According to Cyvers, the 40% yearly increase was mainly driven by growing access control vulnerabilities amid centralized exchanges and cryptocurrency custodians.
Cryptocurrency hackers surpassed the previous year's achievements, stealing over $2.3 billion worth of value from the Web3 ecosystem -- a concerning sign for the industry's mainstream acceptance.
Cryptocurrency hacks saw a sharp uptick in 2024, driven by the appeal of growing cryptocurrency valuations, after Bitcoin BTC $94,173 surpassed the $100,000 mark for the first time on Dec. 6.
During 2024, crypto hackers stole over $2.3 billion worth of assets across 165 incidents, marking a 40% increase compared to 2023, when hackers stole $1.69 billion worth of crypto, according to a report shared by onchain security firm Cyvers.
The 40% increase is mainly attributed to the rise of access control breaches, particularly in centralized exchanges (CEXs) and crypto custodians, according to Deddy Lavid, co-founder and CEO of Cyvers.
Lavid told Cointelegraph:
"These incidents were often facilitated by compromised private keys and weak key management systems, exemplified by high-profile hacks such as multi-signature wallets..."
Despite the 40% increase compared to the previous year, the $2.36 billion is still 37% below the record $3.78 billion stolen during 2022.
Related: Quantum computing will fortify Bitcoin signatures: Adam Back
Access control breaches resulted in $1.9B lost to crypto hacks
Access control vulnerabilities accounted for $1.9 billion worth of value stolen in 2024, or over 81% of the total amount lost to crypto hacks, across 67 individual cybersecurity incidents.
In contrast, smart contract exploits resulted in $456 million stolen across 98 incidents, as the second-largest attack vector responsible for 19% of the value lost in 2024.
Address poisoning scams were the third most popular type of attack, netting over $68.7 million worth of stolen funds for crypto hackers.
To avoid another multi-billion hacking year in 2025, the industry needs to prioritize more robust security practices, such as private key management with offline storage and real-time threat monitoring systems, according to Cyvers' Lavid, who added:
"By prioritizing education, collaboration, and security innovation, we can significantly reduce these vulnerabilities and foster a safer Web3 ecosystem."
Related: Top 100 DeFi Hacks: Offchain attack vectors account for 57% of losses
North Korean hackers to start targeting Bitcoin ETFs in 2025: Cyvers
However, the industry must remain vigilant, as North Korean hackers may begin targeting larger objectives, such as the United States spot Bitcoin exchange-traded funds (ETFs), according to Michael Pearl, vice president of GTM strategy at onchain security company Cyvers.
Pearl told Cointelegraph in an exclusive interview:
"The FBI has issued a warning that North Korean hackers are going to try to infiltrate and steal money from ETFs. So, all those ETFs [...] are storing the base Bitcoin somewhere. And you can be certain that somebody is already planning and thinking of how they're going to steal it."
Cyvers' Michael Pearl, interview with Cointelegraph's Zoltan Vardai, clip 1. Source: Cointelegraph