Access Control Vulnerabilities Cause $1.7 Million in CeFi, DeFi, and Gaming Losses

Access control vulnerabilities have emerged as the leading cause of crypto hacker losses in 2024, accounting for 75% of total damage to the decentralized finance (DeFi), centralized finance (CeFi) and gaming/metaverse sectors, excluding attacks by fishing

According to Hacken, this represents a significant increase from 50% by 2023, with losses linked to unauthorized access and theft of private keys rising to $1.7 billion, up from less than $1 billion the previous year . In contrast, exploits targeting smart contract vulnerabilities contributed only 14% of total losses.

Access control increases in 2024

Hacken’s report revealed that access control attacks were particularly widespread across all Web3 categories in 2024, with CeFi, DeFi, and gaming/metaverse projects being severely affected. At CeFi, major incidents at DMM Exchange and WazirX led to combined losses of more than $500 million. The DeFi sector also suffered from compromised smart contract management, as seen in the Radiant Capital hack, which resulted in $55 million in losses.

The gaming/metaverse space also took significant damage, exemplified by PlayDapp’s $290 million exploit. At the core of these attacks was private key compromise, resulting from weak key management practices, social engineering, and insecure backup methods.

To protect against these threats, Hacken noted that companies must implement advanced multi-signature management, automated incident response and adhere to the Cryptocurrency Security Standard (CCSS) to ensure a secure stronger private key and reduce operational vulnerabilities in Web3.

DeFi losses fall, but gaming and the metaverse still struggle

The DeFi sector saw a notable reduction in total losses in 2024 compared to the previous year. While DeFi-related losses in 2023 rose to $787 million, the 2024 figure saw a 40% reduction, which can largely be attributed to improved security measures across the industry, particularly in decentralized bridges.

In 2024, DeFi witnessed improved inter-chain interoperability, which played a crucial role in mitigating bridge exploits. As bridges have historically been prime targets for hackers, the reduction in losses ($338 million in 2023 compared to just $114 million in 2024) demonstrated the increasing effectiveness of new security protocols.

The report pointed to tools such as Multiparty Computation (MPC) and Zero-Knowledge (ZK) cryptography that have become essential for bridge developers, improving security and making attacks less impactful. These advances have significantly reduced the frequency and severity of exploits targeting cross-chain bridges.

The same cannot be said for the gaming and metaverse sectors which experienced significant losses. In 2024, this Web 3 cohort reported losses of $389 million, accounting for nearly 20% of all crypto hacks. A large portion of these losses stemmed from access control vulnerabilities.

Three major incidents were responsible for $358 million of total losses, accounting for more than 80% of the year’s game and metaverse hacks. The concentration of these losses in the first quarter emphasized the difficulty these projects have in securing access management, especially on newer platforms like Blast, which also encountered multiple carpet runs.

SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).

LIMITED OFFER for CryptoPotato Readers on Bybit – Use this link to register and open a FREE $500 position with any currency!