<img src="https://crypto.news/app/uploads/2024/11/crypto-news-is-ethereum-dying-option03.webp” />
Bad actors stole approximately $2.3 billion from web3 projects, with ethereum accounting for more than half of the total losses.
According to the state of Web3 security in 2024 <a target="_blank" href="https://cyvers.ai/blog/the-state-of-web3-security-in-2024-a-year-of-escalating-threats-and-hard-lessons” target=”_blank” rel=”nofollow”>report From Cyvers, 51% of stolen funds came from ethereum-based projects, largely due to its role as the leading blockchain for DeFi and its ample liquidity.
BNB Chain was the second most affected blockchain, accounting for 24% of the losses, while bitcoin, XRP, and Arbitrum accounted for 5%, 4%, and 3%, respectively.
Access control failures accounted for 81% of total funds lost in 2024, due to weak authentication and permissions mechanisms. Smart contract vulnerabilities, although responsible for 19% of losses, exploited loopholes in the code to divert funds.
The three biggest Web3 hacks of 2024 included the $305 million DMM bitcoin exploit, the $290 million PlayDapp breach, and the $235 million WazirX attack. Each of these incidents was due to vulnerabilities in access control mechanisms.
Other multi-million dollar incidents include the ethereum-based Muchables exploit, which lost $97 million after a corrupt developer exploited smart contract vulnerabilities. Meanwhile, address tracking attacks accounted for losses of $68 million.
“Many Web3 projects still do not implement adequate security protocols to protect user assets. Even a single defect in a smart contract can be catastrophic, and 2024 was proof of that,” the report states.
Cryptocurrency losses grew quarter after quarter through 2024, with the third quarter being the most damaging, with losses of $669 million. The fourth quarter saw the fewest incidents, with losses totaling $130 million.
Recovery efforts yielded mixed results, with $620 million recovered in the first quarter and $562 million in the second. However, recoveries fell sharply in the second half of the year, with only $93 million recovered in the third quarter and $25 million in the fourth quarter.
“While early intervention can help recover stolen assets, delays often allow funds to disappear before authorities and security teams can act,” the report added.
To combat growing threats, Cyvers urged the standardization of continuous monitoring and real-time vulnerability testing and advocated the use of ai-based detection mechanisms.
A previous report from Web3 security firm PeckSheild highlighted that cryptocurrency attacks and scams increased by more than 15% in 2024, with decentralized financial protocols being the main targets.
