In 2024, the crypto industry reached new milestones, signaling broader acceptance across traditional financial markets. Yet amid surging adoption and expanding total value locked (TVL) in decentralized finance (DeFi), the year also underscored the need for enhanced security. CertiK’s recently released 2024 report paints a complex picture of the industry’s evolving risk landscape.
Crypto Hacks And Scams 2024
CertiK’s data reveals that a total of $2,362,748,975.83 was lost across 760 on-chain security incidents in 2024. This marks a 31.61% increase in value stolen compared to 2023. Commenting on the significance of this rise, the report states, “The overall increase from the prior year is still cause for concern.”
Although 2024’s total of stolen assets does not approach the levels observed in 2021 ($5.28 billion) or 2022 ($3.50 billion), the upward trend underscores persisting vulnerabilities. Notably, phishing accounted for nearly half of the total losses, implying that, if phishing is excluded, ecosystem security might actually be improving compared to previous years. Key statistics from CertiK’s 2024 report are:
- Overall Value Lost: $2,362,748,975.83
- Number of Security Incidents: 760 (29 more than in 2023)
- Average Amount Lost per Incident: $3,108,880
- Median Amount Stolen per Incident: $150,925
- Most Costly Month: May 2024, with $444,386,754 lost across 63 incidents
- Worst Quarter: Q3 2024, registering $753,301,497 lost in 157 hacks, scams, and exploits (followed by a 46.65% drop in Q4)
Ethereum remained the most frequently targeted ecosystem. The report identifies 403 hacks, scams, and exploits on Ethereum, leading to $748,688,677 in losses—equivalent to an average of $1,857,788 stolen per incident. Bitcoin and Tron were also singled out as major targets, suffering $542.7 million and $133 million in losses, respectively.
Attacks spanning multiple blockchain networks contributed to an additional $435,045,134.22 across 39 incidents.
DeFi’s total value locked surged in 2024, with Ethereum liquid staking alone escalating from roughly $248 million in January to $17 billion by December. CertiK’s analysis indicates a “moderate positive correlation” between the sector’s TVL and monthly losses, with an R² value of 0.32 for 2024.
“As TVL increases, there is a tendency for losses from security incidents to rise in tandem,” the report says, before adding that 68% of the variance in monthly losses remains unexplained by TVL alone. “This could indicate that improved security measures, greater awareness, and more robust defenses are mitigating some of the risks typically associated with higher levels of TVL.”
Among the factors influencing losses beyond TVL are the ongoing evolution of attack techniques, disparate security standards across projects, regulatory inconsistencies, market conditions, protocol complexity, and centralized weak points.
Phishing: 2024’s Leading Crypto Threat
Phishing was singled out as the most damaging attack vector of 2024, racking up $1,050,129,498 in total losses—almost half of all funds stolen. This amount stretched across 296 incidents, comprising 39% of all security breaches.
“Phishing preys on human vulnerabilities rather than solely targeting technological defenses,” the report asserts, noting that funds lost to phishing are often irrecoverable unless an attacker willingly returns them.
- Average Amount Lost per Phishing Incident: $2,827,033
- Median Amount Lost per Phishing Incident: $207,556
- Total Returned by Attackers: $213,327,829 (adjusted losses stand at $836,801,668)
- Worst Quarter for Phishing: Q2, with $433,688,871 stolen across 67 incidents
Ethereum was also the predominant chain for phishing attacks, incurring $297,522,298.3 in losses over 248 incidents, followed by the Binance Smart Chain (BSC). Phishing-related losses skyrocketed year-over-year, with a 244.41% jump from 2022 to 2023, and 328.61% from 2023 to 2024.
How To Protect Your Assets
Drawing from the persistent threats cataloged in the report, CertiK outlines several best practices for users to safeguard their crypto assets:
- Be Skeptical of Unsolicited Communications: “Verify the sender’s authenticity through official channels before responding,” the report stresses, emphasizing caution with unexpected emails or messages.
- Examine Email and URL Details: Look for minor typographical errors or other irregularities in email addresses and website links.
- Enable Two-Factor Authentication (2FA): Adding an extra authentication layer can protect against unauthorized access.
- Keep Software Updated: Regular updates close security gaps in operating systems, browsers, and other applications.
- Continuously Educate Yourself: Stay current on emerging phishing and scam tactics to identify potential risks.
- Verify Wallet Addresses: Always double-check wallet addresses, as attackers may exploit address-swapping scams.
- Use a Hardware Wallet: Offline storage provides a higher level of protection against online attacks.
- Avoid Public Wi-Fi for Transactions: Public networks can expose users to phishing and man-in-the-middle attacks.
At press time, BTC traded at $86,545.
