In recent weeks, Bitcoin, the world’s most valuable cryptocurrency, has once again been making headlines for the impressive bull run that saw it surpassing US$100,000 for the first time ever, giving crypto a boost in 2024. While this milestone is likely to draw further investment into digital assets, new data from Chainalysis suggests investors be conscious of the platforms they utilize, as through 2024, crypto hackers managed to steal US$2.2 billion worth of crypto.
This stolen amount represents a 21% year-on-year increase, and marks a fourth consecutive year in which criminals stole over US$1 billion in crypto. Interestingly, it was just 303 individual hacking incidents that resulted in these losses, highlighting the relatively high concentration of attacks, and the potential for significant losses through even single incidents.
Although DeFi still accounted for the largest share of stolen assets in the first quarter of 2024, centralized services were the most targeted in Q2 and Q3. Some of the most notable centralized service hacks include DMM Bitcoin (May 2024; US$305 million) and WazirX (July 2024; US$234.9 million).
“This shift in focus from DeFi to centralized services highlights the increasing importance of securing mechanisms commonly exploited in hacks, such as private keys,” said Eric Jardine, Cybercrimes Research Lead at Chainalysis. Private key compromises accounted for the largest share of stolen crypto in 2024, at 44%. “For centralized services, ensuring the security of private keys is critical, as they control access to users’ assets. Given that centralized exchanges manage substantial amounts of user funds, the impact of a private key compromise can be devastating.”
In the UAE, both Centralized and Decentralized services are popular, with the former accounting for 47% of the country’s crypto transaction share by volume between July 2023 and June 2024, and the latter accounting for 32% over the same period. “It’s important to recognize that hackers are constantly adapting their techniques, making robust security practices non-negotiable across virtual asset and financial service providers. Security also needs to be seen from the lens of being reactive to proactive, with providers focusing on identifying and addressing threats before they happen. At a very minimum, investors should prioritize using multi-factor authentication (MFA), regularly updating passwords, and storing their private keys securely offline. Additionally, choosing exchanges or platforms with robust security protocols and insurance coverage can provide an extra layer of protection. Fortunately, the UAE’s clear regulatory framework represents a significant step towards creating a more secure crypto ecosystem,” Jardine added.
Describing how a collaborative approach between the public and private sectors is essential to mitigate the growing threat of crypto hacks, Jardine said, “Data-sharing initiatives, advanced tracing tools, and targeted training can empower stakeholders to quickly identify and neutralize malicious actors while building the resilience needed to safeguard crypto assets. By fostering stronger partnerships with law enforcement and equipping teams with the resources and expertise to respond rapidly, the crypto industry can reinforce its defences against theft. Such efforts are not only critical for protecting individual assets, but also for building long-term trust and stability in the digital ecosystem.”