$2.2 Billion Lost: Crypto Hacks Stolen Funds Surge 21% In 2024 – Report
This year, crypto hacks increased in the total value stolen and the number of attacks compared to last year. According to a recent report, the industry lost over $2 billion in the past 12 months, with over half of the funds allegedly being stolen by North Korean hackers. Related Reading: Morocco’s New Crypto Framework ‘To […]
This year, crypto hacks increased in the total value stolen and the number of attacks compared to last year. According to a recent report, the industry lost over $2 billion in the past 12 months, with over half of the funds allegedly being stolen by North Korean hackers.
Crypto Industry Loses $2.2 Billion To Hacks
As the crypto industry grows, the number of hacks and total value lost have also increased. 2024 marks the fourth consecutive year in which the funds stolen from crypto hacks exceeded the billion-dollar mark and the fifth year overall to surpass this figure.
Chainalysis’ recent report revealed that hacks remained persistent in 2024, increasing 21.07% year-over-year (YoY). The total value stolen surged to $2.2 billion, $400 million more than in 2023 and the third-largest year by this metric.
Moreover, 2024 became the year with the most individual hacks, reaching 303 incidents by December. This figure represents a 7% increase from 2023’s 282 attacks, but Chainalysis highlights a notable shift halfway through the year.
According to the report, the intensity of crypto hacks reduced after July, when the cumulative value stolen since January had already hit $1.58 billion. This figure was approximately 84.4% higher than the value stolen over this same period in 2023.
Based on this, Chainalysis analysts considered that “the ecosystem was easily on track for a year that could rival the $3 billion+ years of 2021 and 2022.” Nonetheless, 2024’s uptrend slowed considerably by the end of July, remaining relatively steady for the rest of the year.
Centralized exchanges (CEXs) were the most targeted platforms in Q2 and Q3, recording some of the largest incidents in the industry’s history. The DMM Bitcoin and WazirX hacks took around $540 million between May and July, with the former being the third-largest crypto heist in history.
Decentralized finance (DeFi) platforms accounted for the largest share of stolen assets in Q1, like most quarters between 2021 and 2023. Meanwhile, Private key compromises were the largest compromise type, accounting for 43.8% of the incidents.
The report also noted private key hackers turned to bridges and mixing services to launder the ill-gotten funds, while hackers from other attack vectors preferred Decentralized Exchanges (DEXs).
North Korean Hacks Take 60% Of Stolen Funds
According to Chainalysis, hackers from the Democratic People’s Republic of Korea (DPRK) stole more from crypto platforms in 2024 than in other years. This year, the total value stolen increased by 102.88% from 2023, going from $660.5 million to $1.34 billion.
The number of incidents surged from 20 to 47 in 2024. These figures represent 20% of the total incidents and 61% of the total value stolen this year. Additionally, crypto attacks linked to North Korean hackers are becoming more frequent and yielding larger profits.
Attacks between $50 million to $100 million, and above this price range, were more frequent this year, “suggesting that the DPRK is getting better and faster at massive exploits,” the report adds.
It’s worth noting that in the previous two years, North Korean exploiters obtained less than $50 million in ill-gotten funds per incident:
When examining the DPRK’s activity in comparison to all other hacks we measured, it is clear that the DPRK has been consistently responsible over the last three years for most large-size exploits. Interestingly, the DPRK’s dominance of the high end of the exploitation ladder continued in 2024, but there is also a growing density of DPRK hacks at lower amounts, most notably around $10,000 in value.
Chainalysis highlights that North Korean IT workers have increasingly infiltrated crypto and Web3 companies, compromising networks, operations, and integrity. However, it notes that most DPKR-related exploits occurred at the beginning of the year, with overall hacking activity stagnating in Q3 and Q4.
Ultimately, the report suggested prioritizing “thorough employment due diligence (…) while maintaining robust private key hygiene to safeguard critical assets, if applicable.”
What's Your Reaction?