Cyberspace security firm Cyvers has released its mid-year Web3 security report, revealing that the total amount of stolen cryptocurrency funds this year is nearing $1.4 billion, with centralized exchanges emerging as the primary target for exploits.
In the second quarter of 2024, the total losses from crypto theft surpassed $600 million, marking a 100% increase compared to the same period last year. The report attributes the surge in stolen funds to a 900% rise in losses on centralized exchanges.
The report highlights a significant shift in attack vectors, with centralized exchanges bearing the brunt of major incidents, while decentralized finance protocols demonstrate improved resilience. This trend may be due to the concentration of assets in centralized platforms and potentially inadequate security measures in some exchanges.
According to Cyvers, the majority of stolen funds, amounting to around $490 million in Q2 alone, resulted from access control breaches, often in the form of phishing attacks. In contrast, losses from smart contract exploits were relatively low, with less than $70 million drained during the same period.
Decentralized finance protocols have taken swift action to freeze compromised smart contracts, protecting users. However, Cyvers warns that the risk of exploits remains prevalent as hackers discover new vulnerabilities in complex contracts. The report also highlights cross-chain bridges as a significant attack vector, citing the $1.44 million exploit of XBridge in April.
The high-profile breach of Japanese cryptocurrency exchange DMM in May heavily impacted Cyvers’ Q2 data. The hack, reportedly caused by a compromised private key, resulted in the loss of over $300 million. Another notable incident was the $50 million hack of Turkish cryptocurrency exchange BtcTurk in June.
Although explicit victims have had greater success in recovering lost funds, with a 42% increase in total funds recovered in Q2 compared to the same period last year, the majority of lost funds, approximately 76%, have not been retrieved.
Cyvers advises Web3 users to remain vigilant against emerging threats posed by artificial intelligence and quantum computing, which could provide hackers with sophisticated new tools to bypass on-chain security measures.
Magazine: Crypto-Sec: Hedera users targeted by phishing scam, address poisoner gains $70K.