XT.com, a major exchange with a daily trading volume of $3.4 billion, suspended withdrawals following a suspected $1.7 million hack, bringing attention to the risks faced by centralized platforms. Meanwhile, a report from Immunefi reveals that crypto-related hacks and exploits have led to nearly $1.5 billion in losses so far this year. Although the total losses represent a slight decline compared to 2023, these events serve as a reminder of the persistent threats and the critical need for robust security measures in the digital asset space. Crypto Hacks Near $1.5 Billion in 2024, Undermining Industry Trust The cryptocurrency sector, already grappling with regulatory challenges and wavering investor confidence, faces another blow as cyberattacks and thefts approach a staggering $1.5 billion in total losses for 2024. A report by blockchain security firm Immunefi reveals that in November alone, over $71 million in digital assets were stolen, adding to a year-to-date (YTD) tally of $1.48 billion lost through 209 incidents of hacks and rug pulls. While the 15% decline in losses compared to the same period in 2023 may provide a glimmer of hope, the figures bring attention to the persistent vulnerabilities within the cryptocurrency ecosystem. Mitchell Amador, founder and CEO of Immunefi, issued a stark warning about the evolving tactics of cybercriminals, cautioning that the industry remains “one attack away from massive damage.” The Immunefi report sheds light on some of November’s largest and most damaging incidents. Leading the list was the $25.5 million Thala hack, a farming vulnerability that temporarily compromised the protocol. Fortunately, Thala’s developers managed to recover the stolen assets, mitigating what could have been a catastrophic loss. Trailing closely behind was the $21-million exploit of the DEXX platform on Nov. 18, which impacted over 900 individual investors. These attacks exemplify how hackers continue to adapt their strategies, exploiting weaknesses in decentralized finance (DeFi) protocols and hot wallets. The cumulative losses for the year remain a stark reminder of the industry’s ongoing struggle with security. Since June 2024, the total value of cryptocurrency stolen through hacks and exploits has exceeded $19 billion across 785 reported incidents over the past 13 years, according to industry data. The rapid growth of the cryptocurrency market and decentralized finance has been a double-edged sword. While these developments signal increased adoption and innovation, they also attract sophisticated hackers. The total value locked (TVL) in DeFi has surged by 164% since the end of 2023, creating lucrative targets for cybercriminals. Amador highlighted the paradox: “This rise also highlights the heightened risks, as the increasing amount of funds in the ecosystem creates an even more attractive target for hackers. Vigilance and proactive security measures are essential to protect projects and users moving into 2025.” With the market cap of leading cryptocurrencies like Bitcoin and Ethereum steadily rising, the incentives for cybercriminals to infiltrate wallets, compromise private keys, and exploit protocol vulnerabilities grow correspondingly. For developers and investors, these figures emphasize the importance of prioritizing security infrastructure to protect against future attacks. Despite the modest decline in YTD losses compared to 2023, Amador stressed that the crypto industry cannot afford complacency. “While losses due to crypto hacks have decreased compared to previous years, threats persist, and hackers continue to evolve,” he said. This evolution is evident in the increasingly sophisticated methods used to breach systems and exploit code vulnerabilities. Immunefi’s data reveals that attacks are no longer limited to fringe or poorly-secured projects; even established protocols with significant user bases have been affected. The challenges of safeguarding hot wallets, fortifying DeFi smart contracts, and auditing new blockchain applications remain critical areas of concern. Future Security Measures and Community Collaboration As the crypto ecosystem prepares for 2025, stakeholders are urged to implement more rigorous security measures. Experts recommend regular code audits, multi-signature wallet systems, and robust incident response protocols to minimize potential losses. Furthermore, community-driven initiatives such as bug bounty programs have proven effective in identifying vulnerabilities before malicious actors can exploit them. The Immunefi report serves as a sobering reminder of the stakes involved in the digital asset space. As the industry matures, it must balance innovation with security, ensuring that growth does not come at the expense of user trust. The nearly $1.5 billion in cryptocurrency stolen this year highlights the urgent need for systemic improvements in cybersecurity across the digital asset landscape. While the decline in losses from 2023 indicates progress, the sheer scale of theft is a telling sign of the ongoing risks that investors and developers face. The road to restoring confidence in the sector will require collaborative efforts among developers, auditors, and regulators to build a safer, more resilient crypto ecosystem. With vigilance and proactive measures, the industry can hope to mitigate the persistent threats that continue to tarnish its reputation. However, as Amador aptly puts it, “the industry is always one attack away from massive damage.” XT.com Suspends Withdrawals Following $1.7 Million Hack XT.com, a cryptocurrency exchange boasting a reported daily trading volume of $3.4 billion, has temporarily suspended withdrawals after what appears to be a $1.7 million cyberattack. The exchange, registered in the Seychelles, cited ”wallet upgrade and maintenance” as the official reason for the suspension in its initial announcement on Nov. 28. However, just an hour later, blockchain security firm PeckShield reported signs of a potential hack involving the unauthorized transfer of $1.7 million in digital assets. XT.com later acknowledged the incident, referring to it as an ”abnormal transfer of platform wallet assets.” PeckShield’s analysis revealed that the hacker converted the stolen funds into 461.58 Ether (ETH), which were subsequently transferred to an Ethereum address identified by the security firm. This conversion marks a common tactic among cryptocurrency hackers to obscure the trail of stolen funds and make recovery efforts more challenging. In a follow-up communication, XT.com emphasized that the compromised funds were part of the platform's reserves and reassured users that their holdings were unaffected. “Rest assured, this will not affect our users,” the exchange stated. XT.com also claimed to maintain reserves 1.5 times greater than user assets to ensure security and stability during such incidents. In an effort to reassure its user base and bolster trust, XT.com announced plans to introduce a Merkle tree proof of reserves by mid-December. This system is intended to enhance transparency and provide users with verifiable evidence that their assets are secure. The centralized nature of exchanges like XT.com often makes them prime targets for hackers. With high daily trading volumes and custody of significant reserves, exchanges must balance liquidity requirements with robust security measures. Background on XT.com Founded in 2018, XT.com facilitates trading for over 1,000 cryptocurrencies and claims to be one of the largest exchanges globally by daily trading volume. The platform has garnered attention for its wide range of listed assets and accessibility to users worldwide. However, its reputation now faces scrutiny following this security breach. This is not the first time centralized exchanges have come under fire for security lapses. The XT.com hack shows the importance of stringent security protocols, particularly for platforms handling billions of dollars in user funds. While XT.com’s swift acknowledgment of the incident and pledge to implement proof of reserves is a step in the right direction, the hack raises broader concerns about the security of centralized exchanges. As the crypto industry continues to grow, exchanges must adopt cutting-edge security measures, including regular audits, multi-signature wallets, and real-time monitoring of suspicious activity. Additionally, the adoption of decentralized solutions such as non-custodial wallets may offer an alternative for users seeking greater control over their assets. However, for centralized platforms, incidents like this serve as a reminder of the importance of user education, transparency, and resilience against increasingly sophisticated cyberattacks.
