Web3 security incidents resulted in more than $ 2.3 billion in cryptocurrency in losses in 2024, an increase of 31.6% in the stolen value compared to 2023, according to new figures from Blockchain Security Firm Certik.
These losses took place in 760 incidents, 29 less than in 2023. The average stolen amount per hack was $ 3.1 million in 2024, an increase of 23% compared to 2023.
The crypto value stolen in 2024 is still considerably lower than the lost amount in 2021 and 2022, which was $ 5.2 billion and $ 3.5 billion respectively.
Web3 is an internet service built with decentralized block chains, designed to place control in the hands of the users.
The amount of crypto stolen on this service is strongly influenced by the fluctuating value of cryptocurrency. Certik noted that the total value that was locked over blockchain networks increased considerably in 2024, powered by renewed acceptance of decentralized finances (Defi).
Last year the US Securities and Exchange Commission (SEC) Bitcoin and Ethereum Exchange-Traded Funds (ETFs) approved and helped with this boost.
The value of Defi, on the other hand, had fallen by 46% in 2023 compared to 2022.
Ethereum was the cryptocurrency that experienced the highest number of security incidents and losses in 2024, with a total of 403 hacks, scams and exploits that led to $ 748.6 million in losses.
Bitcoin and Tron were also very focused, with $ 542.7 million and $ 133 million respectively.
Read now: Crypto-hackers steal $ 2.2 billion while North Koreans dominate
Phishing becomes the most expensive attack vector
Phishing was the most expensive attack vector in 2024, resulting in $ 1.05 billion in losses in 296 incidents. This represents almost half of all value stolen in the year and 39.1% of the number of incidents.
The researchers said these figures suggest that phishing attacks usually lead to larger quantities stolen per incident than other attack techniques.
The most expensive phishing incident took place in August, when an advanced social engineering attack led to the theft of $ 243 million in crypto of a single Genesis creditor in Washington DC
The attackers posed as support staff of Google and Gemini to mislead the victim to reset their two-factor authentication (2FA) and transfer funds to a compromised wallet.
The fame of phishing marks a significant change in comparison 2023 when a private key compromise was the dominant attack vector. Phishing was the fifth highest attack vector in 2023, responsible for $ 203 million in losses in 55 incidents.
In 2024 the compromise of the private key was the second highest attack vector, which caused $ 855.4 million losses in 65 incidents.
Certik said that the shift to phishing shows that technical security checks in the web3 -eco system improve, making other attack techniques less effective.