Web3 Security Report: Q2 2024

With several landmark events occurring in the crypto space this quarter, indicating a path towards a regulated future, we continue to closely monitor hacks and scams to assess the industry’s state of security and observe emerging trends. This time, we teamed up with the HackenProof research team to analyze the data and provide the community with valuable insights. In the second quarter, we have seen both promising signs of major fund recoveries and the continuation of alarming trends where projects neglect security best practices.

Highlights

• $512,928,000 stolen in Q2.
• $397,291,000 lost to Access Control attacks.
• $347,431,288 recovered.
• $300,000,000 stolen in the biggest hack of the quarter.

Key Observations

Attack Vectors Remain Diverse (or – Decline in Rug Pull Rate)

Hackers and bad actors continue to employ a wide range of attack vectors, with access control attacks causing the industry’s biggest losses, totaling $397M. Notably, rug pulls that were prevalent in 2023 are the least damaging type of attack this quarter.

CeFi Accountable for the Biggest Losses

The CeFi category, which includes projects combining FinTech and DeFi elements, suffered the most significant financial damages. Just two incidents in this category resulted in greater losses than all other project types combined.

Over Half of Funds Stolen Got Recovered

For the second consecutive quarter, the industry has managed to recover over half of the stolen funds. While this may seem promising, the total losses for the two quarters of 2024 are nearly equivalent to the losses for the entire year of 2023. Thus, the seemingly positive trend becomes alarming when viewed from a broader perspective.

Lack of Security Measures in Hacked Projects

Despite nearly half of the affected projects having undergone audits, only four of these audits were relevant. In the majority of cases, there was a concerning absence of adequate security measures. This indicates that the industry is still far from overcoming the safety crisis in crypto.

Conclusions

• Fewer Hacks: Q2 2024 saw a significant drop in crypto hacks compared to Q1, indicating improved security.
• Rising Financial Losses: Despite fewer hacks, Q2 2024’s total losses nearly matched all of 2023, indicating more severe attacks.
• Token Project Vulnerability: The rapid growth in blockchain and DeFi sectors has outpaced security measures, making token projects vulnerable to sophisticated attacks and social engineering.
• Improved Fund Recovery: The industry successfully recovered or froze over half of stolen assets for the second quarter in a row, showing progress in response and recovery efforts.

[Download Full Report]