Crypto Hacks 2024 Hacken Report Overview

According to Hacken, crypto hacks 2024 have caused a lot of damage to platforms, especially CeFi. Total losses from crypto hacks in 2024 remain relatively stable compared to 2023, at over $2.3 billion, excluding scams, but the types of exploits show new and frequent vulnerabilities.
Crypto Hacks 2024 Hacken Report Overview

Key Takeaways:
– In 2024, access control exploits accounted for 78% of crypto losses, totaling nearly $1.7 billion.
– The CeFi sector saw a 2x increase in hack losses, with over $500 million lost, while DeFi losses decreased by 40%.
– Major incidents included PlayDapp, DMM Exchange, WazirX, and Radiant Capital.

Key Trends in Crypto Hacks 2024

Access Control Exploits – The Leading Threat

The new Web3 Security Report by Hacken covers alarming trends in cryptocurrency theft, with access control exploits emerging as the dominant threat for 2024.

According to the report, these breaches caused losses valued at $1.7 billion, 78% of the total for the year in crypto-related theft, which is up significantly from the $1 billion reported in 2023.

Of the total losses through hacks of cryptocurrencies across DeFi, CeFi, and gaming/metaverse platforms, 75% were attributed to access control vulnerabilities, while the exploitation of smart contract vulnerabilities contributed to just 14% of the total losses.

Crypto hacks 2024 total losses
Crypto hacks 2024 total losses. Source: Hacken

A very key observation noted in the report is that of private key theft, which considerably outdid breaches involving smart contracts. Indeed, nearly two-thirds of cryptocurrency theft losses that occurred in 2024 were attributed to the compromise of private keys compared to 50% in the previous year, 2023.

At the same time, Hacken believes this may largely be partly down to insecure management platforms, social engineering attacks, risky data backup, and vulnerability from single-signature wallets.

Read more: Is XRP a Good Investment in 2025?

DeFi vs. CeFi Vulnerabilities

The whole cryptocurrency industry continues to see security vulnerabilities as both the DeFi and CeFi sectors register massive losses together.

DeFi accounted for 20.4% of total losses from crypto hacks, while the share stood larger in CeFi at 30%. Besides, access control weaknesses developed as a major factor in nearly half of all DeFi losses and significantly tainted CeFi platforms.

Losses in DeFi and CeFi in 2024
Losses in DeFi and CeFi in 2024. Source: Hacken

In spite of these, the losses from DeFi decreased significantly, shrinking 40% from 2023. In contrast, CeFi losses more than doubled year-over-year, reaching over $500 million in total. Major CeFi platforms hacked include WazirX and CMM Exchange; access control vulnerabilities played a major role in the breaches.

Among the prominent victims in the DeFi space was Radiant Capital, with a $55 million incident over endless token approvals that affected as many as 10,000 users. Security breaches have also continued to crop up on BNB Chain and Arbitrum.

Decline in Bridge Hacks

Bridge hacks, once a primary concern in the decentralized finance (DeFi) ecosystem, have continued to decline for the second consecutive year.

The total value stolen from bridge attacks has plummeted, falling from $1.89 billion in 2022 to $338 million in 2023 and further to just $114 million in 2024.

Bridges losses over the years
Source: Hacken

A key factor driving this progress is the adoption of advanced cryptographic technologies. Bridge developers are now implementing solutions like Multi-Party Computation (MPC) and Zero-Knowledge (ZK) cryptography, which enhance transaction verification and reduce vulnerabilities.

Note: Losses from bridge exploits in 2024 dropped by an impressive 94% compared to 2022 and 70% from 2023.

Phishing Scams and Rug Pulls

Financial losses from phishing schemes have reached an estimated $600 million. Of the phishing schemes, presale scams and fraudulent activities involving fake celebrity endorsements, also known as “rug pulls,” have increased significantly.

The most recent notable incident was in November, an address poisoning attack that stole $129 million. In this case, the assets were recovered, but this is an exception. Most of these crimes go unreported and unsolved.

Read more: 5 Tips To Gain More Crypto Alpha On X

Major Crypto Hacks of 2024

PlayDapp Hack (Q1)

In February 2024, a blockchain gaming platform, PlayDapp, suffered from one of the most critical security breaches due to a vulnerability in access control.

The exploit enabled the attacker to set himself as a token minter, which is a role that allows tokens to be minted without authorization. The hacker minted 1.8 billion PLA tokens in two separate incidents at approximately $290 million at the time of the attack.

PlayDapp's loss compared to the rest of Q1/2024
PlayDapp’s loss compared to the rest of Q1/2024. Source: Hacken

The breach highly deprecated the value of the PLA token, amassing huge losses for the stakeholders. In response, PlayDapp took immediate damage control. Freezing PLA tokens in exchanges, pausing the compromised smart contract, and announcing migration of the token to restore trust and reduce the impact on users was in order.

DMM Exchange Hack (Q2)

The DMM Bitcoin incident was one of the major Bitcoin-related hacks this year that hit the cryptocurrency community in May 2024. It was the most significant breach of the quarter, with approximately $305 million stolen.

The hacker started with the mass transfer of 4,502.9 BTC into a mysterious wallet. Immediately after the initial transfer, the stolen funds were being rapidly moved around multiple addresses to make tracking by any form of authority even more difficult.

DMM Exchange's loss compared to the rest of Q2/2024
DMM Exchange’s loss compared to the rest of Q2/2024. Source: Hacken

Although the exact motive for hacking remains uncertain, other possible open flaws were observed. Compromised private keys, issues in the signing process, or address poisoning tactics may have led to this breach.

WazirX Hack (Q3)

WazirX experienced a significant security breach despite implementing a robust multiparty security system. The incident, one of the most significant cybersecurity events of the third quarter, involved unauthorized fund transfers from the exchange’s wallets, resulting in a loss of over $230 million.

The exchange had relied on a Gnosis Safe multi-signature (multisig) wallet, which requires at least four out of six signatures to authorize any transaction. Of the six keys needed for approval, five were controlled by WazirX, and the remaining one was held by Liminal, a provider specializing in digital asset custody services.

WazirX's loss compared to the rest of Q3/2024
WazirX’s loss compared to the rest of Q3/2024. Source: Hacken

However, the attacker successfully manipulated the system by obtaining signatures from three WazirX administrators and one from Liminal. This allowed the hacker to modify the wallet and integrate it with a malicious contract, enabling them to drain the funds undetected.

Radiant Capital Exploit (Q4)

Radiant Capital suffered a significant security breach, resulting in a loss of $55 million. The incident occurred when attackers injected malware into the devices of the company’s developers, allowing them to intercept and manipulate legitimate transaction approvals. Despite the use of hardware wallets, the malicious activity went undetected.

The attackers leveraged this vulnerability to take control of Radiant’s critical LendingPoolAddressesProvider contract. They executed a multicall transaction on the Arbitrum network, which not only upgraded the Lending Pool’s implementation to malicious code but also drained substantial assets from Radiant Markets contracts.

Radiant Capital's loss compared to the rest of Q4/2024
Radiant Capital’s loss compared to the rest of Q4/2024. Source: Hacken

FAQs About Crypto Hacks 2024

5/5 - (316 votes)

Other Posts: