Introduction
In 2024 [1] [2] [3] [4] [5] [6] [7], the landscape of Web3 security incidents saw significant financial losses, primarily due to phishing attacks and private key compromises [1] [4]. Despite an increase in the number of incidents and the average amount stolen per incident, the total losses were still lower than those recorded in previous years. This report delves into the specifics of these incidents, highlighting the most affected cryptocurrencies and the evolving dynamics of decentralized finance (DeFi).
Description
In 2024 [1] [2] [3] [4] [5] [6] [7], Web3 security incidents resulted in losses exceeding $2.36 billion in cryptocurrency [2] [5] [6], reflecting a 31.61% increase from the previous year [2] [3]. These losses occurred across 760 incidents [2] [5] [6], which is 29 fewer than in 2023 [2]. The average amount stolen per incident was approximately $3.1 million [2] [5] [6], indicating a 23% rise from the prior year. Phishing attacks and private key compromises emerged as the leading attack vectors [1] [4] [7], accounting for around $1.05 billion and $855 million in losses, respectively [1] [2] [3] [4] [5] [6] [7]. Phishing alone represented 39.1% of all incidents, underscoring its prevalence and the tendency for these attacks to yield larger amounts per incident. The irreversible nature of cryptocurrency transactions exacerbates the impact of phishing [7], as funds cannot be recovered once transferred [7]. Notably, the only incident in 2024 to exceed $100 million in losses was the WazirX incident [7], which resulted in $231 million in losses [1], suggesting a decline in the frequency of high-value incidents [1] [7].
Despite the increase in incidents and losses, the total value lost in 2024 remains significantly lower than the losses of $5.2 billion in 2021 and $3.5 billion in 2022 [5] [6]. Ethereum was the most affected cryptocurrency [2] [5] [6], with 403 incidents leading to losses of $748.6 million [2] [5] [6]. Bitcoin and Tron also faced significant security challenges [2] [5] [6], with losses of $542.7 million and $133 million [2] [5] [6], respectively [1] [2] [3] [4] [5] [6] [7]. The total value locked in blockchain networks increased in 2024 [5], driven by renewed interest in decentralized finance (DeFi) following the approval of Spot Bitcoin and Ethereum exchange-traded funds (ETFs) by the US Securities and Exchange Commission (SEC) [5]. In contrast [5], the value of DeFi had decreased by 46% in 2023 compared to 2022 [5]. The report also analyzed the most exploited blockchains and provided insights into security practices for crypto participants [7].
Conclusion
The 2024 Web3 security landscape underscores the persistent threat of phishing and private key compromises, which continue to inflict substantial financial damage. However, the overall reduction in total losses compared to previous years suggests some progress in security measures. Moving forward, enhancing security protocols and educating users about potential threats are crucial steps in mitigating these risks. The renewed interest in DeFi, spurred by regulatory approvals, presents both opportunities and challenges, necessitating robust security frameworks to safeguard the growing ecosystem.
References
[1] https://www.globenewswire.com/news-release/2025/01/02/3003553/0/en/CertiK-s-Hack3d-Report-2-3-Billion-Lost-to-Scams-Hacks-and-Exploits-in-2024.html
[2] https://osintcorp.net/web3-attacks-result-in-2-3bn-in-cryptocurrency-losses/
[3] http://www.eblockmedia.com/news/articleView.html?idxno=10112
[4] https://www.tradingview.com/news/reuters.com,2025-01-02:newsml_GNX4P6sQf:0-certik-s-hack3d-report-2-3-billion-lost-to-scams-hacks-and-exploits-in-2024/
[5] https://www.infosecurity-magazine.com/news/web3-attacks-cryptocurrency-losses/
[6] https://ciso2ciso.com/web3-attacks-result-in-2-3bn-in-cryptocurrency-losses-source-www-infosecurity-magazine-com/
[7] http://koreabizwire.com/certiks-hack3d-report-2-3-billion-lost-to-scams-hacks-and-exploits-in-2024/302434
