TechFlow news — On January 5, blockchain security firm SlowMist released its "2024 Blockchain Security and Anti-Money Laundering Annual Report," which highlights the following key findings:
- According to data from the SlowMist Hacked incident database, there were 410 blockchain security incidents in 2024, resulting in total losses of $2.013 billion. Compared to 2023 (464 incidents, ~$2.486 billion in losses), this represents a 19.02% year-on-year decrease in financial damage. There were 30 incidents with individual losses exceeding $1 million, totaling $171 million in losses. The average victim lost $5.7 million, with the largest single theft amounting to $55.48 million.
- In terms of root causes, smart contract vulnerabilities led to the highest number of incidents (99 cases), causing approximately $214 million in losses. DeFi remained the most frequently targeted sector, accounting for 339 incidents (82.68% of all incidents) and $1.029 billion in losses—an increase of 33.12% compared to the previous year.
- By ecosystem, Ethereum suffered the highest losses at $465 million, followed by BSC at $87.35 million.
- By time period, Q1 experienced the heaviest losses—$187 million affecting 175,000 victims. Combined losses in Q2 and Q3 reached $257 million, with victim numbers dropping to 90,000. In Q4, losses decreased further to $51 million impacting only 30,000 victims, indicating an overall improvement in security resilience.
The top 10 highest-loss attacks in 2024 and their associated amounts include: DMM Bitcoin ($305 million), PlayDapp ($290 million), WazirX ($230 million), BtcTurk ($90 million), Munchables ($62.5 million), Radiant Capital ($50 million), BingX ($45 million), Hedgey Finance ($44.7 million), Penpie ($27.35 million), and FixedFloat ($26.1 million).
- In 2024, there were 58 Rug Pulls, resulting in ~$106 million in losses. The ZKSync ecosystem incurred the highest losses—$36.95 million—while BSC saw the most rug pulls, with 28 incidents.
- Wallet phishing attacks caused approximately $494 million in losses in 2024, a 67% increase year-on-year. The largest single theft via phishing reached $55.48 million, marking a significant rise in attack severity.
The report also provides detailed analysis on specific fraud tactics, anti-money laundering efforts, and regulatory trends. Out of the 410 security incidents, only 24 resulted in full or partial fund recovery after attacks. Based on disclosed data, approximately $166 million was returned, representing 8.25% of total losses (~$2.013 billion).




