ImmuneFi wraps up the attacks for 2024, measuring a 17% decline in losses from large-scale exploits. Based on its methodology, ImmuneFi gives a conservative estimate of $1.49B in crypto losses for the year to date.
ImmuneFi measures a total of $1.49B in crypto losses from major attacks and exploits. The metric coincides with the Cyvers estimate of around $1.4B, of which North Korean hackers may have taken in up to $1.34B. December was the slowest month in terms of exploits, with $3.9M to date.
Orbit Bridge with more than $81.8M in losses was the biggest single attack this year. While smaller than previous bridge exploits, it shows that bridges are still potentially unsafe and are often the target of attacks.
The numbers may be encouraging, as hacks slowed down in the second half of the year. However, attacks are becoming more sophisticated, even for relatively small sums. ImmuneFi believes the threat remains, both from North Korean hackers and other exploiters.
For the past year, the losses from DMM Bitcoin and WazirX were among the largest, reaching 540M or up to 38% of all losses. Most of the big exploits happened in Q2, during the first rally of the bull market.
During that quarter, $572M was lost across 72 incidents. The last three months of 2024, despite the bull market, only led to $150M in nominal losses. Centralized exchanges faced 11 major incidents, making up more than 48% of all hacks this year. The trend is shifting back to CEX, aiming to exploit any remaining weaknesses.
Centralized exchanges suffered more than 726M in attacks for 2024, compared to only 408.9M in 2023. The interest in centralized markets coincides with a new inflow of users and higher liquidity during the 2024 bull market.
With the rise of Web3, hacks and exploits switched to DeFi and DEX, making up 51.4% of losses. The year is heading to its close with a total of 232 incidents against entities and protocols, not counting individual wallet exploits. In 2023, a total of 320 incidents wrapped up the whole year, despite the bear market.
Hackers targeted top chains with potential vulnerabilities
Ethereum remained the biggest arena for hacks and exploits, due to the numerous projects and smart contracts. The easy availability of swapping, mixers, or DeFi protocols to hide the origins of funds was also a key point for hackers to pick the chain.
Some of the exploits also affected BNB Chain, which carried 39% of the attacks. BNB Chain projects are relatively older and more liquid, hence the attempt to drain liquidity or perform other exploits. Arbitrum was the third-largest chain, with the remaining 6.8% of the exploits.
As projects increased their security and found more sophisticated methods, the nature of attacks changed. Projects were exploited through the loss or exposure of private keys, some acquired through malicious links or social engineering. Radiant Capital lost $50M, becoming the biggest exploit in Q4, which hinged on stolen private keys.
Some of the projects targeted the protocol’s reserves, while others were user-facing, with faked sites or features capable of draining wallets.
Hacks still exceed fraud losses
Hacks are still the more harmful attack, despite the ubiquitous frauds and scams in Web3 space. According to ImmuneFi, 98.1% of attacks were some form of hack, while scams only accounted for a smaller share of losses.
Despite this, scams and frauds managed to take away more than $28M based on distinct incidents. This does not include sandwich attacks, MEV bot exploits, flash loan exploits, or token rug pulls. Despite the growth of DeFi in 2024, frauds are down by 99.8% for Q4, compared to the same quarter of 2023. With more sophisticated users and smart wallets, fraud is slowing down.
For Q4, hacks were 68% down compared to Q4, 2023. The year saw hacks winding down, with most of the losses caused by a few incidents. Most trackers also take into account the immediate loss of funds, though, for projects, a hack often leads to loss of market value and reputational damage.
From Zero to Web3 Pro: Your 90-Day Career Launch Plan