Hacks and exploits on cryptocurrency exchanges are soaring, with twice as much money being stolen in the first half of 2024 compared to the same period in 2023, according to TRM Labs.
In a new report, TRM found that hackers targeting crypto exchanges stole $1.38bn between January 1 and June 24, 2024. This is double the money made by crypto theft over the same period in 2023.
However, this remains well below the record-breaking 2022 numbers, which reached $2bn in June and amounted to almost $4bn at the end of the year.
Higher Average Token Prices Likely Cause for Surge
In 2024, a few large attacks were responsible for most of the losses, with the top five hacks and exploits accounting for 70% of the total amount stolen. This is aligned with what happened in 2023.
Although the TRM researchers cannot explain the 2024 surge with a change in the threat landscape, they assessed it might come from significantly higher average token prices compared to this period in 2023. “This is likely to have contributed to the increased theft volumes,” they added.
The top attack vectors are private key and seed phrase compromises, smart contract exploits and flash loan attacks.
The largest crypto heist of 2024 was recorded in May, when DMM Bitcoin, a Japanese cryptocurrency exchange, suffered an attack resulting in the theft of over 4,500 BTC, valued at over $300m at the time.
The TRM researchers commented: “While the exact cause of the attack remains unknown, potential vectors include stolen private keys or address poisoning – a tactic wherein attackers send tiny amounts of cryptocurrency to a victim’s wallet to create fake transaction histories, potentially confusing users into sending funds to the wrong address in future transactions.”
TRM Labs’ Crypto Theft Mitigation Recommendations
To protect themselves from these crypto heists, TRM Labs recommended crypto projects to implement the following measures:
- Conduct regular security audits
- Implement robust encryption
- Use multi-signature wallets
- Encourage secure coding practices
- Offer bounties for the return of stolen funds
“Additionally, staying updated on the latest threats, educating employees, and fostering a security-aware culture are crucial,” the TRM researchers concluded.
Read more: Over $1bn in Cryptocurrency Lost to Web3 Cyber Incidents in 2024