Phishing attacks, private key leaks resulted in $668m stolen in Q3: CertiK

In Q3, threat actors stole over $750 million in cryptocurrency across more than 150 security incidents, representing a 9.5% increase in value lost despite a decrease of 27 incidents compared to Q2.

According to blockchain analytics firm CertiK, phishing attacks and private key compromises were significant contributors to this theft. Even with fewer incidents, the total value lost grew by 9.5% from the previous quarter.

CertiK estimates that hackers have taken nearly $2 billion in 2024 alone, with $505.5 million lost across 224 attacks in Q1 and $687.5 million in Q2. In Q3, phishing emerged as the most damaging attack vector, accounting for nearly $343.1 million stolen in 65 incidents. These attacks typically involve perpetrators impersonating legitimate entities to deceive users into disclosing sensitive information, such as login credentials.

Private key compromises were the second most costly attack vector, leading to $324.4 million stolen in 10 incidents. Together, these two types of attacks resulted in $668 million in losses. Additional incidents in Q3 included code vulnerabilities, reentrancy events, and price manipulation, underscoring the pressing need for enhanced security protocols in the decentralized finance sector.

CertiK also highlighted that Ethereum was the most targeted blockchain, with $387.9 million stolen in 86 incidents, significantly surpassing Bitcoin, which was also heavily targeted. As hackers continue to refine their tactics, CertiK emphasizes the importance of user education and the implementation of advanced security measures to safeguard assets in the crypto industry.