In 2024, access control vulnerabilities emerged as the primary cause of crypto hack losses, accounting for a staggering 75% of damages across decentralized finance (DeFi), centralized finance (CeFi), and gaming/metaverse sectors, excluding phishing attacks. This marks a significant increase from 50% in 2023, with losses related to unauthorized access and private key theft reaching $1.7 billion, up from less than $1 billion the previous year. In contrast, exploits targeting smart contract vulnerabilities only contributed 14% of total losses.
According to a report by Hacken, access control attacks were widespread in all categories of Web3 in 2024, with CeFi, DeFi, and gaming/metaverse projects being hit the hardest. In CeFi, major incidents at DMM Exchange and WazirX resulted in combined losses exceeding $500 million. The DeFi sector also suffered from compromised smart contract management, as seen in the Radiant Capital hack, which caused $55 million in losses. The gaming/metaverse space faced significant damage too, exemplified by the $290 million PlayDapp exploit. These attacks were primarily due to private key compromise, resulting from weak key management practices, social engineering, and insecure backup methods.
To combat these threats, Hacken recommends implementing advanced multisig management, automated incident response, and adhering to the Cryptocurrency Security Standard (CCSS) to ensure stronger private key security and reduce operational vulnerabilities across Web3.
While DeFi-related losses in 2023 climbed to $787 million, the 2024 figure saw a 40% reduction, largely due to improved security measures across the sector, particularly in decentralized bridges. The improvement of cross-chain operability played a crucial role in mitigating bridge exploits. As bridges have historically been top targets for hackers, the reduction in losses – from $338 million in 2023 to just $114 million in 2024 – demonstrates the growing effectiveness of new security protocols. The report highlights tools like Multi-Party Computation (MPC) and Zero-Knowledge (ZK) cryptography as essential for bridge developers, improving security and making attacks less impactful.
However, the gaming and metaverse sectors continue to struggle, recording $389 million in losses in 2024, accounting for nearly 20% of all crypto hacks. A significant portion of these losses were due to access control vulnerabilities. Three major incidents were responsible for $358 million of the total losses. It is crucial for businesses in these sectors to prioritize advanced security measures, such as implementing CCSS and utilizing MPC and ZK cryptography, to protect against access control attacks and reduce losses.
Source:Read More