Cryptocurrency hacking damages exceed 36 billion yen, with the overwhelming majority of users ignoring security measures

In recent years, security incidents in the cryptocurrency market have been occurring frequently. According to reports from blockchain analysis firms, hackers have stolen approximately $2.2 billion worth of cryptocurrencies in 2024 alone, bringing the total damages to date to $5 billion (about 36 billion yen). Last month, a major CEX was also hacked, resulting in the outflow of about $1.46 billion worth of ETH, setting a new record for a single-token theft. A few weeks later, a cryptocurrency card service company also suffered damages of approximately $49.5 million. These consecutive security incidents highlight that the asset management systems of cryptocurrency platforms are still insufficient.

Background of the Historic Large-Scale Hacking Incidents

Looking back at past security incidents, attack methods vary widely. In the March 2022 Ronin network breach, $625 million was stolen. This attack targeted vulnerabilities in hot wallet security, allowing malicious actors to control validation nodes and execute fraudulent transactions. In the August 2021 Poly network incident, $600 million was stolen, caused by vulnerabilities in smart contract security.

In the 2014 Mt. Gox incident, approximately 850,000 bitcoins (worth about $473 million at the time) were stolen from what was once the world’s largest platform, which subsequently went bankrupt. This incident exposed a lack of monitoring mechanisms and delayed responses to suspicious activities.

The September 2023 breach of the Mixin network resulted in damages of about $200 million, attributed to a database leak from a cloud service provider. Similarly, in March 2023, the Euler Finance incident saw approximately $197 million drained through a flash loan attack.

The Four Main Methods of Hacking

Vulnerabilities in Private Keys and Wallets

Security flaws in hot wallets and nodes are the most common attack vectors. In internet-connected environments, private keys are vulnerable to theft via malware, phishing attacks, or internal platform vulnerabilities. Once leaked, hackers can quickly transfer funds, making recovery impossible.

Smart Contract Flaws

Complex smart contracts, such as cross-chain protocols, often have vulnerabilities in permission management and validation mechanisms. In the Wormhole incident of February 2022, such vulnerabilities led to the theft of $320 million worth of wrapped ETH through infinite minting.

System and Database Breaches

Platform system vulnerabilities and data leaks via cloud services also pose serious risks. Insufficient monitoring can delay breach detection and allow damages to escalate.

Frontend Tampering and Signature Fraud

Recent incidents have involved attacks combining fraudulent display of signing interfaces with tampering of underlying smart contract logic. Even with cold wallets, if developer machines or security credentials are compromised, hackers can sign malicious transactions.

Five Defensive Strategies Users Should Implement Immediately

1. Choose Trustworthy Platforms

Select platforms with a clear security track record and transparent security measures. Reviewing past compensation records and security audits is crucial.

2. Transfer Assets to Cold Storage

Storing important cryptocurrencies in cold wallets (offline storage) is essential. Being offline significantly reduces the risk of online attacks.

3. Enforce Multi-Factor Authentication (2FA)

Binding accounts to mobile phones, email, or dedicated authenticators adds layers of protection during login. Regularly monitoring account activity to detect suspicious transactions is also vital.

4. Diversify Asset Storage

Avoid concentrating all assets on a single platform or wallet. Keep most assets in cold wallets and use smaller amounts on exchanges for daily transactions. Diversification helps prevent total loss in case of a platform failure.

5. Avoid Unconditional Trust

The key feature of cryptocurrencies is their verifiability. Do not blindly trust any third party, including wallet developers’ software or hardware. Assume your device is “not fully secure” and verify each transaction manually.

The Current Critical Situation

Studies show that 90% of cryptocurrency users do not implement basic security measures. This is a highly concerning situation. As hacking techniques continue to evolve, platform security alone is insufficient.

In Conclusion

Cryptocurrency security is not just reactive but requires proactive strategies. Developing daily security habits, gradually enhancing defenses, and preventing risks at each stage are the only ways to minimize damages. Protect your assets yourself—this is the fundamental principle for cryptocurrency users.