A new report by cybersecurity firm Cyvers paints a concerning picture for the Web3 security landscape in 2024. The report reveals a significant shift in attack strategies, with centralized exchanges (CEXs) emerging as the primary target for cybercriminals.
According to the report, stolen crypto funds have skyrocketed to nearly $1.4 billion in the first half of 2024. Notably, this figure represents a staggering 100% increase compared to the same period in 2023. This surge is primarily driven by a 900% rise in losses suffered by centralized exchanges.
Cyvers attributes this worrying trend to two key factors: the concentration of digital assets on centralized platforms and potentially inadequate security measures employed by some exchanges. Decentralized finance (DeFi) protocols, on the other hand, appear to be demonstrating improved resilience against attacks.
The report highlights access control breaches, often perpetrated through phishing attacks, as the most prevalent attack method. In the second quarter (Q2) alone, these breaches accounted for a whopping $490 million in stolen funds. This figure dwarfs losses stemming from smart contract exploits, which amounted to less than $70 million during the same period.
The report acknowledges the proactive measures taken by DeFi protocols to mitigate the impact of attacks. By swiftly freezing compromised smart contracts, these protocols have helped protect their users. However, Cyvers warns that exploit risks haven’t been eliminated. Hackers remain persistent in discovering vulnerabilities within the complex code governing these contracts. Additionally, cross-chain bridges, which facilitate the transfer of assets between different blockchains, are emerging as another significant attack vector. The report cites the $1.44 million exploit of XBridge in April as a prime example.
The Cyvers report acknowledges that a few high-profile breaches significantly impacted Q2 data. The May hack of Japanese exchange DMM, reportedly caused by a compromised private key, resulted in losses exceeding $300 million. Similarly, the Turkish exchange BtcTurk suffered a $50 million heist in June.
Despite the alarming increase in stolen funds, the report offers a glimmer of hope. Victims are experiencing greater success in recovering lost assets compared to previous years. Cyvers found that the total amount recovered during Q2 2024 increased by 42% over the same period in 2023. However, it’s important to note that a vast majority (76%) of stolen funds remain unrecovered.
The report concludes by urging Web3 users to stay vigilant against evolving threats. Cybersecurity researchers anticipate that advancements in artificial intelligence (AI) and quantum computing could empower hackers with sophisticated tools capable of bypassing existing on-chain security measures.
