Losses from crypto scams, exploits, and hacks declined significantly in late 2024, with December recording the lowest amount stolen throughout the year.

Blockchain security firm CertiK reported in a Dec. 31 post on X that December saw $28.6 million in losses from exploits, hacks, and scams, a marked decrease from $63.8 million in November and $115.8 million in October.

Exploits accounted for the majority of the losses, with attackers stealing $26.7 million in December.

The most notable incident involved a $2.1 million exploit targeting decentralized finance (DeFi) platform GemPad, where a vulnerability in its smart contracts allowed an attacker to siphon assets.

The second-largest incident recorded by CertiK occurred with the token bridge of DeFi project FEG.

A hacker exploited a flaw in the FEG crosschain message verification process, draining $1 million by withdrawing tokens from the bridge contract without depositing them in the source chain.

Blockchain security firm PeckShield corroborated similar findings in a Jan. 1 post on X, reporting $24.7 million in hack-related losses for December, reflecting a 71% decline from November.

Among over 25 hacks identified by PeckShield, the most significant was a Dec. 16–17 exploit involving users of the password management service LastPass.

According to onchain evidence provided by Web3 investigator Zachxbt, this hack resulted in $12.3 million in stolen crypto.

LastPass had also suffered a data breach in December 2022, where hackers copied a backup of encrypted customer vault data.

This earlier breach led to ongoing crypto thefts, with cybersecurity reporter Brian Krebs estimating in a September 2023 blog post that over $35 million worth of crypto had been stolen from approximately 150 victims.

In December 2024, another major breach occurred on Dec. 2, when the DeFi market protocol Yei Finance lost around $2.2 million, marking the second-largest incident of the month, as recorded by PeckShield.

According to the Cyvers 2024 Web3 Security Report shared with Cointelegraph on Dec. 24, $2.3 billion worth of crypto was stolen across 165 incidents in 2024.

This figure represents a 40% increase from 2023, when $1.69 billion was stolen, but a 37% decrease from the $3.78 billion stolen in 2022.

Deddy Lavid, co-founder and CEO of Cyvers, told Cointelegraph that the rise in 2024 thefts was likely driven by access control breaches, particularly in centralized exchanges (CEXs) and crypto custodians.

Sources:

https://cointelegraph.com/news/december-lowest-monthly-losses-crypto-exploits-hacks-scams-2024

https://x.com/CertiKAlert/status/1874078211170349061

https://x.com/CertiKAlert/status/1862828939410034879

https://x.com/CertiKAlert/status/1851957328024633734

https://x.com/TheGemPad/status/1870479987591315580

https://x.com/PeckShieldAlert/status/1874427351511036166

https://www.chainabuse.com/report/0ea24e3c-0b02-46f4-bb5d-5196700f0149?context=browse-all

https://krebsonsecurity.com/2023/09/experts-fear-crooks-are-cracking-keys-stolen-in-lastpass-breach/

https://x.com/YeiFinance/status/1864325814902509790

https://cyvers.ai/report