Rising Concerns over Phishing Attacks Highlighted by CertiK
In the dynamic world of Web3, cybersecurity threats have been a persistent concern. According to the 2024 Hack3d Report by CertiK, the year saw a significant number of hacking and scam incidents, with 144 such incidents reported in the second quarter alone and a year-to-date total of 344 incidents. These incidents resulted in losses exceeding $236 million from code vulnerabilities.
Private key compromise was the second most significant threat in 2024, leading to over $855 million in losses across 65 incidents. The prevalence of code vulnerabilities was a major cause of these financial losses, indicating that smart contract bugs and weaknesses in protocol code continued to be exploited.
The report also highlighted the increasing importance of AI and formal verification in auditing to detect subtle bugs and edge cases before deployment, aiming to reduce vulnerabilities and real-time monitoring for suspicious activities or abnormal fund flows.
The evolving threat landscape affected not only on-chain smart contracts but also off-chain components and Web3 applications, necessitating comprehensive penetration testing and security assessments across all layers.
Phishing tactics were another significant concern in 2024. Over $1 billion was stolen through 296 phishing attacks, according to CertiK. Phishing was the most costly attack vector in 2024, with unreported incidents and similar scams likely increasing the actual tally.
The report predicts that phishing tactics are likely to evolve in 2025, potentially utilizing artificial intelligence. In 78% of the Web3 incidents in 2024, the exploits stemmed from access control vulnerabilities.
Unfortunately, the DMM Bitcoin exchange suffered a hack in 2024, resulting in the loss of 4,502 BTC (worth approximately $320 million at the time). This hack was the second-largest loss of cryptocurrency in Japan, following the Coincheck breach. The DMM Bitcoin exchange announced liquidation in December 2024.
The 2024 Hack3d Report provides insights that shaped the year and offers insights on what's next. However, it does not provide specific details on the third most significant threat identified by CertiK analysts.
Despite these challenges, the total amount stolen in 2024 across all incidents was $2.36B, marking a 31.61% increase from the previous year. Hacken experts estimated that total Web3-market losses in 2024 exceeded $2.9 billion.
As we move forward, it is crucial to remain vigilant and implement robust security practices to protect assets in the Web3 ecosystem. The report underscores the need for comprehensive security measures, AI-powered tools, and regular audits to mitigate these threats.
In the light of the 2024 Hack3d Report, it appears that defi platforms, such as the DMM Bitcoin exchange, are vulnerable to cybersecurity threats, leading to substantial financial losses. Bitcoins, specifically, were targeted, with the DMM Bitcoin hack resulting in a loss of 4,502 BTC valued at approximately $320 million. Furthermore, AI and formal verification are being emphasized as crucial tools to detect subtle bugs and abnormal fund flows, aiming to reduce vulnerabilities and combat these threats in the Web3 technology landscape.
