Crypto hacks down, but hackers getting more sophisticated


Losses from crypto hacks and fraud dropped in 2024, but hackers are evolving.

ADVERTISEMENT

The crypto industry lost around $1.5 billion in 2024, 17% less than in 2023, according to the bug bounty platform Immunefi.

In total, 232 successful and semi-successful hacking attempts and fraud cases were registered, which is 28% fewer than in 2023. The vast majority of the losses were due to hacks, with almost $1.47 billion lost, while around $28 million was lost to fraud.

What hasn't changed in 2024 is that decentralized finance protocols remained the main target, with over 51% of successful exploits registered on these platforms.

However, two hacks of centralized platforms, such as WazirX and DMM Bitcoin, accounted for around 36% of all losses last year. Moreover, centralized finance (CeFi) platforms registered losses of this size for the first time since 2021, potentially indicating that CeFi is regaining hackers' attention.

North Korean hackers once again played a significant role in the crypto crime scene last year. According to Immunefi, North Koreans were allegedly responsible for the WazirX and Radiant Capital hacks, which netted them $285 million. However, other security researchers also attribute the DMM Bitcoin hack to North Koreans.

Marcus Walsh profile Ernestas Naprys Gintaras Radauskas Paulina Okunyte
Don’t miss our latest stories on Google News

Per Immunefi, in the WazirX attack, hackers compromised the platform's wallet, while Radiant was reportedly exploited by sending a malware-laced PDF to company engineers. This allowed the attackers to compromise multiple developer devices.

"Both attacks highlight how North Korean hackers continue to often target project infrastructure and leverage sophisticated social engineering operations to compromise systems," the crypto security analysts emphasized.

ADVERTISEMENT

Losses last year peaked in the second quarter and kept dropping throughout the entire year. Also, according to Immunefi, almost $116 million was recovered in 14 instances, which is nearly 8% of all losses last year.

Meanwhile, around 44% of the incidents were registered on the leading smart contract blockchain Ethereum (ETH), while the largest crypto exchange, the Binance-launched BNB Chain, was the second most targeted.

In either case, Immunefi stressed that hackers are evolving as they infiltrate crypto projects, compromise hot wallets, and exploit vulnerabilities. Moreover, this sector is becoming even more attractive to criminals as more capital enters the space.

"Hackers will continue to target project infrastructure heavily, as the leakage of a key can lead to the theft of all funds controlled by it," the analysts warned, adding that hackers will attempt to "bypass the more mature and fortified DeFi projects, focusing more extensively on infrastructure and CeFi."