Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
Cloud Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
Cloud Penetration Testing
Secure your cloud with Hacken's expert penetration testing. Our certified team delivers tailored security solutions for AWS, Azure, Kubernetes, and more, ensuring your data's safety.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

Web3 Security Report: Q2 2024

Web3 Security Report: Q2 2024

2 minutes

With several landmark events occurring in the crypto space this quarter, indicating a path towards a regulated future, we continue to closely monitor hacks and scams to assess the industry’s state of security and observe emerging trends. This time, we teamed up with the HackenProof research team to analyze the data and provide the community with valuable insights. In the second quarter, we have seen both promising signs of major fund recoveries and the continuation of alarming trends where projects neglect security best practices.

Highlights

$512,928,000 stolen in Q2.
$397,291,000 lost to Access Control attacks.
$347,431,288 recovered.
$300,000,000 stolen in the biggest hack of the quarter.

Key Observations

Attack Vectors Remain Diverse (or – Decline in Rug Pull Rate)

Hackers and bad actors continue to employ a wide range of attack vectors, with access control attacks causing the industry’s biggest losses, totaling $397M. Notably, rug pulls that were prevalent in 2023 are the least damaging type of attack this quarter.

CeFi Accountable for the Biggest Losses

The CeFi category, which includes projects combining FinTech and DeFi elements, suffered the most significant financial damages. Just two incidents in this category resulted in greater losses than all other project types combined.

Over Half of Funds Stolen Got Recovered

For the second consecutive quarter, the industry has managed to recover over half of the stolen funds. While this may seem promising, the total losses for the two quarters of 2024 are nearly equivalent to the losses for the entire year of 2023. Thus, the seemingly positive trend becomes alarming when viewed from a broader perspective.

Lack of Security Measures in Hacked Projects

Despite nearly half of the affected projects having undergone audits, only four of these audits were relevant. In the majority of cases, there was a concerning absence of adequate security measures. This indicates that the industry is still far from overcoming the safety crisis in crypto.

Conclusions

Fewer Hacks: Q2 2024 saw a significant drop in crypto hacks compared to Q1, indicating improved security.
Rising Financial Losses: Despite fewer hacks, Q2 2024’s total losses nearly matched all of 2023, indicating more severe attacks.
Token Project Vulnerability: The rapid growth in blockchain and DeFi sectors has outpaced security measures, making token projects vulnerable to sophisticated attacks and social engineering.
Improved Fund Recovery: The industry successfully recovered or froze over half of stolen assets for the second quarter in a row, showing progress in response and recovery efforts.

[Download Full Report]