Access Control Weaknesses Cause $1.7B in Losses in CeFi, DeFi and Gaming

Access control weaknesses emerged as the leading cause of crypto hack losses in 2024, accounting for 75% of total losses in the decentralized finance (DeFi), centralized finance (CeFi) and gaming/metaverse sectors, excluding phishing attacks.

According to Hacken, this represents a growth of more than 50 percent by 2023, with losses related to unauthorized access and private key theft rising to $1.7 billion, down from $1 billion last year. In contrast, exploits targeting smart contract vulnerabilities introduced only 14 percent of total losses.

Access control will use a significant increase in 2024

According to Hackin's report, access control attacks will spread across all Web3 categories by 2024, with significant impact on SeFi, DeFi, and Game/Metaverse projects. Major incidents at SeFi, DMM Exchange and WazirX resulted in losses of more than $500 million. As seen in the Radiant Capital hack, the DeFi sector was hit by botched smart contract management, resulting in $55 million in losses.

The gaming/metaverse space, exemplified by the $290 million PlayDapp exploit, has taken a hit. At the core of these attacks was private key compromise resulting from poor key management practices, social engineering, and unreliable backup methods.

To protect against these threats, Hacken says businesses need to implement advanced multi-sig management, automated threat response, and Cryptocurrency Security Standard (CCSS) compliance to ensure strong private key security and mitigate operational vulnerabilities on the Web3.

DeFi losses fall but gaming and Metaverse are still struggling.

The Diffie sector in 2010 2024 showed a significant reduction in total losses compared to the previous year. In the year In 2023, defray-related losses rose to $787 million, with the 2024 figure showing a 40% drop, mainly due to improved security measures in the sector, especially in decentralized bridges.

In the year In 2024, DeFi saw the improvement of cross-chain mechanism which played a crucial role in tackling bridge exploits. As bridges have historically been a major target for hackers, the reduction in losses — $338 million in 2023 compared to $114 million in 2024 — reflects the growing effectiveness of new security protocols.

The report points to tools such as multi-party computation (MPC) and zero-knowledge (ZK) encryption that are important to bridge builders, improving security and reducing the impact of attacks. These developments have greatly reduced the frequency and severity of exploits targeting cross-chain bridges.

The same can't be said for the game and the metaverse sectors that suffered huge losses. In the year By 2024, this group of 3 sites recorded losses of $389 million, accounting for 20 percent of all crypto hacks. Most of these losses stem from access control weaknesses.

Three major incidents accounted for more than 80% of the $358 million in total losses for the game and the year's various hacks. The focus of these losses in Q1 underscores the difficulty these projects face in maintaining access management, especially on new platforms such as Blast, which have also experienced multiple carpet drags.