- Crypto experts have urged DeFi to improve its security – it appears they have listened.
- Centralized exchanges are now a prime target for hackers, says TRM Labs.
- The flight total already exceeds all of 2023.
It seems the DeFi community has gotten the message.
In recent years, decentralized financial projects have been a prime target for cybercriminals and hackers. And blockchain security experts have urged the community to be more careful.
Sure enough, DeFi hacks declined by a quarter in the first nine months of 2024 compared to all of 2023, according to TRM Labs data.
It is the centralized exchanges and custodians that have been defrauded the most.
Piracy traffic
The theft of $2.1 billion in digital assets during the first three quarters of 2024 has already exceeded that of 2023 by 5%, according to TRM Labs.
“We essentially saw hacking traffic double in 2024, as of September 30, compared to the same period in 2023,” said Ari Redbord, global head of policy and government affairs at blockchain intelligence firm TRM Labs. DL News.
Redbord said crypto hacks were happening at a record pace reminiscent of 2022, where investors lost $3.8 billion.
According to web3 security firm Cyvers, hacking incidents involving centralized exchanges and custodians increased by approximately 1,000%, to $401 million, compared to last year.
Join the community to receive our latest stories and updates
Most of these losses stem from the DMM Bitcoin Exchange breach, where suspected North Korean hackers stole a staggering $305 million from the platform.
The Türkiye-based crypto exchange lost $55 million in June and other affected platforms include Lykke and Rain Exchange.
Private key leak
These CEX losses share a common theme: an attack on the platform’s infrastructure that ultimately exposed the private keys of their crypto wallets.
Private keys are alphanumeric text strings used to sign cryptographic transactions. When exposed, they can be used to steal funds from a victim’s wallet.
CEX platforms manage their private keys internally or assign responsibility for them to a third-party protocol.
Access control
Regardless of the key management strategy used, access control is a major concern and Web3 security experts have previously warned of gaps in the security models used by crypto companies.
“Attacks have evolved their tactics to exploit these weaknesses, capitalizing on access control gaps and exploiting advanced techniques such as phishing and social engineering to gain unauthorized access,” said Meir Dolev, Director technology from web3 security company Cyvers, to DL News.
Many CEX hacks dating back to the pre-DeFi era of crypto carried hints of insider involvement.
Third-party key managers have become the solution to dishonest employees who leak their private keys to hackers.
Still, Dolev said these private key retention protocols can be just as vulnerable.
High-profile hacks
This vulnerability was already a concern since last year as it was behind some high-profile hacks, including the $41 million stolen from crypto-casino platform Stake.
“The solution to this evolving threat landscape lies in multi-layered security measures,” Dolev said.
“Businesses should not rely solely on third-party services, but rather adopt a hybrid approach combining internal key management practices with robust external solutions. »
Osato Avan-Nomayo is our DeFi correspondent based in Nigeria. It covers DeFi and technology. To share tips or story information, please contact him at osato@dlnews.com.
