The cryptocurrency industry faced a barrage of security breaches in the second quarter of 2024, with total losses reaching $629.7 million across 49 incidents, according to a new report from blockchain security firm Cyvers. Despite the staggering figure, only 24% of stolen funds were recovered, highlighting the persistent challenges in safeguarding digital assets.
Since the beginning of the year, cryptocurrency criminals have seized over $1.38 billion, most of which resulted from "access control breaches."
Crypto Recovery Efforts Fall Short as Losses Mount
The report reveals a significant shift in attack vectors, with centralized exchanges (CEX) emerging as the primary targets. Two major incidents accounted for over 57% of total losses.
"The dramatic 900% increase in CeFi losses compared to Q2 2023 signals a significant shift in attacker focus," Cyvers commented in the newest report. "This trend may be attributed to the concentration of assets in centralized platforms and potentially lax security measures in some exchanges."
While the total amount recovered rose by 42% compared to the same period last year, from $138.9 million to $197 million, it represents less than a quarter of the total losses.
This means that barely one in four victims of cryptocurrency hacker attacks is able to recover their funds. Considering that in the first half of 2024, scammers seized nearly $1.4 billion, this indicates that over $1 billion remained in the pockets of the fraudsters, who have remained unpunished.
A small consolation might be the fact that the total values seem to be lower than last year. According to the FBI's March report, in 2023, crypto fraudsters seized just under $4 billion.
Access Control Breaches Drive 35% Surge in Crypto Exploits
The report also highlights a notable change in hacker tactics, with a 35% increase in access control exploits. They refer to security incidents where attackers gain unauthorized access to systems, wallets, or accounts by exploiting weaknesses in authentication and authorization mechanisms.
These breaches accounted for $491,311,000 in losses across 26 incidents, representing a substantial portion of the total $629,689,000 lost in Q2 2024. The DMM Exchange hack, which resulted in a $305 million loss, was reportedly due to a compromised private key, exemplifying this trend.
"As the ecosystem becomes more interconnected, security audits need to be considered for improved cross-chain interactions," the Cyvers report added.
Data from a report published by Cyvers align with statistics that blockchain security firm CertiK released last week. According to the report's findings, nearly $1.2 billion disappeared from the cryptocurrency market in the first six months. The only difference is that the report ranks phishing attacks first, not access control exploits.
The surge in attacks has far-reaching economic implications beyond the direct losses. Market volatility triggered by major incidents has wiped billions in market capitalization across the crypto ecosystem. Additionally, the frequency and scale of attacks have led to sharp increases in crypto insurance premiums, adding to the operational costs of Web3 projects.
“The Web3 ecosystem in Q2 2024 has faced substantial challenges from sophisticated cyberattacks. Projects and organizations must implement robust security measures, conduct continuous monitoring, and engage in proactive community efforts,” the report concluded.