Decentralized finance (DeFi) experienced a 40% decrease in dollars lost to security incidents from 2023 to 2024 due to improved protocols, stronger bridges and advanced cryptographic measures.
According to blockchain security firm Hacken’s annual “Web3 Security Report,” DeFi’s strengthened security measures arrived in tandem with centralized finance (CeFi) facing a bleak year.
CeFi breaches more than doubled while losses surged to $694 million as centralized exchanges became primary targets for access control vulnerabilities and other critical security risks.
The report’s findings detail a stark difference between DeFi’s progress and CeFi’s struggles, providing a critical lens through which to view both spaces and highlighting the vulnerabilities of centralization.
Related: Crypto hacks wipe out $2.3B in 2024, marking 40% YoY surge
DeFi security pump
Hacken’s 2024 report shows a steep drop in financial losses in 2024 for DeFi, falling from $787 million in 2023 to $474 million this year.
The report notes that bridge-related exploits, a historical major vulnerability in DeFi, have dramatically declined from $338 million in 2023 to just $114 million in 2024.
Despite improvements in DeFi, such as multiparty computation and zero-knowledge proofs, challenges persist, as seen in the fact that access control vulnerabilities accounted for nearly half of all DeFi losses —such as the $55 million Radiant Capital hack.
Financial losses to DeFi bridge hacks or exploits over the last three years. Source: Hacken
Related: USDX built to support DeFi ecosystem growth: Hex Trust CEO
CeFi breaches on the rise
According to Hacken’s report, CeFi’s 2024 starkly contrasts the improvements seen in DeFi, more than doubling its 2023 financial losses to $694 million.
The surge in breaches is attributed largely to access control exploits and notable incidents like the DMM exchange hack in the second quarter and the WazirX hack in the third quarter.
These hacks involved compromised private keys and multisignature vulnerability exploits, facilitating the theft of $305 million and $230 million, respectively, from the exchanges.
Dyma Budorin, co-founder and CEO of Hacken, told Cointelegraph the report’s findings highlight “critical gaps” in CeFi operational security, mainly driven by “poor private key management, weak multisig setups, and centralized control vulnerabilities.”
DeFi vs. CeFi financial losses over the last three years. Source: Hacken
Related: North Korean hackers stole $1.3B in crypto in 2024 — Chainalysis
Lessons to be learned
The significant difference in financial losses between the DeFi and CeFi sectors highlights an opportunity for improvement in both industries.
Budorin said that attackers exploit gaps in security setups and that it’s critical “to adopt stricter key management practices and automated monitoring” systems to mitigate these risks.
The risks highlighted by the Hacken CEO can be seen in North Korean hackers stealing over $1.3 billion in crypto assets this year across 47 incidents, according to a Dec. 19 Chainalysis report.
Magazine: 5 real use cases for useless memecoins