Blockchain security audit firm CertiK recently released its Web3 Report for the second quarter of 2024, shedding light on the losses incurred due to on-chain security vulnerabilities. According to the report titled Q2 “Hack3D: The Web3 Security Report,” a staggering $688,102,941 was lost across 184 security incidents in Q2. This marked a 37% increase in value lost compared to Q1 2024, despite a decrease in the number of incidents by 18%. The report highlights that phishing attacks and private key compromises were primarily responsible for the losses, with phishing accounting for $433.7 million lost across 67 incidents, and 16 major private key compromises leading to $170.1 million in losses.
The findings of the report also pointed out that Ethereum on-chain experienced the highest number of security breaches, with a total of 83 hacks and scams reported in Q2. In the first half of 2024, the ETH blockchain bore the brunt of 222 incidents, resulting in nearly $15.5 million in losses. Individual incidents in Q2 that stood out included the top 10 losses being dominated by phishing attacks. The largest single on-chain attack on a Japanese exchange, DMM Bitcoin, resulted in a massive $305 million loss. Another notable incident was linked to Turkish exchange BtcTurk, with $54 million worth of Avalanche tokens stolen and converted to Bitcoin, then transferred to separate wallets.
Further, the report highlighted other significant types of incidents in Q2, such as code vulnerabilities, access control issues, and exit scams. Code vulnerabilities, allowing attackers to inject malicious scripts into web pages, accounted for $37.37 million across 57 incidents. Access control failures, though fewer in number, resulted in substantial losses of $7.51 million. Exit scams also played a role, contributing to $10.31 million in losses across 20 incidents. Beyond Ethereum, BNB Chain followed with 44 incidents totaling $12 million, indicating that security challenges are not confined to any single blockchain.
Overall, the Web3 Report by CertiK underscores the ongoing threat posed by on-chain security vulnerabilities in the crypto space. The increasing value lost and number of incidents in Q2 2024 compared to Q1 highlights the need for robust security measures to safeguard against phishing attacks, private key compromises, code vulnerabilities, access control issues, and exit scams. With Ethereum bearing the brunt of security breaches, it is clear that no blockchain is immune to such threats, emphasizing the importance of continuous vigilance and proactive security measures in the evolving landscape of Web3. Stakeholders in the crypto ecosystem must prioritize security to protect against potential losses and uphold the integrity and trustworthiness of blockchain technologies.
