Over the course of 2024, malicious actors have stolen more than $1 billion through 296 phishing attacks, according to an annual report by CertiK.
The numbers from 2024 are in, and the Web3 ecosystem faces significant challenges. Over $2.36B was stolen across 760 incidents, marking a 31.61% increase from the previous year.
— CertiK (@CertiK) January 2, 2025
Dive into the 2024 Hack3d Report to see the insights that shaped the year and what’s next.👇🧵 pic.twitter.com/86QyfYia8M
“Phishing was the most costly attack vector last year. Our figures are conservative; the real tally is higher when unreported incidents and other [similar] scams are taken into account,” a CertiK representative told Cointelegraph.
Out of the 296 incidents in 2024, at least three resulted in losses exceeding $100 million.
Following phishing, the second most significant threat identified by CertiK analysts was private key compromise. This led to over $855 million in losses across 65 incidents. Critical code vulnerabilities remain a concern as well.
Among the year’s most notable hacks, the team highlighted the May attack on Japanese cryptocurrency exchange DMM Bitcoin. Hackers made off with 4,502 BTC (then worth $320 million)—the country’s second-largest loss after the Coincheck breach. In December, DMM Bitcoin announced liquidation.
“Phishing tactics will undoubtedly evolve in 2025, especially with the development of artificial intelligence,” added the CertiK representative.
Earlier, Hacken experts calculated that total Web3-market losses in the past year exceeded $2.9 billion, affecting DeFi, CeFi platforms, gaming, and metaverses. In 78% of cases, exploits stemmed from access control vulnerabilities.
According to Chainalysis, North Korean hackers stole at least $1.34 billion worth of crypto assets in 2024.
Cryptol – your source for the latest news on cryptocurrencies, information technology, and decentralized solutions. Stay informed about the latest trends in the digital world.