In December 2024, crypto-related hacks, scams, and exploits resulted in losses amounting to $29 million, marking the lowest monthly total of the year. Blockchain security firm CertiK reported $28.6 million in losses due to such incidents, a significant drop from $63.8 million in November and $115.8 million in October. Most losses in December stemmed from exploits, which accounted for $26.7 million.
Among the major incidents, a decentralized finance (DeFi) platform named GemPad suffered a loss of $2.1 million after an attacker exploited a vulnerability in its smart contracts. Another incident involved the DeFi project FEG, where a hacker managed to withdraw $1 million by exploiting a flaw in the token bridge, attributed to an error in the crosschain message verification process.
PeckShield, another blockchain security firm, also released data showing similar trends. Their records indicated $24.7 million in hack losses for December, reflecting a 71% decrease from November levels. One significant breach involved the Password management service LastPass, where hackers drained $12.3 million from users, believed to be linked to a data breach back in December 2022.
PeckShield also highlighted a December 2 breach at DeFi market protocol Yei Finance, which resulted in $2.2 million in losses. Meanwhile, Cyvers’s Web3 Security Report revealed that throughout 2024, approximately $2.3 billion worth of crypto was stolen over 165 incidents, representing a 40% increase from 2023. Nonetheless, this was still notably less than the $3.78 billion stolen in 2022. Cyvers’ co-founder and CEO, Deddy Lavid, attributed the rise in 2024 to a surge in access control breaches, primarily affecting centralized exchanges and crypto custodians.