Hackers Stole $2.2B in 2024, Largely Through Private Key Compromises

Hackers stole $2.2 billion in 2024, targeting centralized exchanges and exploiting private key vulnerabilities most successfully as the year progressed.

While that figure is up more than 20% from 2023’s $1.8 billion, it’s far below the $3.3 billion and $3.7 billion stolen in 2021 and 2022, respectively.

There was a sharp drop in attacks in the second half of 2024, which had been on track for a $3 billion year through July.

Most notably, decentralized finance projects suffered most severely at the beginning of the year, while attackers’ focus shifted to centralized exchanges in Q2 and Q3, when they accounted for a far larger percentage of funds stolen. Just two exploits – DMM Bitcoin’s $305 million hack in May and WazirX’s $235 million hack in July – accounted for fully 30% of the year’s losses.

Also notable was the sudden surge in private hacks in Q3.

While he wouldn’t get into the details of private hacks, Eric Jardine, Chainalysis's cybercrimes research lead, said, “Hackers by and large go where the value is, while also factoring in how likely it is that they will be successful and can launder any stolen funds effectively.”

Pointing to the change from DeFi to centralized victims, Jardine added that the firm has seen that before.

“Much of this back and forth is likely related to changes in factors like total value locked and the sophistication of security,” he said.

Private Keys Compromised

The report also highlighted the need for better private key security.

Private key hacks accounted for 43% of all losses, by far the largest amount.

“Given that centralized exchanges manage substantial amounts of user funds, the impact of a private key compromise can be devastating,” the report said.

Still, Jardine noted that “private key compromise could affect crypto participants across the spectrum, from individuals to DeFi platforms and centralized services.”

There was also a difference in how private key attack proceeds were moved and laundered, mainly through bridges and mixing services. DEXs were the primary method of laundering funds from other types of attacks.

North Korea’s Record Haul

The North Korean hackers responsible for many of crypto’s largest exploits took in a record $1.34 billion this year, double the $660 million attributed to them in 2023, Chainalysis said. It noted that the 2023 estimate fell drastically as new information came to light this year.

One particularly worrisome note is that North Korean hackers seem to be getting better and faster at larger hauls in the eight and nine-figure ranges.

Interestingly, there was also a small but noticeable uptick in sub-$10,000 hacks, which hadn’t really been seen in previous years.

They are also getting more creative.

“North Korean hackers persistently seek new methods to exploit security vulnerabilities, especially for larger hacks,” said Andrew Fierman, Chainalysis’s head of national security intelligence.

“However, more recently, North Korean IT workers have infiltrated various web3 and crypto companies using evasive tactics to gain employment, including the use of false identification, leveraging hiring intermediaries, and taking advantage of remote work opportunities to gain access to these companies’ systems. Ultimately, these IT workers exploit security vulnerabilities and steal crypto,” he added

It’s not just the crypto industry that’s endangered by these tactics. Chainalysis also noted that 14 North Koreans obtained remote IT jobs at U.S. companies and extorted $88 million by stealing proprietary information.