Crypto Theft Surges: $1.38 Billion Stolen in Hacks and Exploits in First Half of 2024

TRM Insights reports a significant rise in cryptocurrency thefts during the first half of 2024, with hackers stealing $1.38 billion compared to $657 million in the same period in 2023. This sharp increase is driven by a few large-scale attacks, with the top five hacks accounting for 70% of the total amount stolen. Common attack vectors remain private key and seed phrase compromises, smart contract exploits, and flash loan attacks.

The largest attack of the year so far occurred in May, targeting the Japanese cryptocurrency exchange DMM Bitcoin. Hackers stole over 4,500 BTC, valued at over $300 million at the time. The exact method of the attack is still unclear, but possible vectors include stolen private keys or address poisoning, a tactic where attackers create fake transaction histories by sending small amounts of cryptocurrency to a victim’s wallet.

Each month in 2024 has seen higher theft volumes than the corresponding months in 2023, with the median hack size increasing by 150%. Despite this increase, thefts are still a third lower than during the same period in 2022, which remains a record year for cryptocurrency thefts.

TRM’s analysis found no fundamental changes in the security of the cryptocurrency ecosystem to explain this trend, nor significant differences in attack vectors or the number of attacks between the first halves of 2023 and 2024. The increase in thefts is likely influenced by higher average token prices over the past six months.

To protect against such hacks and exploits, TRM recommends a multi-layered defense strategy. This includes regular security audits, robust encryption, multi-signature wallets, and secure coding practices. Organizations should also stay updated on the latest threats, educate employees, and foster a security-aware culture. Additionally, having a comprehensive incident response strategy and offering bounties for the return of stolen funds can be beneficial. However, no single measure is foolproof, so adopting a defense-in-depth approach with multiple, redundant security measures is essential for the best protection against potential breaches.