- A CertiK report found over $753M in crypto losses in Q3 2024, a 9.5% increase since Q2, with fewer recorded incidents.
- Ethereum was the most targeted, with 86 incidents and $387.8M losses.
- Phishing attacks dominated the charts with the greatest number of reported incidents (65) and highest losses ($343M).
- A Bitcoin whale’s $238M loss was the highest-recorded loss in this period, followed by WazirX’s $231M loss.
A recent CertiK Web3 report shows a grim picture – Q3 2024 wasn’t a good time for crypto.
Over $753M was lost in 155 security incidents in three months, a 9.5% increase since the last quarter. As usual, phishing was the main contributor, with $343M stolen in 65 incidents.
The average loss per incident was around $5.9M, with Ethereum experiencing $387M worth of losses. Astoundingly, hackers have stolen over $2B so far in 2024.
The report also highlights the vulnerability of private keys, or rather, how people can’t protect them proficiently. That’s because hackers stole over $324M by compromising private keys.
Let’s go over the report and see the other highlights.
Most Important Highlights of Q3 2024
Here’s a summary of CertiK’s report:
- Phishing attacks were the most numerous (65), leading to the highest losses ($343M).
- WazirX’s $231.4M attack was the second-largest after a Bitcoin whale’s $238M loss.
- Ethereum had the most incidents (86), with the highest losses ($387.8M).
- BSC had the second-highest number of incidents at 39, 15 more than the other recorded chains combined (outside Ethereum).
- Hackers returned over $30M in nine incidents, making the total Q3 losses fall to $722,147,751.
- There were fewer hacks in Q3 than in Q2, but the total value lost increased by 9.5%. This means the attacks were more substantial.
- Phishing and private key compromises accounted for 88.71% of the total value lost.
- Code vulnerabilities accounted for over $30M in losses, underlying the need for better code audits in DeFi.
- Hackers targeted Ethereum 86 more times and caused 331% more losses than on Bitcoin.
It seems the crypto industry is a bigger target than ever before, especially with the release of $ETH ETFs.
Curiously enough, WazirX’s $231M hack wasn’t the biggest incident recorded in Q3. That misfortune belongs to a Bitcoin whale who lost 4,064 $BTC, valued at $238M.
CertiK’s report is unclear on the amount recovered. It seems like the whale recovered 2.1 times more than they lost, which… shouldn’t be right.
WazirX takes the second spot, and a phishing victim who lost $55.5M takes the third spot. It’s rare to see such significant losses from individual crypto investors.
Overview of Loss Types
CertiK’s report highlighted a worrying trend. Phishing attacks remain the main threat in crypto scams, with code vulnerabilities being a close second. Here’s an overview of loss types, with the number of incidents and losses:
- Phishing: $309,278,519$ in 65 incidents
- Private key compromise: $317,786,322 in 10 incidents
- Code vulnerability: $39,680,651 in 44 incidents
- Reentrancy: $30,353,579 in 5 incidents
- Price manipulation: $7,686,536 in 3 incidents
- IDO or fundraising rug: $2,118,058 in 1 incident
- Token dump: $1,415,342 in 11 incidents
- Liquidity removed: $349,596 in 3 incidents
- Access controls: $175,795 in 8 incidents
Curiously, code vulnerabilities are the second-most numerous attacks after phishing, which emphasizes the dire need for cybersecurity upgrades. This is a bit worrying since investors have no control over these exploits. It’s up to developers to prevent them.
Wrapping Up – What Should We Do?
CertiK’s report underlines the need for more robust cybersecurity practices for DeFi platforms and individuals alike.
Things like 2FA and MFA (though MFA might not be as safe as once thought) and crypto scam identification methods are becoming paramount.
Hackers are getting more sophisticated, so our awareness must also level up.
References
- The WEB3 Security Quarterly Report by CertiK (CertiK)