Audits
Services
DualDefense
Hacken Audit + Additional Crowdsourced Audit
Learn more
Services
DualDefense
Smart Contract Audit
Blockchain Protocol Audit
DORA Compliance
Virtual CISO
Penetration Testing
Cloud Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit
Retainer
DualDefense
New Approach To Blockchain Security
Hacken Audit + Additional Crowdsourced Audit
2 in 1
Dual-layered protection
30-Day
Crowdsourced audit
Independent
HackenProof bug hunters
Learn more
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company
Community
Community
- $HAI

Web3 Security Report: Q2 2024

Web3 Security Report: Q2 2024

2 minutes

With several landmark events occurring in the crypto space this quarter, indicating a path towards a regulated future, we continue to closely monitor hacks and scams to assess the industry’s state of security and observe emerging trends. This time, we teamed up with the HackenProof research team to analyze the data and provide the community with valuable insights. In the second quarter, we have seen both promising signs of major fund recoveries and the continuation of alarming trends where projects neglect security best practices.

Highlights

$512,928,000 stolen in Q2.
$397,291,000 lost to Access Control attacks.
$347,431,288 recovered.
$300,000,000 stolen in the biggest hack of the quarter.

Key Observations

Attack Vectors Remain Diverse (or – Decline in Rug Pull Rate)

Hackers and bad actors continue to employ a wide range of attack vectors, including price oracle issues and flash loan attacks. Access control attacks remain the industry’s biggest losses, totaling $397M. Notably, rug pulls that were prevalent in 2023 are the least damaging type of attack this quarter.

Check out this article: List Of Smart Contract Vulnerabilities & How To Mitigate Them

CeFi Accountable for the Biggest Losses

The CeFi category, which includes projects combining FinTech and DeFi elements, suffered the most significant financial damages. Just two incidents in this category resulted in greater losses than all other project types combined. Additionally, projects related to DePIN and RWA also experienced notable incidents, contributing to the overall financial impact.

Over Half of Funds Stolen Got Recovered

For the second consecutive quarter, the industry has managed to recover over half of the stolen funds. While this may seem promising, the total losses for the two quarters of 2024 are nearly equivalent to the losses for the entire year of 2023. Thus, the seemingly positive trend becomes alarming when viewed from a broader perspective.

Lack of Security Measures in Hacked Projects

Despite nearly half of the affected projects having undergone audits, only four of these audits were relevant. In the majority of cases, there was a concerning absence of adequate security measures. This indicates that the industry is still far from overcoming the safety crisis in crypto.

Conclusions

Fewer Hacks: Q2 2024 saw a significant drop in crypto hacks compared to Q1, indicating improved security.
Rising Financial Losses: Despite fewer hacks, Q2 2024’s total losses nearly matched all of 2023, indicating more severe attacks.
Token Project Vulnerability: The rapid growth in blockchain and DeFi sectors has outpaced security measures, making token projects vulnerable to sophisticated attacks and social engineering.
Improved Fund Recovery: The industry successfully recovered or froze over half of stolen assets for the second quarter in a row, showing progress in response and recovery efforts.

[Download Full Report]