In recent years, virtual asset service providers (VASPs) have been at pains to introduce measures to enhance security. For centralised exchange services (CEX), the effect has been noticeable.
Prior to that, in 2018, there were seven hacks of CEXs with a total value of $1.07 billion, over half of which was attributable to the $534 million theft of funds from Japan-based CoinCheck in January 2018.
* Bitrue, which lost $23 million in an [exploit in April.](https://decrypt.co/136751/hacker-robs-bitrue-23m-ethereum-shib-assets)
* GDAC, a Korean exchange which [lost $13 million in a hack](https://support.gdac.com/hc/ko/articles/17426542766873), also in April.
Implementing stronger Security Measures**
More broadly - and as Hoptrail pointed out recently - onchain theft is not as fruitful an avenue for bad actors as before. Stolen funds are under constant monitoring by law enforcement, analytics and security firms, onchain sleuths, and disgruntled victims. Its increasingly difficult to cash out. In a recent example, hackers ended up handing back most of the $196 million stolen from Euler Finance, a DeFi protocol.
For example CoinCheck’s 2018 hack accounted for 50% of stolen funds that year. This year, Bitrue’s theft accounts for two-thirds of all assets stolen. The lowest in percentage terms was 25% with Liquid’s $90 million hack in 2021 - still a sizeable contribution, without which exchange hacks wouldn't be looking like such hot property for the mainstream media.
Many exchanges have also sought to bolster their reserves against such events. Among the 25 exchanges that we have proof of assets data on, the average asset holding is $3.3 billion. Removing Binance and that drops to $1.8 billion. Smaller but still sizeable enough to handle a significant theft. To put it another way, $500 million is now less than 1% of assets held on the 25 of the world’s largest exchanges.
Lessons for DeFi**
$140 million hack of play-to-earn fantasy game and marketplace Vulcan Forged. The average amount stolen in largescale DeFi hacks since 2021 is just over $159 million across 25 separate incidents.
Part of this response has been driven by an 'annus horrobilis' in the crypto space in 2022, which saw several high-profile collapses of blockchains and exchanges, culminating in FTX's spectacular bankruptcy in November.
Either way, these events caused a major rethink in terms of security measures, compliance protocols, and smart contract analysis that appears to be bearing some early fruit.
That isn't to say that DeFi has found the answers. Its certainly too early to know if this is a sustained trend. And perhaps important to mention here is that these figures do not account for instances of lower level theft - particularly within the NFT space, which has seen a persistent level of exploits and phishing attacks this year.