According to the Hacken Web 3 2024 report, DeFi protocol losses have dropped significantly by 40% year-over-year. However, the same cannot be said for centralized finance protocols, whose losses have doubled in the past year.
The Hacken report shows that DeFi losses account for 20.4% of total cryptocurrency hack losses, while CeFi accounts for 30% in 2024. However, compared to last year, DeFi is down 40%, dropping from $787 million in losses to just $474 million in losses this year.
CeFi's losses rise to $694 million in 2024
CeFi’s losses increased matically, rising to $694 million from $339 million in 2023. The DMM Bitcoin hack in May 2024 stood out as the largest CeFi hack, with losses reaching around $305 million. Around 4,502.9 BTC were transferred to an unknown wallet, before being redistributed to other addresses.
Another major CeFi hack was the WazirX hack, which accounted for 42.8% of crypto losses in Q3, with nearly $240 million stolen. An attacker breached their system, obtaining signatures from three signers on WazirX and one from Liminal, which allowed them to upgrade the wallet to a malicious trac and drain the funds.
Despite the achievements of the DeFi sector, some protocols are still severely affected by hacker exploits including Radiant Capital. The DeFi company lost over $55 million after a hacker gained access to its system using some malware, tampered with legitimate transaction approvals, and bypassed hardware wallet protections.
Over $1.7 Billion Lost Due to Access Control Vulnerabilities in 2024
Over $2.3 billion was drained by hackers from the crypto space in 2024. Both the DeFi and CeFi sectors have been hit hard by access control vulnerabilities.
Access control exploits account for 75% of all cryptocurrency hack losses and nearly half of all DeFi losses, draining over $1.7 billion.
Additionally, phishing scams drained more than $600 million in 2024. Most of these were a combination of celebrity-endorsed blanket rug pulls and pre-sale scams.
The Hacken report highlights that hacks and breaches across cryptocurrency platforms and the metaverse will continue through 2024, due to vulnerabilities in private key management systems, weak security measures, single signature vulnerabilities, and insecure private key backups.