Ethereum contributed to more than 50% of the $2.3 billion lost to hacks and exploits in 2024

Bad actors have stolen approximately $2.3 billion from web3 projects, with Ethereum being responsible for more than half of the total losses.
According to the 2024 State of Web3 Security report by Cyvers, 51% of the stolen funds came from Ethereum-based projects, mainly due to its prominent role in DeFi and its high liquidity.
BNB Chain was the second most targeted blockchain, accounting for 24% of the losses, while Bitcoin, XRP, and Arbitrum accounted for 5%, 4%, and 3% respectively.
Access control failures were responsible for 81% of the total funds lost in 2024, primarily due to weak authentication and permission mechanisms. Smart contract vulnerabilities, which accounted for 19% of the losses, exploited loopholes in the code to drain funds.
The three largest Web3 hacks in 2024 were the $305 million DMM Bitcoin exploit, the $290 million PlayDapp breach, and the $235 million WazirX attack. Each of these incidents was a result of vulnerabilities in access control mechanisms.
Other incidents involving multimillion-dollar losses included the exploit of Muchables, an Ethereum-based project that lost $97 million after a rogue developer exploited smart contract vulnerabilities. Additionally, address posing attacks accounted for $68 million in losses.
“Many Web3 projects still fail to implement proper security protocols to safeguard user assets. Even a single flaw in a smart contract can have catastrophic consequences, and 2024 was evidence of that,” the report stated.
Crypto losses increased quarter by quarter throughout 2024, with Q3 being the most damaging, resulting in $669 million in losses. Q4 had the fewest number of incidents, with losses amounting to $130 million.
Recovery efforts had mixed results, with $620 million reclaimed in Q1 and $562 million in Q2. However, recoveries sharply declined in the second half of the year, with only $93 million recovered in Q3 and $25 million in Q4.
“While early intervention can help recover stolen assets, delays often allow funds to disappear before authorities and security teams can take action,” the report added.
To combat the growing threats, Cyvers urged for the standardization of continuous monitoring and real-time vulnerability testing, as well as the adoption of AI-powered detection mechanisms.
A previous report from Web3 security firm PeckShield highlighted a 15% surge in crypto hacks and scams in 2024, with decentralized finance protocols being the primary targets.