Losses from cryptocurrency attacks and scams fell to their lowest level in December 2024, totaling only $28.6 million, according to CertiK's report.

The cryptocurrency market experienced a significant decline in losses due to attacks and scams in December 2024, marking a positive end to a tumultuous year.

According to data from blockchain security company CertiK published on December 31, the total loss value in December was only $28.6 million, a sharp decrease from $63.8 million in November and $115.8 million in October. This downward trend brings hope for greater stability and security in the cryptocurrency sector.

CertiK reported that the majority of losses ($26.7 million) came from exploitation of vulnerabilities. The most serious incident was the attack on the decentralized finance (DeFi) platform GemPad, which lost $2.1 million. The attacker exploited a vulnerability in GemPad's smart contract to seize assets.

Another notable incident was the hack of the token bridge of the DeFi project FEG, resulting in a $1 million loss. The hacker withdrew FEG tokens from the bridge contract without depositing them into the source chain. CertiK analyzed that the root cause of this vulnerability was a flaw in FEG's cross-chain message verification process.

In the closing days of 2024, cryptocurrency losses due to hacks, exploits, and scams reached their lowest level of the year. Source: CertiK Deep analysis of the attacks

Blockchain security company PeckShield also reported a similar downward trend in its report dated January 1, 2025. According to PeckShield, the total damage from hacks in December was $24.7 million, a 71% decrease from November. Among more than 25 hacks tracked by PeckShield, the most serious attack occurred on December 16 and 17 targeting users of the LastPass password management service, resulting in a loss of $12.3 million.

Source: PeckShieldAlert

Web3 expert Zachxbt confirmed this is the largest loss in December based on on-chain evidence. This incident is particularly noteworthy as LastPass was previously the victim of a data leak in December 2022, when hackers copied the backup of customers' vault data. According to cybersecurity journalist Brian Krebs, it is estimated that by September 2023, over $35 million in cryptocurrency had been stolen from approximately 150 victims of this leak.

The second-largest incident in December according to PeckShield was the attack on the DeFi market protocol Yei Finance on December 2, with approximately $2.2 million stolen. These incidents demonstrate that although overall losses have decreased, security vulnerabilities still exist and can cause significant damage.

Although December recorded a significant decrease in losses, the overall picture for 2024 still shows significant security challenges in the cryptocurrency sector. The 2024 Web3 security report from on-chain security firm Cyvers states that a total of $2.3 billion in cryptocurrency was stolen in 165 incidents throughout 2024. This figure represents a 40% increase compared to the $1.69 billion stolen in 2023, but still a 37% decrease from the $3.78 billion lost in 2022.

Deddy Lavid, co-founder and CEO of Cyvers, believes that the increase in losses in 2024 may be due to access control violations, especially at centralized exchanges (CEX) and cryptocurrency custodians.