Rony Roy
Losses across the centralized finance (CeFi) sector doubled in 2024, while projects on the decentralised finance (DeFi) market demonstrated improved resilience against security breaches.
Data from Web3 security firm Hacken reveal that over $2.3 billion was lost due to hacks across the cryptocurrency sector, with CeFi taking the most losses compared to other categories like DeFi, Gaming/Metaverse, wallet/user, and ‘others.’
Source: Hacken
While losses across DeFi dropped 40% from the previous year, the value almost doubled in CeFi, rising from $339 million in 2023 to $694 million in 2024.
The first half of the year saw the most losses for both sectors, but high-profile breaches across the CeFi market gave the sector a noticeable lead.
Top two CeFi hacks of the year:
- DMM Bitcoin
Japanese cryptocurrency exchange DMM Bitcoin recorded the most losses in 2024 after exploiters drained roughly $304 million from the platform after its private keys were compromised.
- WazirX
The July hack of Indian cryptocurrency exchange WazirX shook the local market after bad actors drained $230 million worth of user assets from the exchange’s hot wallet.
Hackers managed to gain access to 4 of the 6 signatures required to sign a transaction, allowing them to upgrade the wallet to a malicious contract.
DeFi security grew stronger
According to Hacken, the DeFi sector benefited from innovations across the multiparty computation (MPC) protocols, zero-knowledge proofs (ZKPs), and improved bridge security, which significantly reduces vulnerabilities.
For instance, MPC allows multiple parties to jointly manage private keys without exposing them, while ZKPs allow blockchain networks to verify transactions without revealing sensitive data.
Yet attackers still managed to target several DeFi platforms.
Top two DeFi hacks of the year:
- Radiant Capital
Hackers targeted the DeFi protocol in mid-October and used malware to infect the systems of some of the project’s developers. Subsequently, they intercepted and manipulated transactions to drain approximately $55 million worth of assets from one of its lending pools.
- Orbit Bridge
The cross-chain protocol was targeted in early January by compromising several multi-signature wallet signers. This allowed attackers to bypass security checks and authorize malicious transactions, resulting in the theft of roughly $80 million worth of assets.
Private key theft the biggest threat
In 2024, private key theft remained the most significant threat to the crypto industry, with major exploits across both DeFi and CeFi stemming from compromised private keys and weak multi-signature wallet setups.
As the saying goes, “Not your keys, not your crypto.”
In fact, the percentage of attacks stemming from access control exploits surged compared to the previous year.
Roughly 50% of 2023 hacks were due to private key compromises and weak access controls, but the percentage shot up to 75% this year.
Private key leaks have consistently led to significant financial losses.
According to a report from security firm PeckSheild, it led to $7.2 million in losses in November alone.
A similar trend was observed by CertiK, which reported $343.1 million in losses across 65 incidents caused by leaked private keys in Q3 2024.
The post Crypto hack losses doubled across Centralised finance platforms in 2024: report appeared first on Invezz