Immunefi published its quarterly report on losses in the crypto sector. $412 million was lost to hacks and frauds, but the overall security situation is improving.
Decentralized Finance (DeFi) is targeted more often, but Centralized Finance (CeFi) saw overwhelmingly the biggest losses, highlighting the importance of self-custody.
Crypto Security Today
Immunefi, the bug bounty platform for blockchain, released a comprehensive report on crypto losses in Q3 2024. The report claims that just under $413 million was lost from the Web3 ecosystem, on its surface a staggering amount. However, ImmuneFi also estimates that nearly $90 billion is locked in the entire industry, making these losses surprisingly light.
Indeed, the security situation is actually improving by wide margins. According to a previous report, Q2 saw $572 million in losses, and Q3 last year saw over $685 million.
In one year, that’s almost a 40% decrease. More than 99% of these losses were due to outright hacks, and frauds are diminishing greatly.
As it turns out, one of the largest hacks in Immunefi’s survey actually took place just a few days before the report. BingX lost $52 million to a hack less than a week ago, which represents 12% of the total amount lost to hacks. Putting aside the WazirX hack in July, the 32 other incidents amounted to 32% of losses.
Growing Stability
In other words, it’s sheer chance that Q3 losses are this high. Frauds are down over 86% in a year, and it’s clear that the crypto security situation is improving in many respects. For example, more than half of losses by chain came from Ethereum and BNB, and several of last year’s biggest losers are no longer represented at all.
“We’re seeing a higher number of incidents targeting DeFi, while CeFi experiences fewer incidents but often with more severe consequences, with hundreds of millions in stolen funds in a single exploit. In CeFi, the biggest infrastructural issue is private key management, which is essential to maintaining the self-custody of crypto assets but is not typically subject to security audits”, Immunefi’s CEO Mitchell Amador, said.
Amador cut right to the heart of the matter. DeFi losses are down nearly 80%, but CeFi losses increased 66%.
A few massive exchange hacks represent the lion’s share of successful thefts, even though more DeFi hacks were attempted. This goes in line with Immunefi’s previous statements that infrastructure vulnerabilities are the real weak point for crypto projects. For these reasons, self-custody is more important than ever.