Update Jan. 16 at 11 pm: This article has been updated to include responses from CertiK and PeckShield.
Losses to crypto scams, exploits and hacks tapered off in the last months of 2024, with December registering the smallest amount stolen.
Blockchain security firm CertiK said in a Dec. 31 post on X that there were $28.6 million known losses to exploits, hacks and scams in December, compared with $63.8 million in November and $115.8 million in October.
Speaking to Cointelegraph, a CertiK spokesperson said the main reason for the dropoff was, outside of phishing, there has been a decline in big incidents of $100 million or more in losses.
“A significant factor to the lower losses in December is the absence of a major incident, in 10 out of 12 months there was a $50 million incident, April was the other month there wasn’t,” the spokesperson said.
According to the firm, exploits comprised the bulk of the losses, with $26.7 million stolen by attackers in December.
The most significant incident was a $2.1 million exploit of decentralized finance (DeFi) platform GemPad, in which an attacker stole assets by exploiting a vulnerability in the project’s smart contracts.
In the closing days of 2024, crypto losses due to hacks, exploits, and scams reached the lowest points for the year. Source: CertiK
The second-most serious incident recorded by CertiK saw a hacker exploit the token bridge of DeFi project FEG, withdrawing FEG tokens from the bridge contract without depositing them in the source chain, draining $1 million.
According to a Dec. 31 analysis by CertiK, the root cause of the vulnerability was an error in the FEG crosschain message verification process.
Blockchain security firm PeckShield shared similar data in a Jan. 1 post on X. It recorded $24.7 million in hack losses in December, which it said was a 71% decrease from November.
Source: PeckShieldAlert
The security firm told Cointelegraph that while losses from hacks in December were lower, August recorded the lowest, with $22.5 million, but a lone phishing incident where a whale lost $55 million bumped up the total for the month.
In total, PeckShield tracked $2.31 billion in total losses for 2024, up 42% from 2023’s $1.5 billion.
Still, it’s 37% less than in 2022. According to a Cyvers 2024 Web3 Security Report shared with Cointelegraph on Dec. 24, $3.78 billion was stolen in 2022.
Related: Winners and losers of 2024: A year of all-time highs, hacks and hodling
“A persistent vulnerability in 2024, private key leaks, remained a major issue, particularly impacting centralized finance platforms,” PeckShield said.
According to the firm, bad actors responsible for the cyberattacks ranged from organized hacking groups and skilled individuals to insider threats and script kiddies.
Across the more than 25 hacks recorded by PeckShield, the most significant was the Dec. 16 and 17 exploit suffered by Password management service LastPass users, which saw $12.3 million drained, according to onchain evidence from Web3 sleuth Zachxbt.
PeckShield tracked $2.31 billion in losses to scammers for 2024, with private key leaks identified as a major issue. Source: PeckShield
LastPass was also the victim of a data breach in December 2022, when hackers copied a backup of customer vault data from encrypted storage.
As a result, users had their crypto stolen, with cybersecurity reporter Brian Krebs estimating in a September 2023 blog post that up to that point, over $35 million worth of crypto had been stolen from about 150 victims.
Meanwhile, a Dec. 2 security breach suffered by DeFi market protocol Yei Finance was the second-largest December incident recorded by PeckShield, with around $2.2 million taken.
Magazine: I became an Ordinals RBF sniper to get rich… but I lost most of my Bitcoin