Crypto Industry Lost $2.3B to Cyber Threats in 2024: Cyvers Report

As 2024 gradually wraps up, the web3 security firm Cyvers has released a Security, Fraud, and Compliance Report for the year, detailing how much impact cybercriminals and their operations had on the crypto industry.

According to an executive summary shared with CryptoPotato, in 2024, the crypto industry lost over $2.361 billion to cyber threats across 165 incidents. This figure represents a 40% increase from 2023, when losses totaled $1.69 billion.

Access Control Incidents Lead to More Losses

Cyvers noted that access control incidents accounted for 81% of losses in 2024 despite comprising 41.6% of incidents. This type of attack led to the theft of $1.9 billion across 67 incidents, while code vulnerabilities enabled the loss of roughly $456.3 million across 98 incidents.

Meanwhile, address poisoning scams were fewer, and one incident accounted for the loss of $68.7 million.

Although the fraud trends in 2024 marked a 40% increase in losses year-over-year, they are still 37% below the 2022 record of $3.78 billion. This year, Ethereum emerged as the network most affected by the attacks, with more than $1.2 billion in losses.

Analyzing quarterly highlights, Cyvers found that smart contract vulnerabilities dominated most incidents in Q1 2024. The third quarter saw the highest losses, amounting to $790 million, while Q4 recorded the lowest activity and losses, with a 56% decline when compared to the same quarter in 2023. Notably, Q3 was dominant in both 2023 and 2024.

The Most Notable Theft Incidents

The $305 million hack against the Japanese cryptocurrency exchange DMM Bitcoin was one of the largest incidents in 2024, followed by the $235 million hack against the Indian crypto exchange WazirX.

The decentralized finance (DeFi) project Radiant Capital lost $50 million to cybercriminals after its devices were compromised. The Singaporean crypto exchange BingX was also exploited for $52 million in digital assets.

Interestingly, 2024 saw a remarkable recovery rate, with more than $1.3 billion returned to affected projects, which was partially attributed to bug bounty programs.

Next year, the industry could see a rise in new cyber threat trends like quantum and artificial intelligence attacks as these technologies continue to advance. There could also be more centralized finance (CeFi) targeting cases as CeFi entities remain vulnerable to heightened risks.

Additionally, pig butchering scams also pose a growing threat as they accounted for $3.6 billion in victim funds across over 150,000 addresses and 800,000 transactions in 2024.