Losses to crypto scams, exploits and hacks tapered off in the last months of 2024, with December registering the smallest amount stolen.
Blockchain security firm CertiK said in a Dec. 31 post on X that there were $28.6 million known losses to exploits, hacks and scams in December, compared with $63.8 million in November and $115.8 million in October.
According to the firm, exploits comprised the bulk of the losses, with $26.7 million stolen by attackers in December.
The most significant incident was a $2.1 million exploit of decentralized finance (DeFi) platform GemPad, in which an attacker stole assets by exploiting a vulnerability in the project’s smart contracts.
In the closing days of 2024, crypto losses due to hacks, exploits, and scams reached the lowest points for the year. Source: CertiK
The second-most serious incident recorded by CertiK saw a hacker exploit the token bridge of DeFi project FEG, withdrawing FEG tokens from the bridge contract without depositing them in the source chain, draining $1 million.
According to a Dec. 31 analysis by CertiK, the root cause of the vulnerability was an error in the FEG crosschain message verification process.
Blockchain security firm PeckShield shared similar data in a Jan. 1 post on X. It recorded $24.7 million in hack losses in December, which it said was a 71% decrease from November.
Source: PeckShieldAlert
Across the more than 25 hacks recorded by PeckShield, the most significant was the Dec. 16 and 17 exploit suffered by Password management service LastPass users, which saw $12.3 million drained, according to onchain evidence from Web3 sleuth Zachxbt.
LastPass was also the victim of a data breach in December 2022, when hackers copied a backup of customer vault data from encrypted storage.
As a result, users had their crypto stolen, with cybersecurity reporter Brian Krebs estimating in a September 2023 blog post that up to that point, over $35 million worth of crypto had been stolen from about 150 victims.
Meanwhile, a Dec. 2 security breach suffered by DeFi market protocol Yei Finance was the second-largest December incident recorded by PeckShield, with around $2.2 million taken.
Related: Winners and losers of 2024: A year of all-time highs, hacks and hodling
In Cyvers 2024 Web3 Security Report shared with Cointelegraph on Dec. 24, the onchain security firm said $2.3 billion worth of crypto was stolen across 165 incidents in 2024.
According to Cyvers, this marked a 40% increase compared to 2023, when hackers stole $1.69 billion worth of crypto.
Still, it’s 37% less than the $3.78 billion stolen in 2022.
Deddy Lavid, co-founder and CEO of Cyvers, told Cointelegraph that the increase in 2024 was probably due to access control breaches, particularly in centralized exchanges (CEXs) and crypto custodians.
Magazine: I became an Ordinals RBF sniper to get rich… but I lost most of my Bitcoin