According to cybersecurity firm Cyvers’ annual Web3 Security Report, the total amount of cryptocurrency funds stolen by 2024 is expected to approach $1.4 billion, with centralized exchanges emerging as a new hotbed of exploitation.
Total cryptocurrency losses in Q2 2024 will exceed $600 million, a 100% increase over the same period in 2023. The surge in stolen funds is primarily due to a 900% increase in losses at centralized exchanges, according to the report.
“This quarter saw a significant shift in attack vectors, with centralized exchanges (CEXs) suffering the majority of major incidents, but decentralized finance (DeFi) protocols showing improved resilience,” the report said, adding that “this trend may be due to the concentration of assets on centralized platforms and lax security measures on some exchanges.”
According to Cyvers, access control breaches, often in the form of phishing attacks, accounted for the overwhelming majority of stolen funds, amounting to about $490 million in Q2 alone. This figure far outpaces losses from smart contract exploits, which accounted for less than $70 million during the same period.
While decentralized finance (DeFi) protocols have taken swift action to protect users by freezing compromised smart contracts, Cyvers warns that exploits remain prevalent as hackers discover new vulnerabilities in complex contracts. The report also notes that cross-chain bridges are becoming a significant attack vector, citing the $1.44 million XBridge exploit that occurred in April.
Related: CertiK Urges Security Enhancements as Crypto Losses to Reach $1.19 Billion in H1 2024
A major breach at Japanese cryptocurrency exchange DMM in May had a big impact on Cyvers’ Q2 data. The hack, which reportedly involved compromising private keys, resulted in over $300 million being lost. Another significant outlier was Turkish cryptocurrency exchange BtcTurk, which lost around $50 million to hackers in June.
The report noted that apparent victims were having greater success in recovering their lost funds than before, with the total amount recovered increasing by 42% in Q2 compared to the same period in 2023. Still, the vast majority of lost funds (around 76%) were never recovered.
Cybers said Web3 users should be cautious about emerging threats posed by artificial intelligence and quantum computing, which could give hackers sophisticated new tools to bypass on-chain security measures.
magazine: Crypto-Sec: Phishing Scammers Target Hedera Users, Address Pollution Criminals Pay $70K