- The crypto industry lost ~$2.3B in 2024
- That’s double the losses in 2023, totaling ~$1.6B
Cyvers has shared some important numbers regarding the security state of the crypto industry in 2024, namely losses totaling ~$2.3B, which is double last year’s ~$1.6B.
The company gives some additional numbers, specifically the leading cause of security incidents are access control vulnerabilities 81% of the total, as well as vulnerabilities in smart contracts 19%.
More Details From Cyvers’ Security Report
Cyvers highlighted the magnitude of cyber threats in Web3, which unfortunately increased this year translating into increased losses in 2024. While 2024 losses of ~$2.3B are still short of the record ~$3.7B in 2022, they are double the ~$1.6B in 2023.
To elaborate further, the loss of ~$2.3B was the result of 165 incidents mostly involving access control systems, particularly in centralized exchanges (CEXs) and crypto custodians.
Cyvers’ report is extremely valuable not only because it shows the scope of the threat and the extent to which security measures are needed – but also because it identifies specific areas that require the most attention.
$1.9B, i.e. 81% of the total amount stolen across 67 cybersecurity incidents happened because of security gaps in access controls, while $456M, i.e. 19% stolen across 98 incidents happened because of the code vulnerabilities in smart contracts.
This may suggest that the most insecure part of Web3 is its Web2 components, centralized access control systems, and security gaps in its controls and policies. Also, don’t forget that an invariable security gap is the human factor, because not only technical hacking shows big numbers, but crypto fraud according to the FBI report also scales.
Going back to the technical side, Cyvers compared the attack vectors with previous years, which may further indicate that the improvement of the Web3 component’s security is growing, while Web2 components on the contrary are experiencing more trouble.
Specifically, access control violations were ~$768.8M, ~$1.08B, and $1.9B in 2022, 2023, and 2024, respectively. But code vulnerabilities in smart contracts are ~$3.01B, ~$607.8M, and ~$456.3M in 2022, 2023, and 2024 respectively.
While the proportions remain the same, it’s worth taking into account that cryptocurrencies are experiencing adaptation initiatives, and the crypto market is experiencing a large influx of investment and rising prices, which could also be the reason for larger losses than last year.
Conclusion
Of course, these are very general data, but still quite illustrative. They may indicate, as we are often reminded, that many Web3 hacks are not necessarily related to Web3 technologies, but to Web2 components through which they are made available to end users.
Yes, Web3 technologies don’t guarantee absolute security either, but they were initially developed with a high-security priority, higher than Web2, and seems like their improvement is very rapid.
The information provided in this article is for informational and educational purposes only and does not constitute financial, investment, or trading advice. Any actions you take based on the information provided are solely at your own risk. We are not responsible for any financial losses, damages, or consequences resulting from your use of this content. Always conduct your own research and consult a qualified financial advisor before making any investment decisions. Read more