DeFi Strengthens Security, Reducing Crypto Thefts by 25% While Total Hacks Exceed $2 Billion in 2024

Decentralized finance (DeFi) platforms appear to be making strides in bolstering their security, as new data shows a 25% decrease in hacking incidents in the first nine months of 2024. According to blockchain intelligence firm TRM Labs, the improvement comes after several years of cybercriminals targeting DeFi projects. Now, centralized exchanges (CEXs) and custodians are bearing the brunt of these attacks, with crypto thefts reaching alarming levels.

DeFi's Declining Hacks

While DeFi platforms have historically been prime targets for hackers, they have seen a noticeable drop in incidents in 2024. This decline is seen as a positive response to calls from security experts within the crypto space, urging DeFi projects to fortify their systems. TRM Labs reports that DeFi-related hacks have fallen by 25% compared to 2023.

However, the overall theft in the crypto world has surged. In the first three quarters of 2024 alone, over $2.1 billion in digital assets have been stolen, already surpassing the total thefts of 2023 by 5%. The majority of these thefts occurred on centralized exchanges, where hackers continue to exploit security gaps.

Centralized Exchanges Face Increased Attacks

Centralized exchanges, where digital assets are typically held by third-party custodians, have become a prime target for hackers. TRM Labs’ Global Head of Policy, Ari Redbord, revealed that 2024 has seen crypto hacks accelerate at a pace reminiscent of 2022, during which $3.8 billion was stolen. The frequency of attacks on centralized platforms has skyrocketed, with incidents growing by 1,000%, according to web3 security firm Cyvers.

One of the largest breaches of the year occurred at DMM Bitcoin Exchange, where suspected North Korean hackers made off with $305 million. Other notable hacks include $55 million lost from a Turkey-based exchange and additional breaches at platforms like Lykke and Rain Exchange.

Private Key Exposure: A Major Vulnerability

Most of the attacks on centralized exchanges involve the leakage of private keys—alphanumeric strings used to authorize crypto transactions. When these keys are exposed, hackers gain access to user wallets, allowing them to steal funds. Many centralized platforms manage private keys internally or rely on third-party services for key management.

Security experts have long warned of the risks associated with these practices. Meir Dolev, CTO of Cyvers, pointed out that attackers have evolved, using tactics like phishing and social engineering to exploit weaknesses in access control systems. Some of these vulnerabilities can be traced back to rogue employees or poor internal management of private keys.

High-Profile Hacks and the Path Forward

High-profile incidents, such as the $41 million stolen from crypto gambling platform Stake, have highlighted the severity of private key exposure. Dolev stresses that relying solely on third-party services for key management is risky. Instead, companies should adopt a hybrid approach, combining internal key management with robust external solutions to better safeguard their assets.

As hackers become more sophisticated, the importance of multi-layered security protocols continues to grow. Companies that take proactive steps to secure private keys and improve access control will be better positioned to prevent future breaches.