A comprehensive look at the 100 largest cryptocurrency hacks shows that onchain vulnerabilities only account for a minor segment of exploits.
In fact, over 57.5% of the financial losses in the top 100 decentralized finance (DeFi) hacks were caused by offchain attack vectors, according to Mar Guimenez-Aguilar, the lead security architect at Halborn cybersecurity firm.
The cybersecurity expert told Cointelegraph:
“Compromised private keys accounted for 52.2% of all attacks in 2024 and 55.7% of the total value lost. Generally, off-chain attack vectors represented 56.5% of last year’s attacks and 57.5% of the financial losses incurred.”
The revelation comes nearly a month after a hacker stole over $230 million from WazirX, an Indian cryptocurrency exchange, in the second-largest cryptocurrency hack of 2024 so far.
Related: Kamala Harris may continue the Biden administration’s crypto crackdown
Biggest vulnerability for crypto hackers is a lack of investor awareness
Smart contract vulnerabilities have historically been the biggest source of DeFi exploits and they continue to wreak havoc. DeFi protocol Nexera was hacked for $1.5 million due to a smart contract vulnerability just last week, on Aug. 7.
However, the lack of investor awareness is becoming a bigger vulnerability for crypto exploiters, according to Halborn’s Guimenez-Aguilar, who wrote:
Often, the focus is intensely placed on fortifying the smart contracts’ code — which has historically been the most common attack vector — at the expense of recognizing that the protocol does not operate in isolation.”
This is why external vulnerabilities, such as offchain components and user behavior, also need to be accounted for.
The top 100 largest DeFi hacks accounted for over $7.35 billion worth of cumulative stolen digital assets, but the number of exploits fell by 6% in 2023 compared to the previous year.
Related: Bitcoin at ‘perfect’ macro setup, but dip below $58K risks $500M in liquidations
Crypto hacks in 2024 could surpass 2023
Crypto hackers in 2024 could surpass their achievements from 2023 in terms of total value stolen.
Crypto hacks could surpass the previous year due to multiple reasons, with the primary being the growing total value locked (TVL) in DeFi, explained Halborn’s cybersecurity expert:
“Considering the number and severity of attacks in 2024 so far, there have been approximately 14 incidents among the top 100 hacks, averaging nearly two attacks per month. If this trend continues, the total could reach about 24 attacks by year-end, slightly surpassing the total for 2023.”
Another worrying sign is that three of this year’s crypto hacks have already made it to the top ten in terms of value lost, added Guimenez-Aguilar.
Over $200 million was lost to hacks by Feb. 29 year-to-date, marking an over 15.$% increased compared to the same period in 2023, which saw $173 million worth of digital assets stolen.