In Cyvers’ latest mid-year Web3 security report, it has been revealed that the total amount of stolen cryptocurrency funds this year is rapidly approaching $1.4 billion. The report highlights that centralized exchanges have become the new focal point for cyber exploits.
During the second quarter of 2024, the total losses from cryptocurrency reached over $600 million, which is a 100% increase compared to the same period last year. The surge in stolen funds was primarily driven by a staggering 900% increase in losses on centralized exchanges, as stated in the report.
The report emphasizes a significant shift in attack methods, with centralized exchanges bearing the brunt of major incidents. On the other hand, decentralized finance protocols have shown improved resilience. This trend can be attributed to the concentration of assets in centralized platforms and the potential lax security measures in some exchanges.
According to Cyvers, the majority of stolen funds were a result of access control breaches, particularly through phishing attacks. In the second quarter alone, approximately $490 million was lost. In contrast, losses from smart contract exploits amounted to less than $70 million during the same period.
Cyvers highlights the quick response of decentralized finance protocols in freezing compromised smart contracts to protect users. However, the report warns that the risk of exploits remains prevalent as hackers discover new vulnerabilities in complex contracts. Additionally, cross-chain bridges are becoming a significant target for attacks, as evidenced by the $1.44 million exploit of XBridge in April.
One notable breach that heavily impacted Cyvers’ Q2 data was the high-profile hack of Japanese cryptocurrency exchange DMM in May. It is reported that the hack, caused by a compromised private key, resulted in the loss of over $300 million. Another significant incident involved the Turkish cryptocurrency exchange BtcTurk, which lost approximately $50 million to hackers in June.
The report acknowledges that some victims are experiencing greater success in recovering lost funds, with a 42% increase in total funds recovered during Q2 compared to the previous year. However, the majority of lost funds, approximately 76%, have not been retrieved.
Cyvers advises Web3 users to remain vigilant against emerging threats posed by artificial intelligence and quantum computing. These technologies could provide hackers with sophisticated tools to bypass onchain security measures.
In related news, a phishing scammer has targeted Hedera users, and an address poisoner managed to gain $70,000, according to Crypto-Sec magazine.