Even though smart contract exploits have gone down, hackers who target decentralized finance (DeFi) systems may steal more than last year’s total value. By looking at the 100 most significant cryptocurrency hacks, we can see that onchain weaknesses are only present in a few of them.
One of the lead security architects at Halborn, Mar Guimenez-Aguilar, says that offchain attack vectors caused more than 57.5% of the loses in these top DeFi hacks.
“Compromised private keys accounted for 52.2% of all attacks in 2024 and 55.7% of the total value lost. Generally, off-chain attack vectors represented 56.5% of last year’s attacks and 57.5% of the financial losses incurred.”
This discovery comes just a few weeks after the second-biggest cryptocurrency hack of 2024, when someone stole $230 million from the Indian exchange WazirX.
DeFi Investors Lack Awareness
Smart contract flaws have usually been the main source of DeFi attacks, but new data shows that this may be changing. It was possible for someone to hack Nexera, a DeFi system, and steal $1.5 million on August 7.
Guimenez-Aguilar did say, though, that investors’ lack of knowledge is becoming a major weakness. He said that while smart contract code security gets a lot of attention, the environment as a whole, which includes off-chain parts and user behavior, also needs strong protection.
Digital assets worth over $7.35 billion have been stolen in the top 100 DeFi hacks. The number of attacks went down by 6% from 2022 to 2023, but the trend in 2024 is very worrying. Because more and more total value locked (TVL) is being stored in DeFi systems, hackers may be able to steal more this year than they did last year.
Guimenez-Aguilar also said that three of this year’s hacks are already in the top ten in terms of how much funds they stole. Over $200 million had been stolen by February 29. This is 15.4% more than the same time in 2023, when $173 million was stolen.
