Crypto Theft Reaches $750 Million in Q3 2024
by Oliver Dale · BlockonomiTLDR
- Over $750 million stolen in crypto in Q3 2024 despite fewer hacks
- Phishing and private key compromises were the dominant attack vectors
- Ethereum remains the primary target for attacks
- Only 4.1% of stolen funds were recovered in Q3
- Average loss per hack reached $5.93 million
The cryptocurrency sector witnessed a significant increase in the value of stolen assets during the third quarter of 2024, despite a decrease in the number of hacking incidents.
According to a recent report by cyber security firm CertiK, thieves made off with over $750 million across 155 incidents, bringing the year’s total losses to nearly $2 billion.
This marks a 9.5% increase in the value lost compared to the previous quarter, even though there were 27 fewer incidents.
The report highlights phishing and private key compromises as the most prevalent attack vectors, accounting for a staggering $668 million in losses.
Phishing attacks alone caused $343 million in damages across 65 incidents. One notable case involved a Bitcoin whale who suffered a $238 million loss in August, making it the single most significant phishing attack for Q3. Although some funds were recovered by the community, most of the stolen amount remains unaccounted for.
Private key compromises were responsible for approximately $317 million in losses across just 10 incidents. The most notable private key attack targeted WazirX, one of India’s leading crypto exchanges.
In July, hackers exploited WazirX’s private key vulnerabilities, leading to the theft of $231 million across more than 200 cryptocurrencies, including Shiba Inu (SHIB), Ethereum (ETH), and Polygon (MATIC).
Ethereum continues to be the prime target for attacks, with $387.8 million stolen across 86 incidents, far surpassing any other blockchain.
Multichain hacks were also prominent, with $89.8 million stolen across several networks, revealing the potential risks associated with cross-chain functionality.
While phishing and private key compromises led the quarter in terms of value lost, other notable attack methods included code vulnerabilities and reentrancy exploits.
Code vulnerabilities resulted in $39.6 million in losses over 44 incidents, while reentrancy attacks – which allow hackers to repeatedly withdraw funds before the system can update balances – accounted for $30.3 million in losses across five incidents.
The Q3 CertiK report reveals a concerning trend in fund recovery. Only 4.1% of stolen funds were recovered this quarter, a sharp decline from the 14.4% recovered in Q2.
Despite fewer incidents, the average loss per hack reached $5.93 million, with the median loss at $120,529.
These figures stand in stark contrast to the findings reported by Immunefi, a bug bounty and security services platform, for August 2024.
Immunefi noted a major drop in crypto-related losses during that month, with total losses amounting to just $15 million across five incidents. This marked the lowest monthly total year-to-date and represented a 94.5% decrease from July’s figures.
The discrepancy between the quarterly and monthly reports highlights the volatile nature of cryptocurrency security. While individual months may show improvements, the overall trend for the quarter indicates a significant increase in the value of assets stolen.