$488.5M in Stolen Crypto Recovered as 2024 Losses Hit $3B: PeckShield

PeckShield’s latest analysis reveals a troubling spike in crypto-related security breaches in 2024 alongside a bull market.

Despite the grim statistics, recovery efforts have managed to reclaim hundreds of millions in stolen assets.

Crypto Losses in 2024

PeckShield’s 2024 Crypto Security Annual Report reveals that the year witnessed a resurgence in crypto-related breaches, with total losses exceeding $3.01 billion. Of this, $2.15 billion stemmed from hacks, while $834.5 million resulted from scams, representing a 15% increase in losses compared to 2023.

Despite a decline in the number of incidents over the past three years, the financial impact remains significant, particularly in the DeFi sector, which continues to account for the majority of losses. The report highlighted that May was the worst month in 2024 as losses peaked at $662.2 million, followed by $440.8 million in January.

Among the top heists was the DMM Bitcoin breach, which resulted in a loss of $305 million, followed by the PlayDapp exploit with $290 million in loss. On a positive note, recovery efforts managed to reclaim $488.5 million of stolen assets.

Meanwhile, CertiK recently noted that December witnessed a significant drop in crypto-related losses to $28.6 million – the lowest monthly figure of the year. Exploits accounted for $26.7 million, with Gempad suffering the largest single loss at $2.14 million. Despite this decline, phishing scams remain a critical threat, with a top victim losing $7.87 million.

Phishing Still A Concern

For instance, hackers compromised Animoca Brands CEO Yat Siu’s X account, using it to push a fraudulent token and steal $500,000 from crypto users. Meanwhile, a phishing campaign uncovered by SlowMist used fake Zoom links to install malware that harvested crypto wallet details, causing losses of more than $1 million. Stolen funds were then traced to laundering activities on exchanges like Binance and Gate.io, with potential ties to Russian-speaking groups.

More recently, cybersecurity company CrowdStrike identified a phishing campaign in which attackers impersonate the company through fake job offer emails to infect victims with the Monero cryptocurrency miner XMRig.

The phishing emails direct job seekers to download a fake “employee CRM application” from a counterfeit CrowdStrike portal. Once installed, the malicious software performs checks to evade detection and then downloads and runs the XMRig miner in the background, using minimal system resources to avoid suspicion.