Knowledge hub

$2.2 Billion Stolen in DeFi hacks in 2024

Cryptocurrency hacking remains a significant issue, with several years in the past decade seeing over a billion dollars in crypto stolen. 2024 marks the fifth year to hit this unfortunate milestone, demonstrating that as crypto adoption and prices increase, so does the amount of money at risk.

In 2024, the total value of stolen funds rose by roughly 21% to $2.2 billion, with the number of individual hacking incidents increasing from 282 in 2023 to 303 in 2024. Interestingly, the rate of crypto hacking changed significantly mid-year. By the end of July 2024, $1.58 billion had already been stolen, which was about 84.4% higher than the same period in 2023. The ecosystem seemed to be on track to rival the $3 billion+ years of 2021 and 2022. However, this upward trend slowed down considerably after July

DeFi vs. Centralized Platforms

Throughout 2021 to 2023, decentralized finance (DeFi) platforms were usually the main targets for crypto hacks. This could be because DeFi developers often prioritize rapid growth over security, making their platforms more vulnerable. Although DeFi still accounted for the largest share of stolen assets in the first quarter of 2024, centralized services became the most targeted in the second and third quarters. Some major centralized service hacks included DMM Bitcoin (May 2024; $305 million) and WazirX (July 2024; $234.9 million).

This change in focus highlights how important it is to secure private keys, which were the cause of 43.8% of stolen crypto in 2024. For centralized services, securing private keys is crucial because they control access to users' funds. The $305 million DMM Bitcoin hack, potentially due to private key issues, is one of the largest crypto exploits to date, which shows just how damaging a private key compromise can be

Laundering Stolen Funds

After getting their hands on private keys, hackers often launder the stolen funds through decentralized exchanges (DEXs), mining services, or mixing services. In 2024, hackers who stole private keys often used bridges and mixing services, whereas hackers using other methods preferred DEXs for laundering.

North Korean Hackers

North Korean hackers are notorious for their sophisticated tactics and relentless efforts to steal crypto to fund state operations and avoid international sanctions. U.S. and international officials have said that North Korea uses the stolen crypto to finance weapons programs, which threatens international security. In 2023, North Korea-linked hackers stole about $660.50 million across 20 incidents, but in 2024, this rose to $1.34 billion across 47 incidents. That's a 102.88% increase in value stolen, representing 61% of the total amount stolen for the year.

The DPRK’s crypto attacks also appear to be happening more frequently. Large attacks, those between $50 and $100 million and those over $100 million, happened more often in 2024 than in 2023. This is a big change from the previous two years, when most of their exploits were below $50 million. North Korea has been responsible for most of the large exploits over the past three years. Some of these events appear to be linked to North Korean IT workers who have infiltrated crypto and Web3 companies, using false identities to gain access to their systems.

The Need for Stronger Security

The rise in stolen crypto in 2024 shows the need to address the complex and evolving threat landscape. A collaborative approach between the public and private sectors is essential. Data-sharing, real-time security solutions, advanced tracing tools, and targeted training are needed to quickly identify and stop malicious actors. As crypto regulatory frameworks evolve, platform security and customer protection will be under more scrutiny

Summary

The crypto space continues to be a target for hackers, with billions of dollars stolen in 2024 alone. While the rate of hacking has slowed down in the later half of the year, the need for robust security measures is paramount. As the report highlights, private key compromises and sophisticated attacks, often linked to North Korean actors, pose significant threats to both decentralized and centralized platforms.

This is where DeFi insurance comes into play. As a way to mitigate risks from hacks, protocol breaches, smart contract vulnerabilities, and other threats, DeFi insurance, like that offered by platforms such as Nexus Mutual, InsurAce, and Etherisc, can provide a safety net for crypto users. By using decentralized protocols, smart contracts, and liquidity pools, DeFi insurance offers an alternative to traditional insurance, providing a transparent and automated way to protect digital assets. Though still a developing sector, with some challenges, DeFi insurance is an important step in creating a safer and more trustworthy environment for crypto users.