Crypto Thieves Score Big on Centralized Services and Private Keys in 2024
The year 2024 has seen a significant increase in crypto scams, hacks, and exploits, with losses totaling approximately $2.2 billion in 303 incidents, according to cybersecurity firms. This represents a 21% year-over-year increase in losses, with threat actors paying particular attention to centralized services and private keys.
The Rise of Centralized Finance (CeFi) Targets
The CeFi sector has been hit particularly hard, experiencing a nearly 1,000% year-over-year increase in incidents. Institutional investors and traditional financial firms have started to rethink their stance on crypto this year, but many still see it as a risky play.
Notable Hacks and Exploits
Some of the largest exploits of the year targeting centralized exchanges include:
- WazirX: Indian exchange WazirX was hacked in July, resulting in losses of $235 million.
- DMM: Japanese exchange DMM lost $305 million in Bitcoin (BTC) due to a private key hack in May.
- PlayDapp: South Korean NFT and game development platform PlayDapp suffered a private key leak that resulted in losses of around $290 million.
- Hedgey Finance: Decentralized finance (DeFi) network Hedgey Finance was exploited for $44 million in April.
- BtcTurk: Turkish exchange BtcTurk’s hot wallet attack resulted in losses of up to $55 million in June.
- BingX: Singaporean exchange BingX was hacked for $52 million in September.
Private Key Compromises: A Major Concern
Chainalysis found that private key compromises accounted for the largest share of stolen crypto in 2024, at 43.8%. The firm noted that the $305 million DMM Bitcoin hack may have occurred due to private key mismanagement or lack of adequate security.
The Rise of AI-Driven Crypto Scams
Besides these headline-making catastrophes, there have been hundreds of smaller hacks and scams this year, from pig butchering and fake airdrops to SIM swap attacks. Blockchain bridge vulnerabilities continued to be a significant attack vector this year, while sophisticated social engineering and phishing attacks, often generated by AI, targeted individuals and crypto wallets.
Cybersecurity Measures: A Growing Challenge
"While cybersecurity measures are getting more sophisticated, so are attack vectors," said Jean Rausis, cybersecurity expert and co-founder of DeFi ecosystem SmarDex. "The increasing use of AI by cybercriminals is particularly concerning because it means they can keep coming up with fresh types of phishing schemes and automated attacks."
Lessons Learned from 2024
There are a number of takeaways from this year’s grim cybersecurity record:
- Multifactor authentication: Protecting crypto assets requires multifactor authentication for both individuals and companies, and users must be extremely cautious of unsolicited communications and potential phishing attempts.
- Cold storage and self-custody: Using certain hardware wallets such as Ledger may also open up the floodgates to phishing attacks, which have continued unabated following its database breach in 2020.
- Quantum computing and AI attack vectors: Emerging threats like AI-driven attacks and quantum vulnerabilities highlight the need for proactive measures and stronger regulatory oversight to protect digital assets.
The Future of Crypto Security
Attack vectors will continue to evolve in 2025, including:
- AI-powered threats: Sophisticated phishing, deepfake scams, and malware capable of evading detection.
- Supply chain attacks: Exploiting vulnerabilities in supply chains to compromise digital assets.
- Internet of Things (IoT) vulnerabilities: Targeting IoT devices to gain access to sensitive information.
- Cloud and API exploitation: Leveraging cloud services and APIs to launch attacks on digital assets.
- Quantum computing threats: The long-term risk to current encryption standards requires a proactive shift toward quantum-safe protocols.
The increasing sophistication of cyberattacks highlights the need for proactive measures, stronger regulatory oversight, and more effective cybersecurity strategies to protect digital assets.
