hackers de criptomoedas

Crypto hacks and fraud have resulted in losses of more than $2.3 billion this year, highlighting the persistence of security vulnerabilities in the industry. This figure includes 165 incidents, marking a 40% increase from the previous year.

While the total is smaller than the $3.7 billion lost in 2022, the continued rise in attacks signals that industry defenses remain inadequate against advanced threats.

Ethereum and access control flaws dominate losses

According to the Cyvers annual report, access control vulnerabilities stood out as one of the main drivers of losses, responsible for 81% of total stolen funds.

While these incidents only account for 41.6% of cases, their disproportionate impact reflects the dangers of poorly managed security protocols. Ethereum was the most affected blockchain this year, recording over $1.2 billion in losses.

crypto hack statsThe key attack vectors for crypto hacks from 2022 to 2024. Source: Cyvers

One rather disturbing trend this year has been the prevalence of “Pig Butchering” scams. These elaborate fraud schemes have swindled over $3.6 billion from unsuspecting users, with the majority of activity concentrated on the Ethereum blockchain.

The rise in access control breaches and sophisticated scams like Pig Butchering highlights the importance of implementing AI-based risk assessment, transaction validation, and anomaly detection tools. Security must evolve to stay ahead of increasingly complex and coordinated attacks, Cyvers told BeInCrypto.

Furthermore, smart contract vulnerabilities have dominated the attack landscape, particularly in DeFi. Q3 2024 was the worst for losses, with $790 million stolen during this period.

If crypto platforms want to avoid becoming the next victim of hackers, they need to deploy robust detection and prevention systems and integrate them into their crisis response mechanisms. As Cyvers’ data shows, 9 out of 10 smart contracts that were hacked were audited, and many underwent rigorous penetration testing. That clearly wasn’t enough, Cyvers researchers noted.

In contrast, Q4 saw significantly lower activity, suggesting a temporary lull in malicious operations.

crypto hacks statFunds lost to crypto hacks by quarter. Source: Cyvers

Biggest Crypto Hacks of 2024

The year’s biggest individual incidents offered stark reminders of the vulnerabilities within the crypto ecosystem.

In July, Indian crypto exchange WazirX suffered a devastating hack, losing approximately $234.9 million. Attackers exploited weaknesses in the exchange’s multisignature (multisig) wallets, gaining unauthorized access to funds.

Multisig wallets, which require multiple private keys for transaction approvals, are often seen as more secure. However, this incident demonstrated how poorly implemented such systems can lead to catastrophic breaches.

Additionally, WazirX temporarily halted trading and withdrawals to contain the damage and initiated a comprehensive security audit. Despite these efforts, the exchange remains offline as it seeks regulatory approval to resume operations.

“We are striving to obtain court sanction for the Scheme within the shortest possible timeframe. Subject to legal and regulatory requirements, the platform will resume trading after the effective date of the Scheme,” WazirX recently wrote on X (formerly Twitter).

In November, Indian authorities arrested a suspect in connection with the hack, though the mastermind remains at large. Investigators criticized Liminal Custody, a company responsible for securing WazirX’s digital wallets, for failing to provide critical information during the investigation.

Radiant Capital, a prominent blockchain lender, was another high-profile victim this year. In October, the platform lost over $50 million in a multi-chain attack.

Hackers reportedly gained access to three of the platform's private keys, allowing them to drain assets across multiple networks including Arbitrum, Binance Smart Chain, Base, and Ethereum.

radiant capital hackHackers implanted Trojans on Radiant Capital team members’ computers, tricking hardware wallets into signing malicious transfers. Source: Daniel Von Fange

Attacks and security breaches shake the sector

The attack was attributed to North Korean-backed actors, who are increasingly targeting the crypto sector with advanced tactics. The Radiant Capital breach reflects the high risks associated with cross-chain operations and the urgent need for better private key management.

Meanwhile, Japanese cryptocurrency exchange DMM Bitcoin faced one of its most serious incidents in 2024. In May, the platform lost approximately 4,502.9 Bitcoin, valued at $320 million at the time, after attackers compromised a private key. Despite prolonged efforts to recover the stolen assets and reassure customers, DMM Bitcoin announced its closure in December.

The exchange has started transferring user accounts to SBI VC Trade, marking a grim end to its operations. The incident highlights the devastating impact of inadequate key security, especially for centralized platforms.

CeFi Risks and Emerging Threats from Advanced Technologies

Centralized finance (CeFi) platforms continue to face significant challenges. Single points of failure, such as centralized reserves and insufficient oversight of key management, make these platforms attractive targets for attackers.

Reliance on multisignature wallets, which have been shown to be vulnerable under certain conditions, further exacerbates these risks. Emerging technologies, including quantum computing and artificial intelligence, are expected to intensify the threats by enabling increasingly complex attack methods.

These developments require proactive security measures to keep up with the dynamic threat landscape. Experts have noted that incidents like the WazirX and Radiant Capital breaches could have been prevented with the use of proactive threat monitoring solutions.

We can say with certainty that such prominent attacks as the $235 million WazirX hack and the $50 million Radiant Capital hack could have been prevented and 100% of the funds could have been saved if the companies had used such solutions, Cyvers told BeInCrypto.

The sharp increase in malicious activity this year reflects the critical need for stronger defenses across the cryptocurrency ecosystem. Platforms without real-time monitoring and preventative security tools remain highly vulnerable to breaches, putting users’ funds at risk.

The industry must prioritize the adoption of advanced security measures and foster greater collaboration among stakeholders to effectively address these threats.

Zero-day attacks are unpredictable and do not rely on known past practices. Without real-time monitoring and detection mechanisms, and preventive tools, crypto platforms cannot face such attacks and prevent them in real time, Cyvers experts noted.

However, as the crypto sector continues to grow, so will the ingenuity of attackers seeking to exploit its vulnerabilities. This year’s incidents have made it clear that reactive measures are no longer enough.

The article Over $2.3 billion stolen in crypto scams and attacks in 2024 appeared first on BeInCrypto Brasil.