CertiK's security report indicates that the primary causes of asset loss are phishing attacks and private key compromises.
Certik, a Web3.0 security agency, has released its quarterly Web3 security report, “Hack3d: Q2 and H1 2024 Web3.0 Security Report.” The report states that in Q2 2024, there were 184 on-chain security incidents resulting in losses of $688 million, representing a 37% increase in losses compared to Q1 2024. The report also highlights that in H1 2024, there were 408 security incidents with total losses amounting to $1.19 billion.
Phishing and private key compromises were the main causes of asset losses in Q2. Out of the $688 million lost in 184 incidents, $99,328,507 was recovered from 7 separate incidents.
Top 10 Projects by Loss Amount in Q2:
1. DMM Bitcoin: $304,700,000
2. BtcTurk: $90,000,000
3. Phishing Victim (0x1e22): $68,597,540
4. Lykke: $23,052,860
5. Gala Token: $21,613,470
6. Sonne Finance: $20,000,000
7. UwULend: $19,700,000
8. Rain: $14,277,950
9. Phishing Victim (5Fmwfk): $11,522,660
10. Phishing Victim (0x2154): $10,167,780
Phishing and private key compromises were also the main causes of asset losses in H1 2024. Out of the $1.19 billion lost in 408 incidents, $177,728,142 was recovered from 17 separate incidents.
Top 10 Projects by Loss Amount in H1:
1. DMM Bitcoin: $304,700,000
2. Chris Larsen: $112,500,000
3. BtcTurk: $90,000,000
4. Phishing Victim (0x1e22): $68,597,537
5. Munchable: $63,000,000
6. BitForex: $55,745,130
7. Play Dapp: $32,350,000
8. FixedFloat: $26,176,240
9. Lykke: $23,052,860
10. Gala Token: $21,613,471
The Certik security report highlights that phishing attacks and private key compromises are the main causes of security incidents. Common causes include:
1. Fake Websites and Apps: Attackers create fake websites or apps that look identical to legitimate ones to trick users into entering sensitive information. These phishing sites are often spread through email, social media, or search engine ads.
2. Impersonation Communications: Attackers impersonate trusted entities (e.g., wallet providers, exchanges) and send fake security warnings or account update requests via email, SMS, or social media to induce users to provide sensitive information.
3. Malware and Viruses: Users' devices get infected with malware or viruses that can record keystrokes, take screenshots, or directly steal private keys stored on the device.
4. Insecure Storage: Users store private keys in insecure locations such as unencrypted text files, screenshots, or cloud storage, making them easy targets for hackers.
5. Using Public Wi-Fi: Transmitting sensitive information over unencrypted public Wi-Fi networks can allow hackers to intercept these details using network sniffing tools.
Preventive Measures:
1. Enable Two-Factor Authentication (2FA): Adds an extra layer of security to accounts, making it harder for attackers to access accounts even if private keys are compromised.
2. Use Hardware Wallets: Hardware wallets securely store private keys and can only sign transactions when the physical device is connected, enhancing security.
3. Be Wary of Phishing Sites: Always check the URL and SSL certificate of websites before entering sensitive information to ensure they are official sites.
4. Regularly Update Devices and Software: Keep devices and security software updated to prevent exploitation of known vulnerabilities.
5. Education and Awareness: Continuously learn about new security threats and protective measures to enhance personal security awareness.
Disclaimer:
The views in this article only represent the author's personal views, and do not constitute investment advice on this platform. This platform does not guarantee the accuracy, completeness and timeliness of the information in the article, and will not be liable for any loss caused by the use of or reliance on the information in the article.
TEAMZ Web3・AI Summit 2025: Bringing Global Leaders to Tokyo
Slowmist Releases October Web3 Security Incident Report
Japan’s Crypto Industry to Launch “Self-Regulation” of Stablecoins
Russia Establishes Legal Framework and Standards for Crypto Mining
0.00