The year 2024 has recorded unprecedented losses in the cybersecurity landscape. By the end of Q3, they reached $2.11 billion in total, surpassing all the losses from 2023, Cyvers' report shows.
The year has witnessed a sharp increase in hacking incidents. This highlights a growing threat landscape that necessitates immediate attention, as shown by the significant breach of WazirX and DMM Bitcoin exchange.
Cybersecurity Losses Surge
In the first three quarters of 2024, losses have already exceeded the total for 2023. Key statistics illustrate this trend: from January to September 2023, losses amounted to $1.23 billion, while the total for January to December 2023 was $1.69 billion.
The losses from January to September 2024 represent an approximately 72% increase compared to the same period in the previous year. Additionally, hacking incidents in centralized finance (CeFi) entities have surged by nearly 1,000%. Losses from wallet and custodian breaches have almost doubled. Conversely, losses from decentralized finance (DeFi) platform hacks have decreased by 25%.
CeFi Vulnerabilities: WazirX and DMM
CeFi platforms have experienced a dramatic rise in hacking incidents. The year has seen a 984% year-on-year increase in hacks, driven primarily by several high-profile attacks. In Q2 2024, centralized exchanges reported losses of approximately $401 million due to five significant attacks.
The DMM Bitcoin exchange breach accounted for $305 million of this total, marking it as one of the largest centralized exchange breaches of the year. Other affected platforms included BtcTurk, Lykke, Rain Exchange, and FixedFloat. This increase in vulnerabilities underscores the need for improved access controls and regulatory oversight.
Bitcoin Heist Hits Japanese Exchange DMM Bitcoin https://t.co/RPT9Vxhsnf pic.twitter.com/HCXDznWG2o
— CySecurity News (@EHackerNews) June 6, 2024
In related news, a Singapore court has granted a four-month moratorium to the Indian cryptocurrency exchange WazirX, subject to specific conditions. They include disclosing wallet addresses via a court affidavit, responding to user inquiries, providing financial accounts within six weeks, and conducting future votes on an independent platform.
WazirX, which suffered a loss of $234 million in a July hack affecting 45% of customer funds, initially sought a six-month moratorium. The judge noted that WazirX acted in good faith by requesting the moratorium and suggested that the exchange consider disclosing assets beyond its held tokens.
🚨 BREAKING: #WazirX granted a 4-month conditional moratorium by the Singapore court! 🇸🇬 After a $230 million hack, the exchange is under scrutiny. #cryptocurrency #hack #moratorium pic.twitter.com/RUJhOLJr9J
— FinFarm (@FarmFin) September 30, 2024
DeFi Losses Decline 25%
In contrast, DeFi platforms have shown a 25% reduction in losses compared to Q2 2023, yet they continue to face substantial challenges. During Q2 2024, they experienced losses of $171.3 million across 62 incidents.
The complexity of smart contracts and decentralized protocols leaves these platforms vulnerable. Ethereum and BNB Chain remain the primary targets for DeFi exploits, reflecting their extensive ecosystems.
The report highlights critical vulnerabilities affecting the sector. Access control vulnerabilities from January to September 2023 totaled $742.6 million, while for the same period in 2024, they reached $1.62 billion, indicating a 99% increase.
Conversely, losses from smart contract vulnerabilities decreased from $429.6 million in 2023 to $380.4 million in 2024, a decline of 19%.
Addressing Crypto-Related Crimes
The overall number of incidents also demonstrates concerning trends. From January to September 2024, a total of 131 incidents were reported, including 79 smart contract exploits and 51 access control violations. In comparison, the same period in 2023 recorded 44 incidents, reflecting a 197% surge in 2024. Specifically, smart contract exploits increased by 182%, and access control violations rose by 218%.
To address these issues, the report outlines several recommendations. There is a critical need to enhance cross-chain security protocols, adopt real-time threat detection technologies, and evolve regulatory frameworks to address emerging risks, including AI-driven attacks and quantum computing vulnerabilities.
Furthermore, global regulatory bodies, such as IOSCO, should prioritize real-time monitoring and incident response strategies to effectively combat the evolving nature of crypto-related crimes.
Improving Web3 Security Measures
The first three quarters of 2024 have seen a significant rise in incidents across both centralized and decentralized platforms. CeFi platforms in particular have been vulnerable, experiencing a notable increase in high-profile attacks. While DeFi platforms have shown some resilience, they still face ongoing threats.
Market participants opine that it is essential for the industry to adopt proactive security measures and strengthen regulatory oversight to mitigate future risks and foster a secure Web3 ecosystem.