During the third quarter, malicious activities led to over $750 million in losses related to crypto hacks and scams, surging the total losses of the year past $1.9 billion, as reported in CertiK’s quarterly Hack3d security analysis.
The report highlights that these losses stemmed from 155 separate incidents, reflecting a 9.5% increase in stolen funds compared to the previous quarter, despite having 27 fewer incidents overall.
Noteworthy events accounted for a significant portion of these losses, including a $238 million phishing attack targeting a prominent Bitcoin holder and a $231 million breach at the Indian exchange, WazirX. Additionally, a single investor suffered a $55.4 million loss due to a phishing scam.
Approximately $30.9 million was recouped across nine incidents, adjusting the net losses for the quarter to around $722 million.
Rising Threats: The Phishing Epidemic
Phishing attacks emerged as the foremost technique employed by malicious actors in Q3, leading to substantial losses.
- Phishing attacks resulted in losses exceeding $343 million across 65 cases.
- These scams often involve impersonating trusted entities to trick victims into revealing sensitive information such as passwords.
Private key compromises ranked as the second most significant threat, with over $324 million lost in 10 incidents. Attackers in these situations gain control of private keys, allowing unauthorized transactions.
Other significant vulnerabilities included code flaws, reentrancy bugs, price manipulation techniques, and scams related to fundraising.
Ethereum Takes the Hit
Among blockchain networks, Ethereum experienced the highest number of breaches, with 86 incidents resulting in losses over $387 million. This was followed by Bitcoin, which saw $238 million stolen in a single phishing incident.
CertiK noted that the prevalence of attacks on these leading networks is due to their high transaction volumes, extensive user base, and total value locked (TVL).
Multi-chain platforms also experienced substantial losses, totaling around $90 million, while other networks like Binance Smart Chain (BSC), Cosmos, Scroll, Solana, Base, and Optimism faced the remaining incidents.