2024 Web3 Security Report: Major Hacks and Financial Losses

Key Points:

• $1.19 billion lost to security incidents in H1 2024.
• Phishing and private key leaks were the main causes, with phishing alone accounting for $498 million.
• Major hacks include DMM Bitcoin ($304 million) and BtcTurk ($90 million).

Overview:

According to CertiK’s Web3 Security Report, the first half of 2024 saw significant financial losses due to security breaches, with $1.19 billion lost. The most substantial portion of these losses resulted from phishing attacks and private key leaks, highlighting the ongoing vulnerability of the crypto space to sophisticated cyber threats.

Detailed Analysis:

1. Types of Attacks:
   • Phishing Attacks: The report revealed that phishing attacks were responsible for approximately $498 million (¥803 billion) in losses. These attacks trick users into providing sensitive information, which hackers then exploit to access wallets and accounts.
   • Private Key Leaks: Another significant cause of losses was the leakage of private keys, which are crucial for accessing cryptocurrency wallets. Such leaks can result from poor security practices or targeted attacks on individuals and organizations.
2. Notable Incidents:
   • DMM Bitcoin Hack: One of the most significant hacks of Q2 2024 was on the Japanese exchange DMM Bitcoin, resulting in a loss of $304 million (¥490 billion). This attack involved the theft of 4,502.9 BTC.
   • BtcTurk Hack: The Turkish exchange BtcTurk experienced a cyber attack targeting its hot wallets, leading to a loss of $90 million (¥145 billion).
3. Preventative Measures and Recommendations:
   • CertiK co-founder Ronghui Gu emphasized the importance of multi-factor authentication (MFA), including two-factor authentication (2FA) and security keys, to protect assets. Gu recommended that wallets holding significant funds should utilize hardware wallets or equally secure key management solutions.
   • Proactive Security: Gu also highlighted the necessity for users to implement basic security measures like 2FA and for organizations to have teams ready to respond swiftly to security incidents.

Recent Trends and Insights:

1. Fluctuations in Hacking Losses:
   • The report noted a decrease in hacking losses from May to June 2024. In May, the crypto space saw losses of approximately $385 million (¥621 billion) due to hacks, which decreased by 54.2% to $176.2 million (¥284 billion) in June. This trend indicates potential improvements in security practices or a temporary lull in successful hacking attempts.
2. Ongoing Threats:
   • Despite some improvements, the persistence of large-scale hacks targeting major crypto custodians underscores the ongoing threat. Gu stressed the importance of both preventative measures and rapid incident response capabilities to mitigate the impact of these attacks.

CertiK’s Web3 Security Report for H1 2024 highlights the substantial financial impact of phishing attacks and private key leaks on the cryptocurrency market. Significant hacks, such as those on DMM Bitcoin and BtcTurk, demonstrate the need for robust security measures. The report underscores the critical role of multi-factor authentication and proactive security strategies in protecting digital assets. As the industry evolves, continuous improvements in security practices and international collaboration are essential to countering sophisticated cyber threats.