According to the latest data from TRM Labs, more than twice as much money was stolen in hacks and exploits in the first half of this year compared to the first half of 2023. Hackers had made away with $1.38 billion by June 24, up from $657 million that time last year.
Private key and seed phrases still top the charts
Attacks are becoming more precise—a small number of large ones make up the bulk of attacks. The biggest attack resulted in the theft of more than 4,500 BTC from Japanese crypto exchange DMM Bitcoin in May 2024. At the time, the bitcoins were worth more than $300 million.
The top five attacks accounted for 70% of the total amount stolen in 2024. Private key and seed phrase attacks remain a top attack vector. To a lesser extent, flash loans, and smart contract exploits are to blame.
Another burgeoning issue is address poisoning, where the cybercriminal sends a small amount of cryptocurrency to someone’s wallet, creating a fake transaction history. The purpose is to confuse the account holder into sending crypto to the wrong address in the future.
More funds were stolen each month in 2024 compared to the corresponding months in 2023, with the hacks being 150% bigger on average. 2022 remains a record year, with thefts from exploits and hacks 33% below the same period that year.
TRM Labs does not indicate the reason for the increase in 2024 compared to the previous year. No major differences in attack vectors were discerned. The number of attacks also remains unchanged. The losses are much bigger, though, and this is because cryptocurrency prices are significantly higher on average year-on-year.
Protect your platform from crypto hacks and exploits
There are a few reliable approaches. Require multifactor authentication to access company accounts and systems and use hardware wallets to store large amounts of cryptocurrency. The majority of the company’s crypto assets should be in cold storage, which is offline and less vulnerable to hacks.
Use strong encryption for data and keep all software updated with the latest patches. Thoroughly vet and regularly review the security practices applied by third parties that have access to your systems or data.
