The recent mid-year Web3 security report by cybersecurity firm Cyvers reveals a concerning trend in the cryptocurrency landscape. As of now, the aggregate amount of stolen crypto assets has reached nearly $1.4 billion this year, with centralized exchanges emerging as prime targets for malicious activities. In the second quarter of 2024, crypto losses surpassed $600 million, indicating a significant 100% surge compared to the corresponding period in the previous year. This escalation in theft incidents was predominantly fueled by a striking 900% rise in losses on centralized exchanges, as highlighted in the report.
The report underscores a notable shift in attack patterns during this quarter, with centralized exchanges bearing the brunt of major security breaches while decentralized finance (DeFi) protocols demonstrate enhanced resilience. The concentration of assets in centralized platforms, coupled with potential shortcomings in security protocols of some exchanges, is indicated as a probable factor contributing to this trend.
Cyvers attributes the majority of the stolen funds, amounting to approximately $490 million in Q2 alone, to access control breaches, notably through phishing attacks. This figure significantly surpasses losses incurred from smart contract exploits, which accounted for less than $70 million during the same quarter.
Decentralized finance (DeFi) protocols responded swiftly to freeze compromised smart contracts, safeguarding user interests. However, the report warns of the persistent threat of exploits as hackers continue to unearth vulnerabilities in complex contracts. Furthermore, the report sheds light on the increasing susceptibility of cross-chain bridges to attacks, citing the $1.44 million exploit of XBridge in April.
Noteworthy incidents, such as the high-profile breach at the Japanese cryptocurrency exchange DMM in May, significantly impacted Cyvers' Q2 data. The breach, linked to a compromised private key, resulted in losses exceeding $300 million. Another notable event involved the Turkish cryptocurrency exchange BtcTurk losing approximately $50 million to hackers in June.
While the report indicates an improvement in the recovery of lost funds, with a 42% increase in total funds recovered in Q2 compared to last year, a substantial portion of lost assets—around 76%—remains unrecovered.
Cyvers emphasizes the need for vigilance among Web3 users against evolving threats posed by artificial intelligence and quantum computing, which have the potential to equip hackers with sophisticated tools to circumvent existing onchain security measures.