Author: Alex O’Donnell, Cointelegraph; Translated by: Baishui, Golden Finance

According to the mid-year Web3 Security Report from cybersecurity firm Cyvers, the total amount of cryptocurrency funds stolen so far this year is close to $1.4 billion, as centralized exchanges become a new source of vulnerabilities.

Total cryptocurrency losses exceeded $600 million in the second quarter of 2024, up 100% from the same period last year. The surge in stolen funds was primarily due to a 900% increase in losses at centralized exchanges, the report said.

“This quarter saw a significant shift in attack vectors, with centralized exchanges (CEX) bearing the brunt of major incidents, while decentralized finance (DeFi) protocols demonstrated greater resilience,” the report said. “This trend may be attributed to the concentration of assets on centralized platforms and potentially lax security measures on some exchanges.”

Cyvers said access control vulnerabilities, often in the form of phishing attacks, accounted for the vast majority of stolen funds, with about $490 million lost in the second quarter alone. That figure far exceeds losses from smart contract vulnerabilities, which accounted for less than $70 million in the same period.

Source: Cyvers

Decentralized finance (DeFi) protocols moved quickly to freeze compromised smart contracts, protecting users, but Cyvers warned that the risk of exploits remains prevalent as hackers find new vulnerabilities in complex contracts. Cross-chain bridges are also emerging as a significant attack vector, the report noted, citing the $1.44 million exploit of XBridge in April.

In May, a high-profile hack of Japanese cryptocurrency exchange DMM severely impacted Cyvers’ second-quarter numbers. The hack, reportedly caused by a compromised private key, cost as much as $300 million. Another notable outlier is Turkish cryptocurrency exchange BtcTurk, which was hacked in June and lost approximately $50 million.

The report notes that identified victims have had greater success than before in recovering lost funds, with total funds recovered in the second quarter up 42% from the same period last year. However, the vast majority of lost funds, about 76%, have not yet been recovered.

Cyvers said Web3 users should continue to be wary of emerging threats posed by artificial intelligence and quantum computing, which could provide hackers with sophisticated new tools to bypass on-chain security measures.