There were $413 million in crypto losses due to hacks and scams in Q3, according to Immunefi.

Crypto Industry Loses $413 Million to Hacks and Scams in Q3 2024

The cryptocurrency industry suffered $413 million in losses from hacks and scams during the third quarter of 2024, according to a report from web3 security platform Immunefi. These losses occurred across 34 incidents, marking a 28% decrease from Q2’s $573 million in losses and a 40% drop compared to the $686 million lost in Q3 2023.

So far in 2024, over $1.3 billion has been lost to hacks and fraud, a slight 4% decrease compared to the same period in 2023. The DeFi sector remains a prime target for hackers, with $90 billion in total value locked in web3 protocols, according to DeFiLlama. Of the 34 incidents reported by Immunefi, 31 involved decentralized finance (DeFi) platforms. However, centralized finance (CeFi) suffered more severe financial losses, accounting for 74.8% of the stolen funds, while DeFi accounted for 25.2%.

Immunefi’s founder and CEO, Mitchell Amador, noted that while DeFi experiences more frequent attacks, CeFi tends to suffer larger individual losses. The biggest issue in CeFi is poor private key management, a vital component for crypto asset custody.

Notable Incidents and Trends in Q3 2024

Two major exploits accounted for 69.5% of the total losses, or $287 million. The largest was a $235 million hack of Indian crypto exchange WazirX on July 18. Another $52 million was stolen from Singapore-based exchange BingX in September.

July saw the highest losses, totaling $282 million, while August registered a sharp drop to just $15 million. However, September brought another spike, with $116 million in losses. Only $14.9 million of the stolen funds were recovered, with Ronin Network and ShezmuTech responsible for partial fund recoveries.

Hacks Continue to Dominate

Hacks were responsible for 99.3% of the Q3 losses, with fraud and scams accounting for just 0.7%. Ethereum and BNB Chain remained the most targeted networks, with Ethereum experiencing 15 incidents and BNB Chain eight. Other blockchains targeted included Base, Blast, Solana, and Arbitrum.

Immunefi has paid out more than $100 million in bounties to ethical hackers and researchers since its launch, based on over 3,000 bug bounty reports. One of the largest payouts was $10 million for a vulnerability found in Wormhole's cross-chain protocol.