According to a new report, hackers and scammers have gone from targeting central entities to now exploiting decentralized projects. DeFi is currently the main target of crypto crimes.

 Since 2011, over $14.5 billion in crypto has been taken through hacks and scams, with DeFi (decentralized finance) being the preferred target for attackers according to analytics firm Crystal Blockchain.

According to Crystal’s new study, there have been 167 hacking incidents of DeFi protocols and 123 security breaches on centralized exchanges during the last 11 years. While $3.2 billion worth of cryptocurrency was stolen via centralized platforms, over $4 billion was stolen from exploited DeFi projects. The remaining billions were lost to fraudsters.

In 2021, hackers’ attention began to shift significantly toward decentralized protocols. According to the study, this year decentralized projects have been hacked 20 times more frequently than centralized ones, and funds were stolen from the top 10 DeFi assaults.

The rise in the sector’s development is partly to blame for the surge in assaults on DeFi initiatives, according to Nick Smart, Crystal’s director of blockchain intelligence and data. While projects race to market without enough testing, centralized exchanges improve their security based on user demand and increased regulatory scrutiny.

“There’s a saying that nothing is unhackable – all you need is enough time, talent, and imagination,” Smart continued. “And some illicit hacking organizations, such as those sponsored by countries like North Korea’s Lazarus, are particularly skilled at seizing these possibilities.”

The most common type of cryptocurrency theft until 2021 happened when criminals infiltrated the security systems of crypto exchanges, but currently hackers are targeting DeFi more often, according to the report. 

Hacks against centralized exchanges (CEXes) are causing less financial damage now than they did in the past. The largest CEX hack occurred in 2018 at Coincheck, where $535 million worth of NEM tokens were stolen.

The most concerning DeFi attack to date was the Ronin network hack in March, which saw over $650 million in crypto funneled from the popular Axie Infinity NFT game and laundered through the Tornado Cash mixer. According to Crystal, the service received around 350,000 ether (ETH) in the first half of 2022–which is more than half of all ETH that has ever gone through Tornado Cash.