Crypto hacks, scam losses reach $29M in December, lowest in 2024

Losses from crypto scams, exploits and hacks tapered off in the last months of 2024, with December registering as the smallest month of hacks in the entire year. 

Blockchain security firm CertiK said in a Dec. 31 post on X that there were $28.6 million known losses to exploits, hacks, and scams in December, compared to $63.8 million in November and $115.8 million in October.

According to the firm, exploits comprised the bulk of the losses, with $26.7 million stolen by attackers in December.

The two most significant incidents were a $2.1 million exploit of decentralized finance (DeFi) platform GemPad, in which an attacker stole assets by exploiting a vulnerability in the project’s smart contracts.

The second-most serious incident recorded by CertiK saw a hacker exploit the token bridge of DeFi project FEG, withdrawing FEG tokens from the bridge contract without depositing them in the source chain, draining $1 million. 

According to a Dec. 31 analysis by CertiK, the root cause of the vulnerability was an error in the FEG crosschain message verification process.

Blockchain security firm PeckShield shared similar data in a Jan. 1 post on X. It recorded $24.7 million in hack losses in December, which it said was a 71% decrease compared to November. 

Across the more than 25 hacks recorded by PeckShield, the Dec. 16 and 17 exploit suffered by Password management service LastPass users, which saw $12.3M drained, according to onchain evidence from Web3 sleuth Zachxbt, was the most significant.

LastPass was the victim of a data breach in December 2022, when hackers copied a backup of customer vault data from encrypted storage.

As a result, users have had their crypto stolen, with cybersecurity reporter Brian Krebs estimating in a September blog post that up to that point, over $35 million worth of crypto had been stolen from around 150 victims. 

Meanwhile, a Dec. 2 security breach suffered by DeFi market protocol Yei Finance was the second largest December incident recorded by PeckShield, with around $2.2 million taken.

Related: Winners and losers of 2024: A year of all-time highs, hacks and hodling

In Cyvers 2024 Web3 Security Report shared with Cointelegraph on Dec. 24, the onchain security firm said $2.3 billion worth of crypto was stolen across 165 incidents in 2024.

According to Cyvers, this marks a 40% increase compared to 2023, when $1.69 billion worth of crypto was stolen by hackers.

However, it’s still 37% below the $3.78 billion stolen in 2022.

Deddy Lavid, co-founder and CEO of Cyvers, told Cointelegraph the increase in 2024 was likely due to the rise of access control breaches, particularly in centralized exchanges (CEXs) and crypto custodians.

Magazine: I became an Ordinals RBF sniper to get rich… but I lost most of my Bitcoin