Increased risk of phishing attacks stated by CertiK
In 2024, the Web3 ecosystem faced a significant surge in cybersecurity threats, with North Korean hackers reportedly stealing at least $1.34 billion worth of crypto assets according to Chainalysis. The losses were not confined to a single sector, affecting DeFi, CeFi platforms, gaming, and metaverses.
The Hack3d Report by CertiK, an industry-leading assessment of on-chain security incidents, identified several key threats in the Web3 space. The most critical of these were smart contract vulnerabilities exploited by hackers, leading to frequent and costly incidents, and widespread scams.
Smart Contract Vulnerabilities
In the first half of 2024 alone, CertiK reported 144 hacking or scam incidents. Code vulnerabilities in smart contracts caused losses exceeding $236 million within a single quarter, underscoring the danger of subtle bugs and exploitable flaws in decentralized applications. The need for advanced security monitoring in real-time and the use of AI-powered security analysis and formal verification became increasingly important to proactively detect and prevent vulnerabilities.
Scams and Phishing Attacks
Phishing was the most costly attack vector in 2024, with the real tally being higher when unreported incidents and other similar scams are taken into account. Out of the 296 incidents in 2024, at least three resulted in losses exceeding $100 million. The May hack on DMM Bitcoin, for example, resulted in the theft of 4,502 BTC, worth approximately $320 million at the time.
Following phishing, private key compromise was the second most significant threat, leading to over $855 million in losses across 65 incidents in 2024.
The Future of Web3 Cybersecurity
The total amount stolen across all incidents in 2024 was $2.36 billion, marking a 31.61% increase from the previous year. As attacker techniques evolve, with phishing tactics expected to incorporate artificial intelligence in 2025, the need for robust and innovative cybersecurity measures will continue to grow.
The Hack3d Report provides insights that shaped the year and offers information on what's next. As we move forward, understanding these threats and implementing effective defense strategies will be crucial for the continued growth and security of the Web3 ecosystem.
[1] North Korean hackers steal at least $1.34 billion worth of crypto assets in 2024 (Chainalysis) [2] Top cybersecurity threats in the Web3 ecosystem based on the 2024 Hack3d Report by CertiK [3] Code vulnerabilities in smart contracts caused losses exceeding $236 million within a single quarter (CertiK) [4] The ecosystem faces ongoing threats from exploits, scams, and hacking incidents (CertiK) [5] AI-powered security analysis and formal verification are increasingly important tools CertiK applies to proactively detect and prevent vulnerabilities (CertiK)
- Amidst the escalating cybersecurity threats in the Web3 ecosystem, concerns over bitcoin and DeFi platforms being potential targets have heightened, given the widespread scams and phishing attacks reported in the Hack3d Report by CertiK, with losses exceeding $320 million from a single phishing incident on DMM Bitcoin.
- In the realm of technology, advanced AI-powered cybersecurity solutions and formal verification methods, as utilized by CertiK, may prove crucial in enhancing the cybersecurity posture of decentralized applications and countering the growing (defi) and traditional finance platforms threats posed by hackers and scammers in the future.
