According to blockchain security firm Hacken's annual "Web3 Security Report," losses from security incidents in the DeFi space fell 40% from 2023 to 2024, thanks to improved protocols, improved bridges, and more advanced cryptographic measures.
Meanwhile, CeFi security incidents more than doubled, with losses rising to $694 million, as CEXs became the primary target of access control vulnerabilities and other major security risks. The surge in attacks was largely attributed to access control vulnerabilities and notable incidents such as the DMM exchange hack in Q2 and the WazirX hack in Q3. These incidents involved private key leaks and multi-signature vulnerability exploits, resulting in the theft of $305 million and $230 million from the two exchanges, respectively.
The report shows that financial losses in DeFi fell sharply in 2024, from $787 million in 2023 to $474 million this year. Among them, losses from bridge-related security incidents have dropped dramatically from $338 million in 2023 to $114 million in 2024.
Despite improvements in DeFi, such as multi-party computation and zero-knowledge proofs, challenges remain, and in fact, access control vulnerabilities account for nearly half of all DeFi losses, such as the $55 million Radiant Capital hack.