Access control vulnerabilities have become the leading cause of crypto hacking losses in 2024, accounting for 75% of total damages in the decentralized finance (DeFi), centralized finance (CeFi), and gaming/gaming industries. metaverses, excluding phishing attacks.
According to Hacken, this represents a significant increase from 50% in 2023, with losses from unauthorized access and private key theft reaching $1.7 billion, up from less than $1 billion the year before. In contrast, exploits targeting smart contract vulnerabilities only contributed to 14% of total losses.
Increase in access control exploits in 2024
Hacken’s report found that access control attacks were particularly prevalent across all Web3 categories in 2024, with CeFi, DeFi, and gaming/metaverse projects severely impacted. In CeFi, major incidents at DMM Exchange and WazirX resulted in combined losses exceeding $500 million. The DeFi sector has also suffered from compromised smart contract management, as shown by the Radiant Capital hack, which caused $55 million in losses.
The gaming space/metaverse also suffered significant damage, as evidenced by the $290 million PlayDapp exploit. At the heart of these attacks was the compromise of private keys, resulting from poor key management practices, social engineering, and insecure backup methods.
To guard against these threats, Hacken emphasized that businesses must implement advanced multisig management, automated incident response, and adhere to the Cryptocurrency Security Standard (CCSS) to ensure strong security of private keys and Reduce operational vulnerabilities on Web3.
DeFi losses decline but games and metaverse still struggle
The DeFi sector saw a notable reduction in total losses in 2024 compared to the previous year. While DeFi-related losses in 2023 soared by $787 million, the 2024 figure saw a 40% reduction, which can largely be attributed to improved security measures across the industry, including within decentralized bridges.
In 2024, DeFi witnessed the improvement of cross-chain operability, which played a crucial role in mitigating bridging exploits. With bridges historically being the primary targets for hackers, the reduction in losses – $338 million in 2023 compared to just $114 million in 2024 – demonstrated the growing effectiveness of new security protocols.
The report highlights tools such as Multi-Party Computation (MPC) and Zero-Knowledge (ZK) cryptography, which have become essential for bridge developers, improving security and making attacks less impactful. These advancements have significantly reduced the frequency and severity of exploits targeting cross-chain bridges.
The same cannot be said for the gaming and metaverse sectors which have suffered significant losses. In 2024, this Web 3 cohort recorded $389 million in losses, which accounted for almost 20% of all crypto hacks. A large portion of these losses came from access control vulnerabilities.
Three major incidents were responsible for $358 million in total losses, accounting for over 80% of game and metaverse hacks for the year. The concentration of these losses in the first quarter highlighted the difficulty these projects face in securing access management, particularly on newer platforms like Blast, which have also encountered multiple challenges.
Binance Free $600 (CryptoPotato Exclusive): Use this link to create a new account and receive an exclusive $600 welcome offer on Binance (all details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to sign up and open a FREE $500 position on any coin!
