nCDQfQe
— Cyvers | Web3 Proactive Security (@Cyvers_) July 9, 2024
While total recoveries rose 42% year-on-year from $138.9 million to $197 million, they represent less than a quarter of total losses.
This means that barely one in four victims of cryptocurrency hacks can get their money back. Considering that almost $1.4 billion was withdrawn by scammers in the first half of 2024, this means that more than $1 billion remained in the pockets of scammers who went unpunished.
One small consolation is that the overall figures appear to be lower than last year. According to a March FBI report, crypto miners have withdrawn just under $4 billion in 2023.
Access Control Breaches Lead to 35% Increase in Crypto Exploits
The report also highlights a noticeable shift in hacker tactics, with a 35% increase in access control exploits. These refer to security incidents where attackers gain unauthorized access to systems, wallets or accounts by exploiting weaknesses in authentication and authorization mechanisms.
These breaches resulted in losses of $491,311,000 across 26 incidents, a significant portion of the total losses of $629,689,000 in Q2 2024. The DMM Exchange breach, which resulted in losses of $305 million, was reportedly caused by a compromised private key, an example of this trend.
🚨WARNING🚨We are receiving reports that @DMM_Bitcoin, a major Japanese cryptocurrency #exchange, is reporting a loss of $305 million in $BTC due to a hack.
In a blog post at https://t.co/1wD0fpsJEI DMM Bitcoin revealed that $4,502.9BTC had been transferred from the exchange.
They took steps to prevent further…— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) May 31, 2024
“As the ecosystem becomes increasingly interconnected, security audits need to be considered to improve interoperability across chains,” Cyvers said in its report.
The data from the Cyvers report matches the statistics that blockchain security firm CertiK released last week. According to the report’s findings, about $1.2 billion disappeared from the cryptocurrency market in the first six months. The only difference is that the report puts phishing attacks first, rather than access control exploits.
The rise in attacks has far-reaching economic consequences beyond direct losses. Market volatility caused by major incidents has wiped out billions of dollars in market capitalization in the crypto ecosystem. Additionally, the frequency and scale of attacks has led to a sharp increase in crypto insurance premiums, increasing the operating costs of Web3 projects.
“The Web3 ecosystem faces significant challenges from sophisticated cyberattacks in Q2 2024. Projects and organizations must implement robust security measures, conduct continuous monitoring, and engage in proactive community efforts,” the report says.
