Crypto thefts hit a staggering $2.2 billion in 2024, marking a 21% increase from the previous year, according to the latest report by Chainalysis shared with The Byteline. This is the fourth consecutive year of billion-dollar crypto heists, showcasing the growing sophistication of cybercriminals and the vulnerabilities within the digital asset ecosystem.

According to the report, the cumulative value stolen between January 2024 and July 2024 had already “reached $1.58 billion, approximately 84.4% higher than the value stolen over the same period in 2023.”

While decentralized finance (DeFi) platforms dominated as primary targets in early 2024, centralized services bore the brunt of attacks in the second and third quarters. High-profile incidents included a $305 million heist at Japan’s DMM Bitcoin exchange in May and a $234.9 million hack of India’s WazirX platform in July.

The report attributes this shift to the exploitation of private key vulnerabilities, which accounted for 44% of the total stolen crypto in 2024. Eric Jardine, Cybercrimes Research Lead at Chainalysis, emphasized the critical need for robust private key management to safeguard user funds.

“Given that centralized exchanges manage substantial amounts of user funds, the impact of a private key compromise can be devastating,” Jardine stated.

North Korean hackers were responsible for 61% of the stolen funds in 2024, amounting to $1.34 billion across 47 incidents—double the value from the previous year. These funds are reportedly used to support Pyongyang's weapons programs, raising global security concerns.

Chainalysis highlighted a notable drop in hacking activity by North Korean groups after a high-profile summit between North Korean leader Kim Jong Un and Russian President Vladimir Putin in June 2024. However, the reasons behind this slowdown remain speculative.

The report underscores the need for a united approach to combat cyber threats in the crypto industry. Jardine advocated for stronger public-private sector partnerships, enhanced data-sharing initiatives, and advanced predictive technologies to detect suspicious activities.

Emerging tools, like Hexagate’s predictive models, show promise in thwarting attacks before they occur. For instance, Hexagate detected vulnerabilities two days before a $20 million exploit on UwU Lend, although the connection to the exploited contract was unclear until after the attack.

In the UAE, centralized services account for 47% of crypto transaction volume, highlighting their popularity despite heightened risks. Jardine recommended multi-factor authentication, regular password updates, and secure offline storage of private keys as basic security measures.

The report concludes with a strong call for regulatory evolution and industry-wide accountability to close existing security gaps and foster trust in the digital ecosystem.