In December 2024, the crypto industry experienced its lowest losses of the year, totaling $29 million, as reported by blockchain security firms CertiK and PeckShield. This marked a notable decrease compared to earlier months, with CertiK documenting $28.6 million in losses, primarily due to exploits. Exploits accounted for the bulk of the losses, with the most significant being a $2.1 million attack on the decentralized finance (DeFi) platform GemPad. In this incident, attackers exploited vulnerabilities in the platform’s smart contracts, stealing valuable assets from users. Another significant exploit involved a $1 million attack on the FEG token bridge, where hackers withdrew funds without depositing them in the source chain.
PeckShield also recorded a decrease in losses for December, reporting $24.7 million in total, marking a 71% drop from November. The firm highlighted several notable incidents, including a major $12.3 million loss from a breach involving the LastPass password management service. Hackers targeted LastPass users’ crypto assets, exploiting a breach that allowed unauthorized access to encrypted vault data. This attack contributed to a growing trend of cybercriminals targeting sensitive digital storage services. Additionally, PeckShield reported a $2.2 million theft from Yei Finance, a DeFi market protocol, as part of a broader pattern of vulnerabilities being exploited in the DeFi space.
Despite these significant attacks, 2024’s overall losses remained lower than in previous years. According to Cyvers’ 2024 Web3 Security Report, the total crypto stolen across 165 incidents in 2024 amounted to $2.3 billion. While this represents a 40% increase over 2023, it remains a 37% decrease from the $3.78 billion stolen in 2022. The rise in 2024’s losses is attributed largely to breaches involving access control, particularly in centralized exchanges (CEXs) and crypto custodians. These incidents highlight the ongoing challenges within the crypto ecosystem, with cybercriminals increasingly targeting vulnerable platforms and services.
The drop in December’s losses offers a slight reprieve for the crypto industry, but the fight against cybercrime continues. As hackers adapt their tactics and identify new vulnerabilities, the need for robust security measures remains critical. Crypto platforms and users must remain vigilant, implementing enhanced cybersecurity protocols and exercising caution when interacting with DeFi protocols and other digital services. With a growing number of incidents in 2024, it is clear that both the industry and its users must work together to address the evolving threat landscape and safeguard digital assets from theft and exploitation.
