Nearly $1,700,000,000 in Crypto Lost Through Private Keys Theft As Access Control Exploits Becomes Major Threat

New data from cybersecurity firm Hacken reveals that $1.7 billion worth of crypto assets were lost through the theft of private keys in 2024.

In its 2024 Web3 Security Report, Hacken says that the theft of private crypto keys remains the most “significant” threat to crypto investors.

According to Hacken, the number of smart contract exploits pale in comparison to how often private crypto keys are stolen.

“In 2024, access control exploits – closely tied to private key compromises – accounted for nearly of total crypto hack losses, up from 50% in 2023.

This translates to nearly lost across Web3, a sharp increase from less than $1 billion the previous year. 75% $1.7 billion In comparison, smart contract vulnerability exploits contributed just 14% of the total losses in 2024, underscoring the dominant threat posed by unauthorized access and private key theft.”

Private keys are strings of letters, words, and numbers generated by crypto wallets used to authorize transactions and prove ownership. They help encrypt data and assets to protect them from being stolen.

The cybersecurity firm goes on to note four reasons why people tend to get their private keys stolen – using an insecure management platform, being tricked by social engineering campaigns, insecure backups of data, and vulnerabilities within single-signature schemes of crypto wallets.

According to Hacken, the largest exploit of 2024 was the hack of centralized Indian crypto exchange WazirX, which saw over $230 million worth of digital assets stolen.

“Despite employing a robust multiparty security system, the exchange suffered a breach due to unauthorized fund movements from their wallets. WazirX utilized a Gnosis Safe multisig wallet requiring 4 out of 6 signatures for transactions.

Five of the keys were managed by WazirX, while the sixth was held by Liminal, a digital asset custody provider. The attacker managed to manipulate the system, obtaining signatures from three WazirX signers and one from Liminal, allowing them to upgrade the wallet to a malicious contract and siphon off the funds.”

Generated Image: Midjourney

Source