Losses to crypto scams, exploits, and hacks showed a significant decline in December 2024. According to recent reports from blockchain security firms, the total known losses during this period were notably lower compared to previous months.
Background on December’s Cryptocurrency Security Landscape
In December 2024, blockchain security firm CertiK released an analysis highlighting the state of crypto-related security incidents throughout the month. The firm reported a decrease in overall losses from both major and minor incidents. While November saw $63.8 million in known losses, December experienced a marked reduction, with only $28.6 million lost to scams, exploits, and hacks.
Key Findings from CertiK’s December Report
The analysis by CertiK revealed several critical insights into the security posture of the crypto ecosystem during December 2024:
-
Exploits Were Predominantly Responsible: Of the total losses reported, $26.7 million were attributed to exploits. These ranged from unauthorized access to sophisticated attacks on specific projects.
-
Major Incident: $2.1 Million Exploit of GemPad DeFi Platform: A significant incident occurred when an attacker exploited a vulnerability in the smart contracts of the GemPad platform, leading to the theft of $2.1 million in assets.
December’s Second-Most Severe Incident
In addition to the aforementioned incidents, another notable security breach affected multiple projects and users:
- $1 Million Loss from FEG DeFi Project: A hacker exploited a token bridge on the FEG DeFi platform, drains $1 million without proper depositing of tokens in the source chain. The root cause was identified as an error in the verification process for crosschain messages.
December’s Security Incidents Across the Blockchain Ecosystem
Other notable incidents reported during December 2024 include:
- $24.7 Million Hacked Assets by PeckShield: Blockchain security firm PeckShield published a report detailing $24.7 million in crypto losses attributed to various attacks throughout the month.
Significant December 2024 Attacks
-
LastPass Data Breach: A major data breach affected millions of LastPass users, with $12.3 million in assets potentially stolen from compromised accounts.
- Background: LastPass, a popular password management service, experienced a significant security flaw where attackers exploited backup files encrypted by the service. Cybersecurity reporter Brian Krebs estimated that as of September 2023, up to $35 million had been stolen from approximately 150 victims.
-
DeFi Market Protocol Yei Finance Breach: A separate incident in December saw a security breach at DeFi market protocol Yei Finance, resulting in the theft of approximately $2.2 million.
Overview of 2024’s Security Landscape
In its 2024 Web3 Security Report, onchain security firm Cyvers reported that over 165 incidents throughout the year resulted in a total of $2.3 billion in crypto losses. This marked a 40% increase compared to 2023, where attackers stole $1.69 billion.
Contextualizing the Numbers
The rise in security incidents during 2024 appears to have been influenced by several factors:
- Centralized Exchanges (CEXs) and Crypto Custodians: A significant portion of the security breaches were linked to access control issues, particularly within CEXs and crypto custodians.
Immediate Response and Mitigation Strategies
In response to these security incidents, various blockchain communities are actively working on improving their security measures. For instance:
-
CertiK: Continued to advocate for enhanced security protocols among developers, emphasizing the importance of robust verification processes.
-
PeckShield: Highlighted the need for better risk management and user education regarding crypto security practices.
Conclusion
While December 2024 saw a marked reduction in crypto-related losses compared to previous months, it is clear that the broader crypto ecosystem remains vulnerable. Continued vigilance from both developers and users will be crucial in addressing these emerging threats.
