Security agency SlowMist recently released the '2024 Blockchain Security and Anti-Money Laundering Annual Report', which pointed out that:
According to the SlowMist blockchain hacking incident archive, there were 410 security incidents in 2024, resulting in losses of up to $2.013 billion. Compared to 2023 (464 incidents, losses approximately $2.486 billion), the losses decreased by 19.02%.
DeFi remains the most frequently attacked sector. In 2024, there were a total of 339 DeFi security incidents, accounting for 82.68% of all security incidents, resulting in losses of up to $1.029 billion. Compared to 2023 (282 incidents, losses approximately $773 million), the losses increased by 33.12%.
From an ecological perspective, Ethereum suffered the highest loss, reaching $465 million. The second highest was BSC, at $87.35 million.
From the perspective of incident causes, security incidents caused by contract vulnerabilities were the most common, reaching 99 cases, resulting in losses of approximately $214 million. The second most common cause was account hacking.
The top 10 security attack incidents and the amounts involved in 2024 include: DMM Bitcoin ($305 million), PlayDapp ($290 million), WazirX ($230 million), BtcTurk ($90 million), Munchables ($62.5 million), Radiant Capital ($50 million), BingX ($45 million), Hedgey Finance ($44.7 million), Penpie ($27.35 million), FixedFloat ($26.1 million).
In 2024, there were 58 Rug Pull incidents, resulting in losses of about $106 million. Among them, the ZKSync ecosystem had the highest loss, reaching $36.95 million, while the BSC ecosystem experienced the most Rug Pull incidents, totaling 28 cases.
In 2024, wallet phishing attacks caused losses of about $494 million, an increase of 67% year-on-year. Although the number of victims increased by only 3.7% (reaching 332,000 addresses), the losses per attack significantly increased, with the largest single theft amounting to $55.48 million.
In addition, according to statistics, the attack activities throughout the year were divided into three phases: the first quarter had the heaviest losses, reaching $187 million, with 175,000 victims. March had the highest losses, at $75 million. The second and third quarters had combined losses of $257 million, with the number of victims dropping to 90,000. The fourth quarter saw losses decrease to $51 million, with victims reduced to 30,000, indicating an improvement in security. Throughout the year, there were 30 cases exceeding $1 million, with total losses of $171 million, averaging $5.7 million per victim, and the largest single theft amounting to $55.48 million.
The report also provides a detailed introduction to specific fraud techniques, anti-money laundering, and regulatory trends; according to statistics, out of 410 security incidents, there were 24 cases where all or part of the lost funds were recovered after the attack. Based on disclosed data, a total of about $166 million was returned, accounting for 8.25% of the total security losses (approximately $2.013 billion).