December 21, 2024

Cryptocurrency scams and hacks have cost more than $2.3 billion this year, highlighting the industry’s continued security vulnerabilities. The figure includes 165 incidents, a 40% increase from the previous year.

While the total is less than the $3.7 billion lost in 2022, the continued increase in attacks suggests that the industry’s defenses are still inadequate against advanced threats.

Ethereum and Access Control Failures Dominate Losses

According to Cyvers’ annual report, access control vulnerabilities emerged as a major factor in losses, accounting for 81% of total stolen funds.

Although these incidents only accounted for 41.6% of cases, their significant impact reflects the risks of poorly managed security protocols. Ethereum was the most affected blockchain this year, recording losses of over $1.2 billion.

A worrying trend this year has been the rise of “pig slaughter” scams. These complex fraudulent schemes have defrauded over $3.6 billion from unsuspecting users, with most of the activity centered on the Ethereum blockchain.

“The increase in access control breaches and sophisticated scams like pig slaughtering underscores the importance of implementing AI-powered risk assessment tools, transaction verification, and anomaly detection,” Cyvers told BeInCrypto. “Security must evolve to stay ahead of increasingly sophisticated and coordinated attacks.”

“If cryptocurrency exchanges want to avoid becoming the next victim of hackers, they need to deploy robust detection and prevention systems and integrate them with crisis response mechanisms,” Cyvers researchers noted. “As Cyvers’ data shows, 9 out of 10 hacked smart contracts were audited and many had undergone rigorous penetration testing. This, clearly, was not enough.”

In contrast, the fourth quarter saw much less activity, indicating a temporary lull in malicious operations.

Biggest Cryptocurrency Hacks of 2024: WazirX, Radiant Capital, DMM Bitcoin

This year’s biggest single incidents have provided stark reminders of the vulnerabilities within the cryptocurrency ecosystem.

In July, Indian cryptocurrency exchange WazirX suffered a devastating hack, losing around $234.9 million. The attackers exploited vulnerabilities in the exchange’s multisig wallets, allowing them to gain unauthorized access to funds.

Multi-signature wallets, which require multiple private keys to approve transactions, are often considered more secure. However, this incident demonstrated how poor implementation of such systems can lead to catastrophic breaches.

WazirX has temporarily halted trading and withdrawals to contain the damage and has begun a comprehensive security audit. Despite these efforts, the exchange remains offline as it seeks regulatory approval to resume operations.

“We are seeking court approval of the plan as soon as possible,” WazirX recently wrote on X (formerly Twitter). “Subject to legal and regulatory requirements, the platform will resume trading after the plan’s implementation date.”

In November, Indian authorities arrested a suspect linked to the hack, though the mastermind remains at large. Investigators have criticized Liminal Custody, the company responsible for securing WazirX’s digital wallets, for failing to provide crucial information during the investigation.

Radiant Capital, a prominent blockchain lender, was another high-profile victim this year. In October, the platform lost over $50 million in a multi-chain attack.

The hackers reportedly gained access to three of the platform's private keys, allowing them to withdraw assets across multiple networks, including Arbitrum, Binance Smart Chain, Base, and Ethereum.

The attack has been attributed to North Korean-backed actors, who are increasingly targeting the cryptocurrency sector with advanced tactics. The Radiant Capital hack reflects the growing risks associated with cross-chain operations and the urgent need for improved private key management.

Meanwhile, Japanese cryptocurrency exchange DMM Bitcoin experienced one of the most serious incidents of 2024. In May, the platform lost around 4,502.9 BTC, worth $320 million at the time, after attackers managed to hack a private key. Despite lengthy efforts to recover the stolen assets and reassure customers, DMM Bitcoin announced its closure in December.

The exchange has since begun moving user accounts to SBIVC Trade, signaling a grim end to its operations. The incident highlights the devastating impact of insufficient key security, especially for centralized platforms.

The reliance on multi-signature wallets, which have proven to be vulnerable under certain conditions, further exacerbates these risks. Emerging technologies, including quantum computing and artificial intelligence, are expected to exacerbate the threat by enabling increasingly sophisticated attack methods.

The sharp increase in malicious activity this year reflects the urgent need to bolster defenses across the cryptocurrency ecosystem. Platforms that lack real-time monitoring and proactive security tools remain highly vulnerable to hacks, putting users’ funds at risk.

The industry must prioritize adopting advanced security measures and foster greater collaboration among stakeholders to effectively combat these ongoing threats.

“Zero-day attacks are unpredictable and do not rely on known past practices. Without real-time monitoring and detection mechanisms, and proactive tools - crypto platforms cannot counter and thwart such attacks in real time,” Cyvers experts noted.

As the crypto industry continues to grow, so will the sophistication of attackers seeking to exploit its vulnerabilities. This year’s incidents have shown that reactive measures are no longer enough.