[ newsletter ]
Stay ahead of Web3 threats—subscribe to our newsletter for the latest in blockchain security insights and updates.
Thank you! Your submission has been received!
Oops! Something went wrong. Please try again.
A report reveals that hackers stole $440 million in 28 exploits during Q3 2024, with access control attacks being the most damaging. Centralized exchanges faced the highest losses.
The third quarter of 2024 witnessed a staggering $440 million stolen through 28 hacking incidents, marking a significant event in the cybersecurity landscape. Despite being the smallest losses recorded in the past three years, the recovery rate remains alarmingly low at just 5%. This report by cybersecurity firm Hacken sheds light on the types of attacks, the most affected sectors, and potential mitigation strategies.
The report categorizes the various types of attacks that led to these losses, with access control exploits being the most damaging. These attacks allowed hackers to gain control over the keys that manage smart contracts, enabling them to withdraw funds at will.
Centralized exchanges faced the brunt of the losses, with WazirX's hack being the most significant. The incident raised questions about potential insider involvement, as independent audits found no security breaches. Other types of attacks, such as those on yield aggregators and cross-chain bridges, also contributed to the overall losses, although they were less frequent.
The report highlights the distribution of losses across various project categories:
Hacken emphasizes the importance of proactive measures to prevent such losses. Their Automated Incident Response Strategy can be customized to monitor smart contracts and trigger protective actions when suspicious activities are detected. The report suggests that approximately 28.7% of losses could have been avoided with better monitoring systems in place.
One of the notable incidents involved the DeFi protocol Nexera, where a scammer drained 47.2 million NXRA tokens. The attacker managed to swap 15 million tokens before the team could pause the contract, resulting in a loss of $1.5 million. The report illustrates how the Automated Incident Response Strategy could have mitigated this loss by pausing the contract immediately upon detecting the exploit.
The third quarter of 2024 serves as a stark reminder of the vulnerabilities present in the crypto space. While the total losses were lower than in previous years, the low recovery rate and the sophistication of attacks highlight the need for enhanced security measures. As the industry continues to evolve, so too must the strategies to protect against these ever-present threats.