Certik, a cyber security firm discloses that although the frequency of hacks decreased in the last quarter, the total value extracted by thieves dramatically increased. According to its latest Web3 security report, hackers stole $750 million across 155 incidents, bringing the year’s total losses to nearly $2 billion.
Takeaways from the Certik report
Despite 27 fewer incidents in the previous quarter, there was an approximate 9.5% rise in the total value lost. Phishing and private key compromises were the dominant methods used by attackers, leading to the most significant losses.
Phishing Attacks and Private Key Compromises
Phishing was responsible for $343 million in damages across 65 incidents. A notable instance involved a Bitcoin whale who lost $238 million in August, marking the largest single phishing attack of the quarter, and a breach at WazirX, one of India’s top crypto exchanges, where $231 million worth of various cryptocurrencies was stolen in July after exploiting private key vulnerabilities.
These incidents accounted for $317 million in losses through just 10 events:
– Ethereum continued to be the most frequently attacked blockchain, with $387.8 million stolen in 86 incidents.
– Vulnerabilities in multichain operations were also highlighted, with $89.8 million lost across various networks due to cross-chain functionality risks.
Other Attack Vectors
In addition to phishing and key compromises, the report outlined losses from other attack types which include:
Code Vulnerabilities: Resulted in $39.6 million in losses across 44 incidents.
Reentrancy Attacks: This allowed hackers to withdraw funds repeatedly before balance updates. Resulting in $30.3 million lost in five incidents.
Recovery and Prevention Efforts
As pointed out by the report, only 4.1% of the stolen funds were recovered during the quarter, a significant decrease from 14.4% in Q2. The average loss per hack rose to $5.93 million. The median loss was reported at $120,529.
A slight break in August
Contrasting with the quarter’s gloomy data, August saw a significant drop in crypto-related losses, with only $15 million lost across five incidents, as per Immunefi. This marked the lowest monthly total year-to-date and a 94.5% decrease from July’s figures, suggesting potential improvement in security measures and response strategies.
The CertiK report serves as a stark reminder of the persistent and evolving threats in the crypto space thereby reinforcing the importance of proactive security measures to protect digital assets as the crypto space evolves. Here’s a detailed guide on how to protect your crypto assets from hackers.
