More than $1.1bn worth of cryptocurrency has been lost from Web3 cybersecurity incidents in the first half of 2024, according to blockchain monitoring firm Certik.
These losses occurred across 408 onchain security incidents over the six-month period, making the average cost to victims per incident $2.9m.
The median loss was $230,784, highlighting the wide disparity between the losses suffered during individual attacks.
Phishing was the most prevalent attack vector targeting Web3 users, making up 150 incidents and $497.7m in losses.
Private key compromises resulted in a particularly high rate of losses for victims, with 42 incidents resulting in $408.9m in losses. The researchers said this highlights persistent vulnerabilities in key management.
The most common attack vectors for volume and financial losses were:
- Phishing – 150 incidents, $497.7m losses
- Code vulnerabilities – 105 incidents, $80m losses
- Private key compromises – 42 incidents, $408.9m losses
- Exit scams – 55 incidents, $79m losses
- Price manipulation – 25 incidents, $38.5m losses
- Access control – 20 incidents, $86m losses
Ethereum the Most Frequently Targeted Cryptocurrency
Certik observed Ethereum as the most frequently targeted blockchain in H1 2024, with 222 incidents resulting in $315m in losses.
Bitcoin was only hit by one security incident in this period, but this resulted in the theft of 4,502.9 BTC, worth $304m. This was caused by a hack of Japanese cryptocurrency exchange DMM Bitcoin on May 31, 2024.
Other crypto blockchains heavily impacted by security incidents were Blast, with seven incidents resulting in $70.7m in losses, and Arbitrum, with 28 incidents and $31m in losses.
Web3 Losses Rising Significantly
The H1 2024 loss figure represents a significant increase in the amount stolen by malicious actors compared to H1 2023, which was $640.2m. Certik previously found that $1.84bn was lost as a result of security incidents across the whole of 2023.
The new report also highlighted a 37% increase in the value of losses from security incidents in Q2 2024 compared to Q1. However, there was an 18% decrease in the number of incidents quarter-over-quarter.
This discrepancy may be partly explained by the fluctuating price of crypto, with the value of currencies like BitCoin surging in 2024.
Web3 is a decentralized internet service controlled by users, based upon blockchain technologies and cryptocurrencies. It has been designed as an alternative to the centrally controlled internet.
Decentralized finance (DeFi) platforms on Web3 have become a lucrative target for cybercriminals due to the potential to steal vast sums of crypto in a single attack.
The researchers said that the easing of cryptocurrency trading restrictions in markets like Dubai and Hong Kong are providing more opportunities for DeFi platforms, but these platforms will need to demonstrate enhanced security and functionality to take full advantage.