According to the annual 'Web3 Security Report' by blockchain security company Hacken, losses in the DeFi sector due to security incidents decreased by 40% from 2023 to 2024, thanks to protocol improvements, enhanced bridging, and more advanced cryptographic measures.
At the same time, due to CEX becoming a primary target for access control vulnerabilities and other significant security risks, CeFi security incidents more than doubled, with losses rising to $694 million. The surge in attack incidents is mainly attributed to access control vulnerabilities and notable events such as the DMM exchange hack in the second quarter and the WazirX hack in the third quarter. These incidents involved private key leaks and multi-signature exploitations, leading to $305 million and $230 million being stolen from the two exchanges, respectively.
The report shows that financial losses in DeFi significantly decreased in 2024, falling from $787 million in 2023 to $474 million this year. Losses from security incidents related to bridging have sharply declined from $338 million in 2023 to $114 million in 2024.
Despite improvements in DeFi, such as multi-party computation and zero-knowledge proofs, challenges remain. In fact, access control vulnerabilities account for nearly half of all DeFi losses, such as the $55 million hack of Radiant Capital.