Cybercriminals targeting cryptocurrencies continue to undermine the industry's credibility, with nearly $1.5 billion stolen through cyberattacks so far in 2024.
According to a report from Immunefi, hackers made off with over $71 million in November alone, pushing the total value of digital assets stolen this year to $1.48 billion across 209 separate incidents. While this represents a 15% decline compared to the same period in 2023, when losses exceeded $1.75 billion, the industry remains far from secure.
Mitchell Amador, CEO of Immunefi, warned that the sector is constantly at risk of a major attack. Despite the decline in losses, hackers continue to refine their tactics, exploiting weaknesses in projects, compromising wallets, and uncovering vulnerabilities. He emphasized the need for vigilance, as one significant breach could cause severe damage to the ecosystem.
The rise in cryptocurrency valuations and the increasing total value locked (TVL) in decentralized finance (DeFi) protocols make the space an even more enticing target. The TVL has grown by more than 164% since late 2023, amplifying risks for both investors and developers. Amador highlighted the necessity for robust security measures, noting that the escalating value in the ecosystem demands heightened protection to safeguard projects and users as 2025 approaches.
Among the largest incidents in November was the $25.5 million Thala attack, which targeted a farming vulnerability but ultimately saw all stolen assets recovered. Another major event was the $21 million DEXX hack on November 18, impacting more than 900 investors.
Avraham Eisenberg, known for orchestrating the 2022 Mango Markets exploit, has been handed a 52-month prison sentence—but not for his crypto-related activities.
Loopscale, a decentralized finance platform built on Solana, was forced to pause its lending operations after a major security breach led to losses of around $5.8 million.
Alex Mashinsky, co-founder and former CEO of the defunct crypto lending platform Celsius, is scheduled to be sentenced on May 8, 2025, following his guilty plea to two federal criminal charges late last year.
A decentralized exchange targeted in a multi-million-dollar exploit has recovered its losses just days after the incident, thanks to an unexpected twist involving the hacker themselves.