 "Off-chain attack vectors account for 57% of losses.")
A comprehensive look at the top 100 cryptocurrency hacking incidents shows that exploitation of on-chain vulnerabilities only accounts for a very small portion of all attacks.
According to Mar Gimenez-Aguilar, chief security architect at Halborn Cybersecurity, more than 57.5% of the financial losses from the top 100 decentralized finance (DeFi) hacks were caused by off-chain attack vectors.
A cybersecurity expert told Cointelegraph:
“Compromised private keys accounted for 52.2% of all attacks in 2024 and 55.7% of the total value lost. In general, off-chain attack vectors accounted for 56.5% of attacks last year and 57.5% of the financial losses incurred.”
The incident comes nearly a month after hackers stole more than $230 million from Indian cryptocurrency exchange WazirX, making it the second-largest cryptocurrency hack so far in 2024.
relevant: Kamala Harris Could Continue Biden Administration’s Crypto Crackdown
The biggest vulnerability for cryptocurrency hackers is the lack of investor awareness.
Smart contract vulnerabilities have historically been the largest source of DeFi exploits and continue to cause massive damage. DeFi protocol Nexera was hacked for $1.5 million last week on August 7 due to a smart contract vulnerability.
But according to Halborn’s Guimenez-Aguilar, the lack of investor awareness makes cryptocurrencies more vulnerable to exploits.
Often, there is a focus on hardening smart contract code, which has historically been the most common attack vector, while failing to recognize that protocols do not operate in isolation.”
Therefore, external vulnerabilities such as off-chain components and user behavior must also be considered.
Top 100 DeFi Hacks, Total Loss. Source: Halborn
The top 100 largest DeFi hacks resulted in a cumulative stolen digital asset value of over $7.35 billion, but the number of exploits decreased by 6% in 2023 compared to the previous year.
relevant: Bitcoin is in a ‘perfect’ macro setup, but a drop below $58,000 risks a $500 million liquidation.
Cryptocurrency Hacks in 2024 Could Surpass 2023
Cryptocurrency hackers in 2024 could surpass their 2023 performance in terms of total value stolen.
Mean and standard deviation of losses by year, USD. Source: Halborn
Halborn’s cybersecurity experts explained that crypto hacks could surpass last year’s total for several reasons, the biggest being the increasing total value locked (TVL) in DeFi.
“Considering the number and severity of attacks as of 2024, there have been about 14 incidents among the top 100 hacking incidents, which means about two attacks per month. If this trend continues, the total number of attacks could reach about 24 by the end of the year, slightly exceeding the total number of attacks in 2023.”
Another worrying sign, Guiménez-Aguilar added, is that three of this year’s cryptocurrency hacks have already made it into the top 10 in terms of value lost.
As of February 29 this year, more than $200 million has been lost to hacks, which is more than 15% more than the $173 million worth of digital assets stolen during the same period in 2023.