Rising Phishing Threats Issue Alert by CertiK
In the ever-evolving world of blockchain technology, the year 2024 saw a significant surge in cyber attacks, particularly in the Web3 market. According to the 2024 Hack3d Report, over $2.3 billion was stolen through 296 phishing attacks, making it the most costly attack vector of the year [1].
The report, which offers insights into the year's cybersecurity landscape and provides a glimpse into what's next, reveals that the most common attack vectors in the Web3 ecosystem were primarily smart contract vulnerabilities and flash loan exploits [1]. These attacks, targeting flaws in on-chain code that governs decentralized applications, led to a total loss of $2.3 billion in 2024 [1].
Smart contract vulnerabilities were a major source of exploits, allowing attackers to manipulate market conditions or exploit protocol weaknesses. Flash loan attacks, which enable the borrowing of large amounts of cryptocurrency without collateral for very short periods, also contributed significantly to the losses [1].
The volume of hacking or scam incidents was high, with 144 incidents reported in Q2 2024 alone and a year-to-date total of 344 incidents causing massive financial damages [3].
The impact of these attack vectors is substantial. In 78% of cases, Web3 market losses in the past year stemmed from access control vulnerabilities. Private key compromise was the second most significant threat, leading to over $855 million in losses across 65 incidents [2].
The year 2024 also saw notable attacks on cryptocurrency exchanges. The May attack on Japanese exchange DMM Bitcoin resulted in a loss of 4,502 BTC, worth approximately $320 million at the time. The DMM Bitcoin hack was the country's second-largest loss after the Coincheck breach in 2018 [2]. In a sad turn of events, DMM Bitcoin announced liquidation in December 2024 [2].
The report provides detailed statistics and analysis on these incidents to help stakeholders make informed security decisions amid growing risks in Web3 [4]. However, the source of the stolen funds or the specific organizations or individuals affected remains undisclosed.
As we look towards 2025, it is expected that phishing tactics will evolve, potentially with the use of artificial intelligence. The threat landscape in the Web3 market is continuously changing, and it is crucial for all stakeholders to stay vigilant and take proactive measures to secure their assets.
References: [1] Hack3d Report (2024) [2] CoinDesk (2024) [3] CertiK (2024) [4] Hacken (2024)
In the context of the 2024 Hack3d Report, it was found that defi, or decentralized finance, was a vulnerable area in the Web3 market, with smart contract vulnerabilities and flash loan exploits contributing significantly to the recorded losses of over $2.3 billion [1]. Additionally, Bitcoin was targeted in a notable hack on the Japanese exchange DMM Bitcoin, leading to a loss of 4,502 BTC, worth approximately $320 million at the time [2].
