New data reveals the blockchains most hit by scammers – Ethereum named the most vulnerable
- New data has revealed which crypto blockchains have been targeted the most by scammers over the last year – with Ethereum the most affected.
- Although centralized exchanges (CEXs) have been the victim of the largest losses.
- Over $1.2 billion has been lost so far this year to scams and hacks.
New data has revealed which cryptocurrency blockchains were most targeted by scammers in 2024. Ethereum was named the most affected, with more than $228 million lost.
According to a new analysis of the REKT Database from Kryptocasinos.com, cryptocurrency users have lost more than $1.2 billion due to exploits and scams in 2024 so far, with access control exploits and phishing scams proving most prevalent.
Largest funds lost by Blockchain
Rank |
Blockchain |
Percentage of total losses |
Funds lost ($) |
1 |
Centralized exchange (CEX) |
50.13% |
640,000,000 |
2 |
Ethereum |
17.91% |
228,627,141 |
3 |
Other |
9.97% |
127,250,000 |
4 |
Binance |
7.04% |
89,851,948 |
5 |
Blast |
5.04% |
64,359,575 |
6 |
Arbitrum |
3.02% |
38,619,577 |
7 |
Bitcoin |
2.05% |
26,130,157 |
8 |
Optimism |
1.58% |
20,180,264 |
9 |
Polygon |
1.32% |
16,842,814 |
10 |
Ronin |
0.76% |
9,700,000 |
The biggest target for hackers in 2024 so far has been centralized exchanges (CEX) (although not technically a blockchain, CEXs utilize the technology to validate transactions), which accounted for a staggering 50.13% of the total funds lost. These platforms lost $640,000,000 in total.
Ethereum, one of the most well-known and widely used decentralized blockchains, saw significant losses amounting to $228,627,141, representing 17.91% of all the stolen funds in 2024. Ethereum, the leading platform for decentralized applications (dApps) and DeFi (decentralized finance), remains attractive to hackers due to its vast user base, frequent usage, and complex smart contracts, which often have exploitable loopholes.
The category of ‘other blockchains,’ which includes a variety of smaller or newer blockchain platforms, collectively accounted for 9.97% of the losses, with a total of $127,250,000 lost. These blockchains, while innovative, tend to be less secure, as they often lack the maturity and development rigor seen in larger networks like Ethereum or Bitcoin.
Binance Smart Chain (BSC), the blockchain associated with one of the world’s largest cryptocurrency exchanges, saw $89,851,948 in losses, making up 7.04% of the total. Binance’s fast transaction times and low fees have made it popular, particularly in the DeFi space, but its high usage has also exposed it to numerous attacks, particularly on decentralized apps and smart contracts running on the network.
Blast, a lesser-known but growing blockchain network, faced losses totalling $64,359,575, which is 5.04% of all losses. As Blast gains attention for its speed and efficiency in processing transactions, the rise in popularity has also attracted hackers, resulting in several security breaches throughout 2024.
Top 10 projects by funds lost
Rank |
Project |
Scam Type |
Funds lost |
1 |
DMM Bitcoin |
Access control |
300,000,000 |
2 |
WazirX |
Access control |
230,000,000 |
3 |
Chris Larsen (Ripple) |
Access control |
112,500,000 |
4 |
Munchables |
Access control |
62,500,000 |
5 |
BitForex |
Rugpull |
56,000,000 |
6 |
Phishing on DSProxy |
Phishing |
55,000,000 |
7 |
BingX |
Other |
52,000,000 |
8 |
PlayDapp |
Access control |
32,350,000 |
9 |
Penpie |
Reentrancy |
27,000,000 |
10 |
Fixed Float |
Access control |
26,130,157 |
The research also analyzed the individual projects and people that were targeted by hackers in 2024. The largest being DMM Bitcoin a centralized cryptocurrency exchange in Japan, experienced a significant hack, resulting in an estimated $300 million loss, marking the third-largest theft in history. DMM Bitcoin acknowledged the hack and took steps to secure deposits and investigate the breach, though it did not disclose the cause. Potential causes include exposed private keys, compromised signing processes, or address poisoning, though the exact method remains undetermined.
WazirX, a leading cryptocurrency exchange in India, was hit by a massive $230 million hack that also exploited flaws in access control mechanisms. Like the DMM Bitcoin attack, this was also an access control attack.
The third largest attack was a high-profile breach targeting Chris Larsen, co-founder of Ripple. Hackers exploited access control weaknesses to siphon off $112.5 million. Such an attack underscores the vulnerability of even prominent figures in the cryptocurrency space.
Munchables, another project targeted through an access control breach, lost $62.5 million in this attack.
BitForex was the fifth largest scam. The cryptocurrency exchange shut down access to its platform after a suspicious outflow of approximately $56,000,000 across several blockchains. CloudFlare's DDoS protection service blocked users attempting to log in. The exchange stopped processing withdrawals and has not been responding to customer support inquiries. This was an exit scam, also known as a rug pull.
A spokesperson from Kryptocasinos.com commented: “ These statistics for 2024 underline the persistent and evolving nature of security threats in the blockchain space, with both well-established networks like Ethereum and Bitcoin, as well as emerging platforms like Blast and Ronin, facing significant losses. As the blockchain industry continues to grow, securing these networks remains one of the biggest challenges.”