From cointelegraph by Josh O'Sullivan

Decentralized finance (DeFi) security experienced 40% fewer financial losses in 2024 than in the previous year due to improved protocols, stronger bridges, and advanced cryptographic measures.

According to block security firm Hacken’s annual Web3 Security Report, DeFi’s strengthened security measures through 2024 arrived in tandem with centralized finance (CeFi) facing a bleak reflection of the year.

CeFi breaches more than doubled while losses surged to $694 million as centralized exchanges became primary targets for access control vulnerabilities and other critical security risks.

The report’s findings detail a stark difference between DeFi’s progress and CeFi’s struggles, providing a critical lens of both spaces as the vulnerabilities of centralization become clearer.

Related: Crypto hacks wipe out $2.3B in 2024, marking 40% YoY surge

DeFi security pump

Hacken’s 2024 report shows a steep drop in financial losses in 2024 for DeFi, falling from $787 million lost in 2023 to $474 million in losses this year.

The findings note that bridge-related exploits, a historical major vulnerability in DeFi, have dramatically declined from $338 million in 2023 to just $114 million in 2024.

Despite DeFi improvements, such as multiparty Computation (MPC) and zero-knowledge proofs (ZKPs), challenges persist, as seen in access control vulnerabilities accounting for nearly half of all DeFi losses — like the Radiant Capital $55 million hack.

Related: USDX built to support DeFi ecosystem growth: Hex Trust CEO

CeFi breaches on the rise

According to the Hacken report, CeFi’s experiences in 2024 starkly contrast the improvements seen in DeFi, witnessing more than double its 2023 financial losses to $694 million this year.

The surge in breaches is attributed largely to access control exploits and notable incidents like the DMM Exchange hack in the second quarter and the WazirX hack in the third quarter.

These hacks involved compromised private keys and multisignature vulnerability exploits, facilitating the theft of $305 million and $230 million, respectively, from the exchanges.

Dyma Budorin, co-founder and CEO at Hacken, told Cointelegraph that the report’s findings highlight “critical gaps” in CeFi operational security, mainly driven by “poor private key management, weak multisig setups, and centralized control vulnerabilities.”

Related: North Korean hackers stole $1.3B in crypto in 2024 — Chainalysis

Lessons to be learned

The significant difference in financial losses between the DeFi and CeFi sectors highlights an opportunity for improvement in both industries. 

Budorin said that attackers exploit gaps in security setups and that it is critical “to adopt stricter key management practices and automated monitoring” systems to mitigate these risks.

The risks highlighted by the Hacken CEO can be seen in effect in the Chainalyis’ Dec. 19 report that said North Korean hackers stole over $1.3 billion in crypto assets this year across 47 incidents.