This year is on track to become remarkable for decentralized finance (DeFi) security. According to IntoTheBlock, the year’s exploits are currently worth $464.11 million and may hit a four-year low. This significant drop is a welcome relief, especially after the over $1 billion stolen in DeFi hacks in 2023.
2024 Top Exploits
Orbit Bridge experienced the first and largest hack of the year, losing over $81 million in crypto. Despite using multisig wallets, considered a best practice for security, the attackers exploited compromised private keys to generate unauthorized transactions. Suspicion falls on the notorious Lazarus Group, infamous for high-profile hacks.
Munchables suffered the second-largest hack of 2024, losing $62.5 million in ETH. The attacker exploited an upgradeable proxy contract, controlling the deployer address. After an upgrade, users deposited sufficient ETH, and the hacker transferred the assets into owned wallets. Investigator ZachXBT tied the hack to the notorious Lazarus Group.
This month, Radiant Capital lost $58 million to hackers exploiting its multi-sig wallet, marking the third-largest crypto hack this year. The attackers used malware to trick signers into approving malicious transactions, allowing them to upgrade contracts and access user funds on the BNB Chain and the Arbitrum network.
Notably, the protocol’s latest loss follows a $4.5 million breach earlier this year. The newest incident cumulates its losses to $62.5 million. It now shares the stage with Munchables in a competition for the second-most hacked protocol of the year.
Further Insights Into 2024 Exploits
According to IntoTheBlock data, lending protocols, and bridge platforms incurred the largest share, accounting for over 50% of total losses. Lending protocols suffered the most, losing 29.80% of total funds. This is due to their inherent complexities and risk exposures, making them more vulnerable to exploits than other decentralized applications (dApps).
Nearly half of the exploits targeted vulnerabilities in smart contracts, most perpetrated in Ethereum and its layer-2 networks. Several platforms, including Deltaprime and Banana Gun, were unaudited by blockchain security firms. January, March, and September saw the highest number of incidents, with the first losing the most value.
DeFi exploits are declining due to improved security, increased awareness, and government regulations; however, continued vigilance is necessary.
Meanwhile, time will tell if the DeFi sector will unlock this feat as two months remain this year.
