The crypto industry faced $3 billion in losses due to hacks and scams in 2024, marking a 15% increase from $2.61 billion in 2023, according to blockchain security firm Peckshield.

Hacks accounted for $2.15 billion—or over 70%—of total losses, a 42.38% increase from $1.51 billion in 2023, while scams contributed $834.5 million, as per the security firm’s annual report.

It was harder to recover stolen funds in 2024. Approximately $488.5 million worth of stolen crypto assets were recovered, representing a 27.62% decline from the $674.9 million recovered in 2023.

While recovering nearly half a billion dollars is a promising step, the sheer scale of stolen funds exposed the pressing need for better security protocols across the industry.

PeckShield did not immediately respond to Decrypt’s request for comment.

DeFi Under Fire

Decentralized finance (DeFi) protocols remained the most vulnerable, as their inherent weaknesses continued to attract cyber criminals.

Peckshield identified May as the most devastating month, with losses peaking at $662.2 million. July and August also recorded significant activity, with losses exceeding $280 million each.

December, however, saw a notable decline, with losses dropping to $46.5 million—the lowest monthly total of the year.

Among the largest heists of the year was Japanese exchange DMM Bitcoin’s $305 million hack, followed by a $290 million breach of PlayDapp and a $238 million Bitcoin scam.

The Bitcoin scam involved a Genesis creditor falling victim to a social engineering attack by scammers posing as Google support. The attackers stole 4,064 BTC, according to onchain sleuth ZachXBT.

Indian crypto exchange WazirX and Gala Games also suffered substantial losses, with $230 million and $212 million stolen, respectively.

Phishing on the Rise

Last week, blockchain security firm CertiK warned about the growing threat of phishing scams, which emerged as the most significant security challenge of 2024.

These scams, which trick victims into sharing sensitive information such as private keys, caused over $1 billion in losses across 296 incidents, Certik noted in its annual Web3 security report.

The firm reported an average loss per phishing scam surpassing most other attack vectors. At least three phishing attacks in 2024 resulted in losses exceeding $100 million each.

Meanwhile, there’s been some business news in the crypto security sector. Blockchain analytics firm Chainalysis recently acquired Hexagate, a Web3 security provider.

Edited by Stacy Elliott.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.