Web3 Security: Ethereum Loses Billions to Bad Actors in 2024
In a year marked by escalating threats and hard lessons, bad actors managed to steal approximately $2.3 billion from various web3 projects, with Ethereum bearing the brunt of the losses.
State of Web3 Security in 2024
The recent report by Cyvers on the State of Web3 Security in 2024 revealed that Ethereum-based projects accounted for 51% of the total stolen funds. This significant figure can be attributed to Ethereum’s prominent role in decentralized finance (DeFi) and its high liquidity levels.
Following Ethereum, BNB Chain was the second most targeted blockchain, accounting for 24% of the losses. Bitcoin, XRP, and Arbitrum trailed behind with 5%, 4%, and 3% of the losses, respectively.
Primary Causes of Losses
Access control failures emerged as the leading cause of stolen funds, responsible for 81% of the total losses. These failures were often linked to weak authentication and permission mechanisms. Smart contract vulnerabilities, on the other hand, accounted for 19% of the losses, exploiting loopholes in code to drain funds.
Major Web3 Hacks of 2024
Some of the most notable incidents in 2024 included the $305 million DMM Bitcoin exploit, the $290 million PlayDapp breach, and the $235 million WazirX attack. These high-profile hacks underscored the vulnerabilities in access control mechanisms within web3 projects.
Additionally, the exploit of Muchables, an Ethereum-based platform, resulted in a $97 million loss due to smart contract vulnerabilities. Address poising attacks also played a role, contributing to $68 million in losses.
Recovery Efforts and Recommendations
Despite efforts to recover stolen assets, the success rate varied throughout the year. While $620 million and $562 million were reclaimed in Q1 and Q2, respectively, the latter half of the year saw a significant drop in recoveries, with only $93 million and $25 million recovered in Q3 and Q4.
To address the growing threats, Cyvers emphasized the importance of continuous monitoring, real-time vulnerability testing, and the adoption of AI-powered detection mechanisms. Standardizing these security protocols could help mitigate risks and protect user assets in the evolving web3 landscape.
Another report by PeckShield highlighted a 15% surge in crypto hacks and scams in 2024, with decentralized finance protocols being the primary targets. These findings underscore the urgent need for enhanced security measures within the web3 ecosystem.