According to the mid-year Web3 security report from cybersecurity firm Cyvers, the total amount of stolen cryptocurrency funds this year is nearing $1.4 billion, with centralized exchanges becoming the primary targets for cyberattacks.
In the second quarter of 2024, the total losses from cryptocurrency theft exceeded $600 million, showing a 100% increase compared to the same period last year. The surge in stolen funds was mainly driven by a 900% increase in losses on centralized exchanges, as stated in the report.
The report highlighted a significant shift in attack tactics, with centralized exchanges bearing the brunt of major incidents while decentralized finance (DeFi) protocols demonstrated improved resilience. This trend can be attributed to the concentration of assets in centralized platforms and potentially inadequate security measures in some exchanges.
The majority of stolen funds, around $490 million in Q2 alone, were a result of access control breaches, particularly phishing attacks, according to Cyvers. In comparison, losses from smart contract exploits amounted to less than $70 million during the same period.
Decentralized finance (DeFi) protocols took quick action to freeze compromised smart contracts, protecting users. However, the report cautioned that the risk of exploits remains prevalent as hackers discover new vulnerabilities in complex contracts. Additionally, cross-chain bridges are becoming an increasingly significant attack vector, with the report citing the $1.44 million exploit of XBridge in April.
The high-profile breach of Japanese cryptocurrency exchange DMM in May heavily impacted Cyvers’ Q2 data. The hack, which was reportedly caused by a compromised private key, resulted in the theft of over $300 million. Another notable incident was the hack of Turkish cryptocurrency exchange BtcTurk, which resulted in the loss of around $50 million in June.
The report acknowledged that victims of cyberattacks are experiencing greater success in recovering lost funds, with a 42% increase in total funds recovered in Q2 compared to the same period last year. However, the majority of stolen funds, approximately 76%, have not been retrieved.
Cyvers warned Web3 users to remain vigilant against emerging threats posed by artificial intelligence and quantum computing, as these technologies could provide hackers with sophisticated tools to bypass onchain security measures.
In a related article, a phishing scam targeting Hedera users and a case of address poisoning resulting in a $70,000 loss were reported in Crypto-Sec magazine.