Money stolen through crypto-currency hacks doubled in the first half of 2024 compared to the same period last year.
This is according to a report by blockchain researcher TRM Labs, which notes that by 24 June 2024, hackers stole $1.38 billion, compared to $657 million this time last year.
Similar to 2023, TRM Labs says, a small number of large attacks made up the lion’s share of the haul – the top five hacks and exploits accounted for 70% of the total amount stolen so far this year.
It notes that private key and seed phrase compromises remain a top attack vector in 2024, alongside smart contract exploits and flash loan attacks.
In May, DMM Bitcoin, a Japanese crypto-currency exchange, suffered the largest attack so far in 2024, says the firm. It resulted in the theft of over 4 500 BTC, valued more than $300 million at the time.
While the exact cause of the attack remains unknown, TRM Labs says potential vectors include stolen private keys or address poisoning – a tactic wherein attackers send tiny amounts of crypto-currency to a victim’s wallet to create fake transaction histories, potentially confusing users into sending funds to the wrong address in future transactions.
“More money was stolen during each of the first six months of 2024 than in the corresponding months in 2023, with the median hack 150% larger. However, thefts from hacks and exploits are a third below the same period in 2022, which remains a record year,” says TRM Labs.
“To date, TRM has observed no fundamental changes in the security of the crypto-currency ecosystem that may explain this upward trend; nor have we found significant differences in attack vectors or in the number of attacks between the first halves of 2023 and 2024. However, the past six months did see significantly higher average token prices compared to this period last year; this is likely to have contributed to the increased theft volumes.”
The firm points out that crypto projects can protect themselves from hacks and exploits by implementing a multi-layered defence strategy, such as regular security audits, robust encryption, multi-signature wallets and secure coding practices.
Additionally, it urges that staying updated on the latest threats, educating employees and fostering a security-aware culture are crucial.
“Equally important is having a comprehensive incident response strategy, including potentially offering bounties for the return of stolen funds. However, it’s important to acknowledge that no single measure is foolproof. Therefore, adopting a defence-in-depth approach – where multiple, redundant security measures are in place – provides the best protection against potential breaches,” it concludes.
Share