Losses from crypto scams, hacks, and exploits increased by approximately 21% year-over-year in 2024 — with threat actors paying particular attention to centralized services and private keys this year, according to cybersecurity firms.
Some warn that the continued development of artificial intelligence and quantum vulnerabilities could make things worse.
In a blog published on Dec. 19, Chainalsysis said there was $2.2 billion in funds stolen in 2024, coming out of 303 incidents in the year, up from 282 in 2023.
“Interestingly, the intensity of crypto hacking shifted about halfway through the year,” it said, explaining that cumulative value stolen in the first seven months of 2024 ($1.58 billion) already made up 72% of the amount stolen this year.
Total value stolen in crypto hacks and number of hacks. Source: Chainalysis
The centralized finance (CeFi) sector was hit particularly hard, “experiencing a nearly 1,000% year-over-year increase in incidents,” Web3 cybersecurity firm Cyvers told Cointelegraph.
Institutional investors and traditional financial firms have started to rethink their stance on crypto this year, but many still see it as a risky play.
Some of the largest exploits of the year targeting centralized exchanges included the Indian WazirX exchange hack in July, which resulted in losses of $235 million, and the Japanese exchange DMM, which lost $305 million in Bitcoin in a private key hack in May.
In February, South Korean NFT and game development platform PlayDapp suffered a private key leak that resulted in losses of around $290 million.
Other notable hacks and exploits included the DeFi network Hedgey Finance, which was exploited for $44 million in April, the Turkish BtcTurk hot wallet attack, which resulted in losses of up to $55 million in June and the Singaporean BingX exchange, which was hacked for $52 million in September.
“In 2024, we saw a big shift in crypto attacks, with centralized entities becoming far more prominent targets,” Jean Rausis, cybersecurity expert and co-founder of decentralized finance ecosystem SMARDEX, told Cointelegraph.
Chainalysis found that private key compromises accounted for the largest share of stolen crypto in 2024, at 43.8%.
“We only have to look at the $305 million DMM Bitcoin hack, which is one of the largest crypto exploits to date, and may have occurred due to private key mismanagement or lack of adequate security,” said the firm.
November’s losses are the second-lowest monthly losses of 2024 so far. Source: Certik
Besides these headline-making catastrophes, there have been hundreds of smaller hacks and scams this year, from pig butchering to fake airdrops to SIM swap attacks.
Blockchain bridge vulnerabilities continued to be a significant attack vector this year while sophisticated social engineering and phishing attacks, often generated by artificial intelligence, targeted individuals and crypto wallets.
Rise of AI-driven crypto scams
“While cybersecurity measures are getting more sophisticated, so are attack vectors,” said Rausis. “The increasing use of AI by cybercriminals is particularly concerning because it means they can keep coming up with fresh types of phishing schemes and automated attacks,” he added before predicting more high-profile attacks next year.
“This means both CeFi platforms and DeFi protocols will have to keep upping their game in 2025, and I wouldn’t be surprised if we keep seeing more and more sophisticated high-profile hacks over the coming years.”
“The current bull market we’re experiencing is set to continue into 2025, so the proliferation of crime will be a key challenge facing the industry next year,” Phil Larratt, Director of Investigations at Chainalysis, told Cointelegraph.
Lessons learned from 2024
There are a number of takeaways from this year’s grim cybersecurity record.
Multifactor authentication is crucial for protecting crypto assets for both individuals and companies, and users must be extremely cautious of unsolicited communications and potential phishing attempts from entities impersonating exchange support personnel.
Casa CEO Nick Neuman interviewed a crypto scammer in November. Source: Nick Neuman
Cold storage and self-custody have also been in the spotlight this year as MicroStrategy founder Michael Saylor sparked a debate about whether big banks should be custodying Bitcoin.
However, using certain hardware wallets such as Ledger may also open up the floodgates to phishing attacks, which have continued unabated following its database breach in 2020.
Quantum computing, AI attack vectors
Meir Dolev, co-founder and chief technology officer at Cyvers, and the firm’s senior blockchain scientist Hakan Unal emphasized the importance of adopting advanced security strategies, such as real-time threat detection, crosschain monitoring, and pre-emptive prevention measures to mitigate these rising risks.
“Emerging threats like AI-driven attacks and quantum vulnerabilities highlight the need for proactive measures and stronger regulatory oversight to protect digital assets.”
They added that attack vectors would continue to evolve in 2025. These would include AI-powered threats such as sophisticated phishing, deepfake scams, and malware capable of evading detection.
Other new attack vectors to expect include supply chain attacks, IoT (Internet of Things) vulnerabilities, cloud and API exploitation, and quantum computing threats.
“Although still emerging, quantum computing poses a long-term risk to current encryption standards, requiring a proactive shift toward quantum-safe protocols,” they said.
On Dec. 9, search giant Google unveiled a new quantum computing chip called Willow that it claims can exponentially correct errors and process certain computations at a “mind-boggling” pace.
