Certik Highlights Security Challenges in the Crypto Industry

Certik, a cyber security firm discloses that although the frequency of hacks decreased in the last quarter, the total value extracted by thieves dramatically increased. According to its latest Web3 security report, hackers stole $750 million across 155 incidents, bringing the year’s total losses to nearly $2 billion.

Takeaways from the Certik report

Despite 27 fewer incidents in the previous quarter, there was an approximate 9.5% rise in the total value lost. Phishing and private key compromises were the dominant methods used by attackers, leading to the most significant losses.

Phishing Attacks and Private Key Compromises

Phishing was responsible for $343 million in damages across 65 incidents. A notable instance involved a Bitcoin whale who lost $238 million in August, marking the largest single phishing attack of the quarter, and a breach at WazirX, one of India’s top crypto exchanges, where  $231 million worth of various cryptocurrencies was stolen in July after exploiting private key vulnerabilities.

These incidents accounted for $317 million in losses through just 10 events:

– Ethereum continued to be the most frequently attacked blockchain, with $387.8 million stolen in 86 incidents.

– Vulnerabilities in multichain operations were also highlighted, with $89.8 million lost across various networks due to cross-chain functionality risks.

Other Attack Vectors

In addition to phishing and key compromises, the report outlined losses from other attack types which include:

Code Vulnerabilities: Resulted in $39.6 million in losses across 44 incidents.

Reentrancy Attacks: This allowed hackers to withdraw funds repeatedly before balance updates. Resulting in $30.3 million lost in five incidents.

Recovery and Prevention Efforts

As pointed out by the report, only 4.1% of the stolen funds were recovered during the quarter, a significant decrease from 14.4% in Q2. The average loss per hack to $5.93 million. The median loss was reported at $120,529.