Crypto experts urge DeFi to improve security – looks like they're listening Centralized exchanges are now a prime target for hackers, says TRM Labs. Total thefts have already exceeded 2023.
The DeFi community seems to have gotten the message.
In recent years, decentralized finance projects have been a prime target for cybercriminals and hackers. And blockchain security experts are calling for more protection for the community.
According to data from TRM Labs, DeFi hacks dropped by a quarter in the first nine months of 2024 compared to 2023 as a whole.
It is the centralized exchanges and custodians that are the most robbed.
Hock Halls
According to TRM Labs, the theft of $2.1 billion in digital assets in the first three quarters of 2024 has already exceeded the 2023 total by 5%.
“We've seen hack hauls double in 2024 as of September 30, compared to the same period in 2023,” said Ari Redbord, global head of policy and government affairs at blockchain intelligence firm TRM Labs. News.
Crypto hacks are at a record high in 2022, where investors lost $3.8 billion, according to RedBoard.
According to web3 security firm Cyvers, hacking incidents involving centralized exchanges and custodians increased by approximately 1,000% from last year to $401 million.
Join the community to get our latest articles and updates
Most of those losses came from the DMM Bitcoin exchange breach, where suspected North Korean hackers stole $305 million from the platform.
The Türkiye-based crypto exchange lost $55 million in June, and other affected platforms include Lykke and Rain Exchange.
Private key leakage
Those CEX losses share a common theme – an attack on the platform's infrastructure could eventually expose the private keys of their crypto wallets.
Private keys are alphanumeric text strings used to sign crypto transactions. When exposed, they can be used to steal funds from victims' wallets.
CEX platforms can manage their private keys internally or delegate the responsibility to a third-party protocol.
Access control
Regardless of the key management strategy used, access control is a major concern and Web3 security experts have previously warned of gaps in the security models used by crypto companies.
“Attacks have evolved their tactics to exploit these weaknesses, exploiting gaps in access controls and using advanced techniques such as phishing and social engineering to gain unauthorized access,” Meir Dolev, chief technology officer at Web3 security firm Syvers, told News.
Several CEX hacks from the pre-Dify era of crypto have hints of insider involvement.
Third-party key managers have become a solution for rogue employees who leak private keys to hackers.
However, Dolev says these private key custody protocols are also vulnerable.
High-profile hacks
That vulnerability has already been a concern since last year, as it was the cause of some high-profile hacks, including the theft of $41 million from the crypto casino platform's stock.
“The solution to this evolving threat landscape lies in multi-layered security measures,” Dolev said.
“Companies should not rely solely on third-party services, but instead adopt a hybrid approach that combines internal key management practices with robust external solutions.”
Osato Awan-Nomayo Our Nigeria based DeFi representative. He covers DeFi and technology. To share tips or information about articles, please contact him here [email protected].
Related TopicsShocks and Robberies
