The blockchain security landscape took another bruising in 2024, as Immunefi’s annual “Crypto Losses in 2024” report reveals the industry lost roughly $1.495 billion across 232 separate incidents. That figure underscores persistent, systemic risks in both centralized and decentralized corners of crypto—even if headline totals fell modestly from 2023.
Key takeaways
- Total losses: $1,495,487,055 across 232 incidents in 2024.
- Attack type: Hacks dominated, causing 98.1% of losses; fraud, scams, and rug pulls made up only 1.9%.
- Year-over-year: The 2024 total is about 17% lower than 2023’s losses (which topped $1.8 billion), but the drop masks concentration risk: a few mega-hacks drove much of the damage.
Mega-hacks and a CeFi shift
Two breaches alone accounted for roughly 36% of 2024’s losses: the May compromise of Japanese exchange DMM Bitcoin ($305 million) and the July breach of Indian exchange WazirX ($235 million). Both incidents involved compromised private keys and targeted centralized finance (CeFi) infrastructure—highlighting a notable shift from earlier years when DeFi protocols were the principal targets.
The numbers paint a stark paradox: centralized platforms were far fewer in number but far more lucrative to attackers. CeFi losses jumped 77.5% year-over-year to $726.2 million across just 11 incidents, while DeFi losses fell 44.8% to $769.3 million across 221 incidents.
Timing and targets
Q2 2024 was the worst quarter, with $572.7 million lost across 72 incidents—a 115.7% increase versus Q2 2023. May alone accounted for $358.5 million of that quarter’s losses, driven primarily by the DMM Bitcoin hack. Across networks, Ethereum and BNB Chain remained the most frequently targeted ecosystems.
Why this matters—and where things are headed
Immunefi’s more recent data signals that 2025 may be materially worse: year-to-date losses through Q1 2025 already hit $1.64 billion, largely because of the $1.4 billion Bybit hack—surpassing all of 2024’s losses within just three months. Immunefi CEO Mitchell Amador warned the damage from hacks goes beyond stolen funds: nearly 80% of projects suffering major breaches never fully recover, often facing operational paralysis and lasting reputational harm.
Immunefi’s role and the industry response
Immunefi reports it currently protects over $190 billion in user assets and has helped prevent more than $25 billion in potential losses through its bug-bounty programs—paying record bounties such as $10 million for a Wormhole vulnerability. Those programs are increasingly central to defense efforts, but the data underline that growing markets attract greater and more sophisticated adversaries.
Bottom line
While the headline loss total dipped in 2024, the concentration of damage in a handful of CeFi-focused mega-hacks and the explosive start to 2025 are clear warning signs. As crypto scales, the attack surface—and attackers’ incentives—are growing in tandem, making robust key-management, security audits, and proactive bug-bounty programs more critical than ever.
Read more AI-generated news on: undefined/news
