Crypto Industry Losses in 2024

The crypto industry has clocked up over $1.19 billion in losses due to 149 hacks and scams year-to-date, following a further $269.4 million worth of exploits in July, according to the latest report from web3 bug bounty and security services platform Immunefi.

The year-to-date tally represents a 16.3% increase compared to the same period in 2023, which saw $1.02 billion in losses.

July’s losses from 14 specific incidents represent a 15.9% decrease year-over-year but a 90% increase month-over-month — the second-highest monthly loss in 2024 after May’s $358 million. The majority of the losses came from one exploit alone, the $235 million hack on WazirX, suspected to have been carried out by North Korean hackers, with the centralized Indian crypto exchange facing backlash over its “socialized loss” plan following the incident. The DEX aggregation and bridging protocol LI.FI is the largest DeFi exploit in July, incurring losses of $10 million.

CeFi hacks dominate, with Ethereum and BNB Chain as the most targeted networks

Hacks dominated the losses in July, accounting for 98.9% ($266.4 million) of the total across 12 incidents, compared to cases of fraud, scams, and rug pulls at only 1.1% ($3 million) over two specific incidents.

The dominance of hacks came mainly from the WazirX exploit, with the sole CeFi attack representing 87% of July’s lost funds, contrasting with the $34.4 million lost in 13 DeFi incidents.

Of the total $1.19 billion lost year-to-date, CeFi exploits also dominate, accounting for $636 million (53.4%) of the losses from just six incidents. DeFi represents $554 million in losses (46.6%) over 143 specific incidents.

Ethereum and BNB Chain were again the most targeted networks, as they have been for most of 2024, representing 71.4% of total on-chain losses. Ethereum suffered the most individual attacks with seven incidents, representing 50% of the losses on targeted chains, followed by BNB Chain with three incidents, representing 21.4%. Scroll and Base suffered one incident each.

Last month, Immunefi surpassed $100 million in ethical hacker and researcher payouts. The payouts span three years and result from over 3,000 bug bounty reports, the largest of which was a $10 million award for a vulnerability discovered in Wormhole’s cross-chain protocol.

Immunefi claims to operate the largest blockchain security community with more than 45,000 researchers, saving over $25 billion in user funds across protocols like Polygon, Optimism, Chainlink, The Graph, Synthetix and MakerDAO from being stolen.