2024 Blockchain Security in Review: Key Lessons Learned

2024 was a big year for blockchain and DeFi hackers. In total, an estimated $2.2 billion was stolen from crypto projects as of December 19th. This represents an over 20% increase compared to the $1.8 billion of 2023 but is dwarfed by losses in 2021 and 2022. However, 2024 did have the most hacks to date with 303, beating out 2023’s 283 (the previous record).

The root cause of a blockchain hack depends on the vulnerabilities that are available for an attacker to exploit. However, some significant trends were present in 2024’s hacks, providing hints about how similar future incidents could be averted.

Compromised Accounts are a Widespread Threat

In 2024, compromised accounts made up the majority of hacks and over 80% of the value stolen. This threat includes compromised private keys and signatures.

Private keys lie at the root of a blockchain account’s security model. Anyone with the correct private key can generate legitimate signatures on a blockchain transaction. Attackers can use various methods to steal these keys, including:

• Social Engineering: Social engineering attacks trick a user into handing over sensitive information like a private key. This could include phishing emails, malicious links on social media, or pretexts such as fake airdrops that require connecting a wallet to a phishing site.

• Malware: Malware installed on a user’s computer — often via a social engineering attack — can collect private keys on that device. These keys can then be exfiltrated to an attacker and used to sign malicious transactions.

• Compromised Passwords: Many blockchain users store their private keys with a third-party custodian like Coinbase. If their password is phished or guessed by an attacker, the attacker can access their account.

• Data Breaches: The LastPass hack is an example of a data breach that resulted in compromised private keys. Attackers have stolen an estimated $45 million to date by guessing the master passwords for password vaults leaked in a data breach.

However, stealing private keys isn’t the only way that an attacker can get the digital signatures that they need. Another option is to trick users into signing malicious transactions themselves.

Often, this is accomplished using malware that makes the user believe that the transaction is legitimate while using their private keys to approve a malicious transaction. This was the case in the WazirX hack, one of the largest of 2024. The crypto exchange had security best practices in place — multi-sig wallet, address whitelisting, and hardware wallets — but was compromised by an attacker who made transactions transferring control of a vital smart contract appear to be benign.

North Korea Behind Many Crypto Hacks

The sheer number and variety of DeFi hacks demonstrate that there are many people out there willing to exploit smart contract vulnerabilities and other security flaws for a payoff. However, 2024 demonstrates that some of these threat actors are better at pulling off these heists than others.

In 2024, North Korean hackers, including the Lazarus Group, were the clear frontrunners in crypto hacks. These groups stole an estimated $1.3 billion in crypto across 47 incidents this year. 

This represents over 61% of known losses for the year and 20% of all incidents. The groups were behind some of the largest attacks of the year, including those against DMM Bitcoin and WazirX.

North Korean groups like the Lazarus Group specialize in sophisticated social engineering attacks. For example, a common tactic is a fake job interview in which a developer is instructed to download and run some code to help demonstrate their skills. Buried in this code is malware designed to steal private keys, granting the attacker control over the user’s accounts and any smart contracts that they might manage.

Centralized Exchanges Lost Big

Historically, the majority of large-scale blockchain hacks targeted DeFi protocols. These commonly hold large amounts of crypto and can contain smart contract vulnerabilities or logical errors that an attacker can exploit.

However, in 2024, centralized cryptocurrency exchanges (CEXs)  were the victims of some of the year’s biggest hacks. For example, DMM Bitcoin lost $305 million in May, and WazirX suffered $234.9 million in losses in July.

In many cases, these hacks involve compromised private keys that grant attackers access to the exchange’s hot wallets. Most exchanges hold significant liquidity in these wallets, making them a prime target for attack.

Lessons Learned from 2024’s Biggest Hacks

2024 set the record for the most blockchain hacks in a year and outpaced 2023 in terms of the total amount of crypto stolen. Some key lessons learned to take from this year’s breaches include:

1. Private key security is vital. Some of the biggest crypto hacks of 2024 involved a hot wallet with a compromised private key. Using multi-sig or MPC wallets can increase the complexity of these hacks.

2. Use strong passwords. Some significant crypto heists in 2024 took advantage of weak passwords, including the latest iteration of the LastPass hack. Using strong passwords for all accounts with access to private keys — and changing these credentials if they are potentially exposed in a breach — can help to protect crypto against potential theft.

3. Be wary of interview tests. Malicious code built into an interview test for a fake job is a common tactic for threat actors. Use hardware wallets to protect private keys and run downloaded code in a sandboxed environment.

4. Malware enables deceptive transactions. Some cybercrime groups use malware to trick users into signing malicious transactions. Defensive measures include robust antimalware, multi-signature protocols, and an in-depth review of high-value transactions before submitting them.

5. Smart contract audits are always wise. While compromised keys were the leading cause of hacks, several protocols suffered losses due to exploited vulnerabilities. All code should be audited before deployment on-chain to reduce the risk of an expensive hack.

In 2024, compromised private keys were the main threat. To learn more about how to properly secure your private keys, check out these best practices. For help in securing your project against smart contract vulnerabilities and other common threats, reach out to Halborn.