• Hacken
  • Blog
  • Insights
  • Web3 Security Report: Q2 2024

Web3 Security Report: Q2 2024

2 minutes

With several landmark events occurring in the crypto space this quarter, indicating a path towards a regulated future, we continue to closely monitor hacks and scams to assess the industry’s state of security and observe emerging trends. This time, we teamed up with the HackenProof research team to analyze the data and provide the community with valuable insights. In the second quarter, we have seen both promising signs of major fund recoveries and the continuation of alarming trends where projects neglect security best practices.


  • $512,928,000 stolen in Q2.
  • $397,291,000 lost to Access Control attacks.
  • $347,431,288 recovered.
  • $300,000,000 stolen in the biggest hack of the quarter.

Key Observations

Attack Vectors Remain Diverse (or – Decline in Rug Pull Rate)

Hackers and bad actors continue to employ a wide range of attack vectors, including price oracle issues and flash loan attacks. Access control attacks remain the industry’s biggest losses, totaling $397M. Notably, rug pulls that were prevalent in 2023 are the least damaging type of attack this quarter.

Check out this article: List Of Smart Contract Vulnerabilities & How To Mitigate Them

CeFi Accountable for the Biggest Losses

The CeFi category, which includes projects combining FinTech and DeFi elements, suffered the most significant financial damages. Just two incidents in this category resulted in greater losses than all other project types combined. Additionally, projects related to DePIN and RWA also experienced notable incidents, contributing to the overall financial impact.

Over Half of Funds Stolen Got Recovered

For the second consecutive quarter, the industry has managed to recover over half of the stolen funds. While this may seem promising, the total losses for the two quarters of 2024 are nearly equivalent to the losses for the entire year of 2023. Thus, the seemingly positive trend becomes alarming when viewed from a broader perspective.

Lack of Security Measures in Hacked Projects

Despite nearly half of the affected projects having undergone audits, only four of these audits were relevant. In the majority of cases, there was a concerning absence of adequate security measures. This indicates that the industry is still far from overcoming the safety crisis in crypto.


  • Fewer Hacks: Q2 2024 saw a significant drop in crypto hacks compared to Q1, indicating improved security.
  • Rising Financial Losses: Despite fewer hacks, Q2 2024’s total losses nearly matched all of 2023, indicating more severe attacks.
  • Token Project Vulnerability: The rapid growth in blockchain and DeFi sectors has outpaced security measures, making token projects vulnerable to sophisticated attacks and social engineering.
  • Improved Fund Recovery: The industry successfully recovered or froze over half of stolen assets for the second quarter in a row, showing progress in response and recovery efforts.

[Download Full Report]

to our newsletter

Be the first to receive our latest company updates, Web3 security insights, and exclusive content curated for the blockchain enthusiasts.

Speaker Img

Table of contents

  • Highlights
  • Key Observations
  • Conclusions

Tell us about your project

Follow Us

Read next:

More related

Trusted Web3 Security Partner