Despite a decline in illicit activity during 2023, cryptocurrency-related theft surged dramatically once again in 2024.

This comprehensive report, drawing on two years of data from Chainalysis, reveals that total stolen funds have climbed to$2.2 billion, a 21% increase over the previous year’s $1.7 billion. This escalation occurred even as the industry implemented tighter security measures, improved smart contract auditing, and introduced predictive threat detection tools.

Moreover, attackers increasingly shifted their attention from decentralized finance (DeFi) protocols—once their primary prey—to major centralized exchanges, exploiting weak private key storage and infrastructure flaws.

Notably, North Korean-affiliated hackers became an even more dominant presence, orchestrating more frequent and lucrative assaults, a trend that may be tied to evolving geopolitical alignments.

In short, while the crypto ecosystem has made strides in defense, cybercriminals have remained a step ahead, leveraging both old and emerging vulnerabilities to drive the new wave of high-stakes digital heists.

A Return to Higher Losses‍

In 2023, total funds stolen from crypto platforms stood at roughly $1.7 billion, a significant 54.3% drop from the $3.7 billion stolen in 2022.

But the respite was short-lived. By 2024, thieves had absconded with $2.2 billion—an increase of over 21% compared to 2023.

This marks the fifth time in the last decade that annual thefts exceeded the billion-dollar mark. Despite a brief lull, last year’s resurgence underscores how quickly the threat landscape can change.

Incidents Climb as Tactics Shift

‍While 2023 saw a modest jump in the number of individual hacks from 219 to 231, total values were down, suggesting smaller, more frequent attacks.

In contrast, 2024 recorded 303 hacks, not only topping the previous year’s count but also pushing overall theft totals skyward.

Early 2024 was particularly active; by July, hackers had grabbed $1.58 billion—up 84.4% from the same period in 2023—before a surprising slowdown in the latter half of the year.

Experts speculate this late-year stagnation may be linked to geopolitical factors. Security analysts point to high-profile international meetings that may have influenced the cybercriminal ecosystem’s priorities.

‍Changing Targets: DeFi to Centralized Services‍

Throughout 2021 and 2022, decentralized finance (DeFi) platforms bore the brunt of large-scale attacks.

By 2023, however, DeFi-specific losses dropped dramatically—from $3.1 billion in 2022 to about $1.1 billion. Observers credit improved smart contract auditing, better platform security protocols, and perhaps even a dip in overall DeFi usage as factors.

Yet by 2024, hackers set their sights increasingly on centralized platforms. Although DeFi remained a key attack vector, the middle quarters of 2024 saw centralized exchanges in the crosshairs. Major attacks on platforms like DMM Bitcoin ($305 million stolen) and WazirX ($234.9 million lost) demonstrated that centralized services, often perceived as safer, can be just as vulnerable when private keys are compromised or infrastructure is left unprotected.

High-Profile Cases Highlight Different Exploits

• 2023 Standouts:
  • Euler Finance (March 2023):A flash loan attack netted hackers $197 million.
  • Curve Finance (July 2023): Breached for $73.5 million, contributing to a mid-year spike in hack frequency.
  • Mixin Network (September 2023): Lost $200 million, one of the year’s biggest DeFi thefts.
• 2024 Standouts:
  • DMM Bitcoin (May 2024): A $305 million haul led to the platform’s eventual closure. Stolen assets were laundered through coin-mixing services and suspicious offshore marketplaces.
  • WazirX (July 2024): Attackers stole roughly $234.9 million, underscoring vulnerabilities in centralized operations and private key security.

These incidents highlight the critical need for robust private key security, as private key compromises accounted for 43.8% of stolen crypto in 2024.

‍‍

North Korean Hackers Dominate the Landscape
One of the most striking recurring themes is the persistent—and in some cases, growing—involvement of North Korean-linked groups.

In 2023, these hackers executed more individual hacks than ever before, though their total haul decreased slightly to about $1.0 billion from the record $1.7 billion stolen in 2022.

In 2024, North Korean-affiliated actors flipped the script again, claiming responsibility for 61% of all stolen funds—an estimated $1.34 billion across 47 incidents.

U.S. and international law enforcement confirm these proceeds are feeding Pyongyang’s weapons programs

Interestingly, a curious drop-off in attacks from July 2024 onward coincided with a summit between Russian President Vladimir Putin and North Korean leader Kim Jong Un, prompting speculation that changing geopolitical alliances may influence state-sponsored cybercrime priorities.

Evolving Security Measures and Their Limits‍

Security measures have evolved from reactive solutions—catching hackers after the fact—to more proactive methods intended to prevent exploits in the first place.

By 2023, reports noted a shift: DeFi developers started emphasizing code audits, and new platforms like Hexagate emerged, offering predictive machine learning tools designed to spot suspicious activity before funds disappear.

How Hexagate Differs from Traditional Security Approaches

Hexagate is a predictive Web3 security platform focused on detecting and mitigating blockchain-based threats before they result in financial losses. Unlike traditional, reactive approaches that often identify hacks only after funds have been stolen, Hexagate’s system analyzes on-chain activity in real-time to spot early indicators of malicious behavior.

How It Works:

• Machine Learning & Predictive Analytics: Hexagate uses advanced machine learning models to scrutinize blockchain transactions and smart contract operations. These models learn from historical hacks, known vulnerabilities, and normal platform behavior to identify unusual patterns that could signal an imminent attack.
• Real-Time Threat Detection: By continuously monitoring activity on various blockchains, Hexagate can flag suspicious transactions or contract calls as they happen, rather than days or weeks after the damage is done.
• Proactive Alerts: When Hexagate identifies potentially malicious behavior—such as fund movements that resemble known laundering techniques or code interactions indicative of a flash loan attack—it can alert platform operators in near real-time.
• Risk Profiling & Forensics: Beyond just raising alarms, Hexagate’s technology can help security teams understand the nature of the threat. By providing insights into the type of exploit, attackers’ tactics, and related addresses, it enables more informed decisions on how to respond.

In one telling example, Hexagate detected red flags two days before a $20 million attack on UwU Lend in 2024. Yet without the necessary enforcement mechanisms, knowledge alone wasn’t enough to avert disaster. The message is clear: predictive analytics, combined with immediate mitigation tools, will define the next generation of crypto security.

What These Trends Tell Us

‍The story of crypto crime from 2023 to 2024 is one of adaptation—both by attackers and defenders. After a year of declining theft in 2023, criminals roared back in 2024, demonstrating nimble shifts in targets and methods.

Simultaneously, improved smart contract integrity may have curbed some DeFi exploits, but private key compromises and infrastructure vulnerabilities remain pressing concerns.

Moving forward, the industry’s long-term viability will depend on stronger integrated defenses, tighter collaboration between platforms and law enforcement, and regulatory frameworks that emphasize security.

As new technologies like predictive Web3 security gain traction, the hope is that the ecosystem can finally outpace the hackers. Until then, the cat-and-mouse game continues, with billions of dollars and the trust of global investors hanging in the balance.