DeFi Under Fire, CeFi Hit with Bigger Losses
The crypto scene saw $413 million vanish in Q3 2024 due to hacks and scams, spread across 34 incidents, according to a report from Immunefi. Though the numbers look steep, it marks a 28% dip compared to Q2’s $573 million and a 40% fall from Q3 2023’s staggering $686 million in losses. Yet, with more than $1.3 billion stolen so far this year, the heat is far from cooling.
Decentralized finance (DeFi) remains the prime hunting ground for bad actors. With almost $90 billion locked up in DeFi protocols, 31 of the 34 recorded hacks zeroed in on DeFi. But despite DeFi’s frequent targeting, centralized finance (CeFi) actually lost more money, a massive 74.8% ($309 million) of the total. DeFi took the rest, $104 million, signaling that CeFi, though hit less, bleeds more when it does.
CeFi’s Private Key Problem: A Bigger Wound
Immunefi’s founder Mitchell Amador pointed out a troubling issue for CeFi players—private key management. He stressed that key management isn’t often subject to security audits, so vulnerabilities stay hidden until someone with malicious intent finds them. And once they do, it’s a cash grab with no oversight. The hack on Indian exchange WazirX for $235 million on July 18 was a harsh reminder, followed by a $52 million breach of BingX in Singapore in September.
July took the crown for the highest monthly losses at $282 million, while August dipped to a mere $15 million. But hackers returned with gusto in September, swiping $116 million more. In the grand scheme, $14.9 million of the stolen funds—just 3.6%—have been recovered. These funds came from two exploits: $10 million from Ronin Network and $4.9 million from ShezmuTech.
Ethereum and BNB Chain: Hacker Favorites
Ethereum and BNB Chain aren’t catching a break either. Ethereum led the charge as the most attacked network, suffering 15 of the incidents and accounting for 44.1% of the quarter’s total losses. BNB Chain followed closely with eight incidents, representing 23.5% of the plunder. Meanwhile, Base, Blast, Solana, and Arbitrum were also tapped, but not as heavily.
Ethical hackers aren’t sitting idle, though. Immunefi reports that it has paid out more than $100 million in bounties to those who find and report vulnerabilities. Over 3,000 bug bounties have been logged in, with the largest payout hitting $10 million for a vulnerability discovered in Wormhole’s cross-chain protocol.
Leave a Reply
You must be logged in to post a comment.