-
Losses in crypto security incidents in Q1 nearly doubled compared to Q1 2024.
-
A continued dominance of so-called access control attacks has raised concerns.
-
Behind Q1’s alarming hack numbers, there was at least one positive trend.
The cryptocurrency industry is no stranger to hacks and scams, but Q1 was particularly rough, and that might be putting it mildly.
$2 billion.
That’s how much was lost in crypto security incidents in Q1, according to a Tuesday security report from Web3 security outfit Hacken. For context, the figure represents a 96% increase over what the industry lost in Q1 2024 and is almost equivalent to the $2.25 billion lost in the whole of 2024.
Don’t Miss:
Of the $2 billion lost in Q1, over $1.6 billion was lost to so-called access control exploits, over $300 million was lost to rug pulls, over $96 million was lost to phishing scams, and over $29 million was lost to smart contract vulnerabilities.
The dominance of access control exploits is significant as a variation of it has led to the largest exploits for three consecutive quarters.
Access control exploits see bad actors target the infrastructure surrounding a project, like its website front-end, to gain access and steal user funds. In the past three quarters, it has proved particularly effective in targeting Safe multi-sig crypto wallets, which are thought to provide additional security by eliminating a single point of failure.
Trending: BlackRock is calling 2025 the year of alternative assets. One firm from NYC has quietly built a group of 60,000+ investors who have all joined in on an alt asset class previously exclusive to billionaires like Bezos and Gates.
As highlighted by Hacken, access control exploits targeting Safe multi-sigs were behind the $235 million WazirX exploit in Q3 2024, the $55 million Radiant Capital exploit in Q4 2024, and the infamous $1.5 billion Bybit hack in Q1, the largest in the quarter by far and the largest exploit in history.
According to Hacken, the trend highlighted a failure to secure the surrounding infrastructure around these multi-sigs as much as the smart contracts behind the wallet. Security practices suggested by the firm included implementing human-readable signing to allow signers to see clearly the details of the transaction they are consenting to, securing off-chain components like web interfaces, and promoting operational discipline among signers.
