In Q2 2024, Web3 security changed significantly. Centralized exchanges (CeFi) became the main target for attackers. Meanwhile, decentralized finance (DeFi) protocols improved their defenses. Cyvers, a blockchain security firm, highlighted these shifts in its latest report.Â
Increased Crypto Losses in 2024Â
The Cyvers Web3 Security Report shows a rise in cyberattacks, leading to higher crypto losses. In Q2 alone, $629.68 million was lost in 49 incidents. The total for the first half of 2024 reached $1.38 billion, double the amount seen in the same period of 2023. The rise shows the changing and growing risks in Web3.Â
Here’s a breakdown of the losses:Â
- Smart contract exploits: $67.38 million from 20 incidentsÂ
- Access control breaches: $491.31 million from 26 incidentsÂ
- Address poisoning: $71.48 million from 361 incidentsÂ
These figures show how hackers are adjusting their methods.Â
Impacts of Crypto Hacks in Q2Â
The consequences of these hacks go beyond the money lost. Centralized exchange hacks led to more regulatory scrutiny. This could mean higher operational costs and stricter compliance rules. Many affected companies face legal battles, hurting their reputations and increasing legal expenses.Â
Moreover, the constant attacks are driving up insurance costs. Security lapses also damage user trust, which could slow the adoption of Web3 technologies.Â
Geographical Trends in AttacksÂ
The Cyvers report also identified geographic differences in Web3 security incidents. Eastern Europe saw more hacking activity, and centralized exchanges in the Asia-Pacific region were heavily targeted due to weak regulations. In contrast, North American DeFi protocols became stronger, thanks to better security and compliance.Â
DeFi vs. CeFi: A Shift in FocusÂ
A big change occurred in how attackers targeted crypto platforms. There was a 35% rise in access control breaches, mostly hitting centralized exchanges. This shift marked a decrease in smart contract exploits, which dropped by 83% compared to H1 2023.Â
CeFi saw a 900% increase in losses compared to Q2 2023. The concentration of assets and weaker security in some exchanges made them attractive targets.Â
CeFi Incident Example: DMM Bitcoin HackÂ
One of the largest hacks occurred in May 2024. Japan-based DMM Bitcoin lost $305 million, making it the third-largest crypto hack ever. Attackers transferred over 4500 BTC to multiple addresses, complicating recovery efforts.Â
The company confirmed it was a security breach but assured users that their deposits were safe. The hack likely involved compromised wallet keys or malicious transactions.Â
Trends in Q2 2024 AttacksÂ
Key attack methods in Q2 included:Â
- Address poisoningÂ
- Flash loan attacksÂ
- Oracle manipulationÂ
- Cross-chain attacksÂ
Attackers used advanced money laundering techniques, moving funds across multiple blockchains. Privacy coins and decentralized mixers were increasingly used to hide stolen funds.Â
Future PredictionsÂ
Cyvers predicts a rise in attacks on Layer 2 solutions and gaming platforms. The growing complexity of Web3 makes cross-chain security more important. AI-driven threat detection and better collaboration across the industry will be key to defending against future attacks.Â
Disclaimer
FAQ
DeFI stands for decentralized finance, offering open and accessible financial systems built on blockchain technology.
Yield farming involves earning interest by lending or staking cryptocurrencies.
Layer 1 blockchains are the primary networks (e.g., Ethereum), while layer 2 blockchains scale and improve performance on top of them.