Decentralized finance (DeFi) protocols have significantly improved their security in 2024, reducing their losses by 40% compared to last year.
However, centralized finance (CeFi) platforms have faced a troubling surge in breaches, with losses climbing to $694 million, doubling from 2023, according to the Hacken Web 3 Report 2024.
DeFi losses decline by 40% in 2024
DeFi platforms have seen a marked improvement in their ability to withstand hacking attempts. Losses in the sector decreased to $474 million in 2024, down from $787 million in 2023. This reduction accounts for a 40% year-on-year drop. DeFi hacks comprised 20.4% of the total cryptocurrency-related losses this year. Despite this progress, some platforms still suffered significant attacks. Radiant Capital was one of the hardest-hit DeFi protocols, losing over $55 million after a hacker exploited malware to manipulate transaction approvals and bypass hardware wallet protections.
CeFi faces $694 million in losses
While DeFi made strides in reducing losses, CeFi platforms experienced a sharp increase in security breaches. Losses in the CeFi sector surged to $694 million in 2024, up from $339 million the previous year. The largest CeFi breach occurred in May 2024, when DMM Bitcoin lost approximately $305 million after 4502.9 BTC was transferred to an unknown wallet. The funds were later redistributed to various addresses. Another significant CeFi breach was the WazirX hack, which accounted for 42.8% of Q3 losses, with $240 million stolen. Attackers breached the system, compromised wallet signatures, and upgraded the wallet to a malicious contract to siphon funds.
Access control exploits dominate Crypto breaches
Access control vulnerabilities emerged as the leading cause of losses across the DeFi and CeFi sectors in 2024. Hackers exploited these vulnerabilities to drain over $1.7 billion, accounting for 75% of all cryptocurrency-related losses. The year also saw phishing scams result in over $600 million in damages, with many cases involving celebrity-endorsed rug pulls and fraudulent presale schemes.
Hacken’s report attributed the persistence of breaches across the crypto and metaverse industries to weaknesses in private key management, poor security protocols, and reliance on single-signature systems. These issues highlight the ongoing challenges in securing digital assets, even as some sectors significantly reduce vulnerabilities.