Thefts From Crypto Hacks and Exploits Surge in First Half of 2024
The latest numbers from TRM's threat intelligence team show twice as much money has been stolen in crypto hacks and exploits in the first half of 2024 compared to the same period in 2023.
By June 24, 2024, hackers stole USD 1.38 billion, compared to USD 657 million this time last year. Similar to 2023, a small number of large attacks made up the lion’s share of the haul: the top five hacks and exploits accounted for 70% of the total amount stolen so far this year. Private key and seed phrase compromises remain a top attack vector in 2024, alongside smart contract exploits and flash loan attacks.
In May, DMM Bitcoin, a Japanese cryptocurrency exchange, suffered the largest attack so far in 2024. It resulted in the theft of over 4,500 BTC, valued at over USD 300 million at the time. While the exact cause of the attack remains unknown, potential vectors include stolen private keys or address poisoning—a tactic wherein attackers send tiny amounts of cryptocurrency to a victim’s wallet to create fake transaction histories, potentially confusing users into sending funds to the wrong address in future transactions.
More money was stolen during each of the first six months of 2024 than in the corresponding months in 2023, with the median hack 150% larger. However, thefts from hacks and exploits are a third below the same period in 2022, which remains a record year.
To date, TRM has observed no fundamental changes in the security of the cryptocurrency ecosystem that may explain this upward trend; nor have we found significant differences in attack vectors or in the number of attacks between the first halves of 2023 and 2024. However, the past six months did see significantly higher average token prices compared to this period last year; this is likely to have contributed to the increased theft volumes.
Protecting your organization from hacks and exploits
Crypto projects can protect themselves from hacks and exploits by implementing a multi-layered defense strategy, such as regular security audits, robust encryption, multi-signature wallets, and secure coding practices. Additionally, staying updated on the latest threats, educating employees, and fostering a security-aware culture are crucial.
Equally important is having a comprehensive incident response strategy, including potentially offering bounties for the return of stolen funds. However, it’s important to acknowledge that no single measure is foolproof. Therefore, adopting a defense-in-depth approach—where multiple, redundant security measures are in place—provides the best protection against potential breaches.
Access our coverage of TRON, Solana and 23 other blockchains
Fill out the form to speak with our team about investigative professional services.