The
cryptocurrency industry faced a barrage of security breaches in the second
quarter of 2024, with total losses reaching $629.7 million across 49 incidents,
according to a new report from blockchain security firm Cyvers. Despite the
staggering figure, only 24% of stolen funds were recovered, highlighting the
persistent challenges in safeguarding digital assets.
Since the
beginning of the year, cryptocurrency criminals have seized over $1.38 billion, most of which resulted from “access control breaches.”
The report
reveals a significant shift in attack vectors, with centralized exchanges (CEX)
emerging as the primary targets. Two major incidents accounted for over 57% of
total losses.
“The
dramatic 900% increase in CeFi losses compared to Q2 2023 signals a significant
shift in attacker focus,” Cyvers commented in the newest report.
“This trend may be attributed to the concentration of assets in
centralized platforms and potentially lax security measures in some
exchanges.”
While the
total amount recovered rose by 42% compared to the same period last year, from
$138.9 million to $197 million, it represents less than a quarter of the total
losses.
This
means that barely one in four victims of cryptocurrency hacker attacks is able
to recover their funds. Considering that in the first half of 2024, scammers
seized nearly $1.4 billion, this indicates that over $1 billion remained in the
pockets of the fraudsters, who have remained unpunished.
A small consolation might be the fact that the total values seem to be lower than last year. According to the FBI’s March report, in 2023, crypto fraudsters seized just under $4 billion.
Access Control Breaches
Drive 35% Surge in Crypto Exploits
The report
also highlights a notable change in hacker tactics, with a 35% increase in
access control exploits. They refer to security incidents where attackers gain
unauthorized access to systems, wallets, or accounts by exploiting weaknesses
in authentication and authorization mechanisms.
These
breaches accounted for $491,311,000 in losses across 26 incidents, representing
a substantial portion of the total $629,689,000 lost in Q2 2024. The DMM
Exchange hack, which resulted in a $305 million loss, was reportedly due to a
compromised private key, exemplifying this trend.
“As
the ecosystem becomes more interconnected, security audits need to be
considered for improved cross-chain interactions,” the Cyvers report
added.
Data from a report published by Cyvers align with statistics that blockchain security firm CertiK released last week. According to the report’s findings, nearly $1.2 billion disappeared from the cryptocurrency market in the first six months. The only difference is that the report ranks phishing attacks first, not access control exploits.
The surge
in attacks has far-reaching economic implications beyond the direct losses.
Market volatility triggered by major incidents has wiped billions in market
capitalization across the crypto ecosystem. Additionally, the frequency and
scale of attacks have led to sharp increases in crypto insurance premiums,
adding to the operational costs of Web3 projects.
“The Web3
ecosystem in Q2 2024 has faced substantial challenges from sophisticated
cyberattacks. Projects and organizations must implement robust security
measures, conduct continuous monitoring, and engage in proactive community
efforts,” the report concluded.
The
cryptocurrency industry faced a barrage of security breaches in the second
quarter of 2024, with total losses reaching $629.7 million across 49 incidents,
according to a new report from blockchain security firm Cyvers. Despite the
staggering figure, only 24% of stolen funds were recovered, highlighting the
persistent challenges in safeguarding digital assets.
Since the
beginning of the year, cryptocurrency criminals have seized over $1.38 billion, most of which resulted from “access control breaches.”
The report
reveals a significant shift in attack vectors, with centralized exchanges (CEX)
emerging as the primary targets. Two major incidents accounted for over 57% of
total losses.
“The
dramatic 900% increase in CeFi losses compared to Q2 2023 signals a significant
shift in attacker focus,” Cyvers commented in the newest report.
“This trend may be attributed to the concentration of assets in
centralized platforms and potentially lax security measures in some
exchanges.”
While the
total amount recovered rose by 42% compared to the same period last year, from
$138.9 million to $197 million, it represents less than a quarter of the total
losses.
This
means that barely one in four victims of cryptocurrency hacker attacks is able
to recover their funds. Considering that in the first half of 2024, scammers
seized nearly $1.4 billion, this indicates that over $1 billion remained in the
pockets of the fraudsters, who have remained unpunished.
A small consolation might be the fact that the total values seem to be lower than last year. According to the FBI’s March report, in 2023, crypto fraudsters seized just under $4 billion.
Access Control Breaches
Drive 35% Surge in Crypto Exploits
The report
also highlights a notable change in hacker tactics, with a 35% increase in
access control exploits. They refer to security incidents where attackers gain
unauthorized access to systems, wallets, or accounts by exploiting weaknesses
in authentication and authorization mechanisms.
These
breaches accounted for $491,311,000 in losses across 26 incidents, representing
a substantial portion of the total $629,689,000 lost in Q2 2024. The DMM
Exchange hack, which resulted in a $305 million loss, was reportedly due to a
compromised private key, exemplifying this trend.
“As
the ecosystem becomes more interconnected, security audits need to be
considered for improved cross-chain interactions,” the Cyvers report
added.
Data from a report published by Cyvers align with statistics that blockchain security firm CertiK released last week. According to the report’s findings, nearly $1.2 billion disappeared from the cryptocurrency market in the first six months. The only difference is that the report ranks phishing attacks first, not access control exploits.
The surge
in attacks has far-reaching economic implications beyond the direct losses.
Market volatility triggered by major incidents has wiped billions in market
capitalization across the crypto ecosystem. Additionally, the frequency and
scale of attacks have led to sharp increases in crypto insurance premiums,
adding to the operational costs of Web3 projects.
“The Web3
ecosystem in Q2 2024 has faced substantial challenges from sophisticated
cyberattacks. Projects and organizations must implement robust security
measures, conduct continuous monitoring, and engage in proactive community
efforts,” the report concluded.
Credit: Source link
