CertiK’s Hack3d: Web3.0 Security Report for Q3 2024 has been released. This report provides an in-depth analysis of the on-chain security situation from July to September 2024. The total loss amount this quarter was US$753 million. Phishing and private key leakage were the main causes of asset losses this quarter.
Key data
In the third quarter of 2024, there were 155 on-chain security incidents with losses amounting to $753 million, bringing the total losses from 2024 to date to nearly $2 billion.
Although the number of security incidents decreased by 27 compared with the previous quarter, the total loss increased by about 9.5% compared with the previous quarter. It can be seen that the average scale of attacks is increasing, and the entire industry urgently needs stricter security measures.
Phishing and private key leaks were the two most damaging attack methods this quarter, resulting in a total of $668 million in stolen assets. Phishing was the first to cause asset losses, totaling $343 million, followed by private key leaks, which caused a total loss of $320 million.
In the most notable phishing incident, attackers stole $238 million from a Bitcoin whale. Thanks to the efforts of the community, about $500,000 has been recovered. Another large attack occurred on WazirX, where an attacker stole approximately $231 million by obtaining the private keys of the wallet.
Safety Tips
Phishing attacks usually involve criminals impersonating legitimate entities to trick users into revealing sensitive information such as private keys or login credentials. Once attackers have access to this information, they can gain unauthorized access to the victim's wallets and accounts and steal funds. To prevent such attacks, users should remain vigilant, be skeptical of any request for private information, carefully check website URLs and email addresses, enable two-factor authentication (2FA) to increase the security of their accounts, and avoid signing or approving phishing contracts.
Quarterly Review
This quarter, CertiK hosted and participated in multiple events in multiple countries and regions:
Sincerely Invited | 3 days left for EthCC Lunch & Learn!
Sincerely Invitation | Malaysia Blockchain Week will start next week, welcome to sign up!
Invitation | CertiK Korea Blockchain Week Event Overview, Registration Now Open
Sincerely Invited | One week left to CertiK Token 2049 Singapore event!
During Token 2049, it announced a major upgrade to its products and services, disclosed the funding size of CertiK Ventures, and received coverage from many well-known media:
CertiK also launched security tools such as Token Scan and Wallet Scan, giving back to the community for free:
Skynet: Multi-dimensional functions help Web3.0 community upgrade security
This quarter, CertiK co-founder Professor Gu Ronghui and several team members accepted media interviews:
DEF CON 32 Spotlight: CertiK Security Engineer Reveals dApp Security Challenges
The intersection of Web2.0 and Web3.0: Beware of the dual challenges of network security
Interview | Cointelegraph interview with CertiK: Threats and prevention of AI deep fake attacks
Techub Exclusive Interview with Professor Gu Ronghui: Decoding CertiK’s Security Strategy
In the technology field, CertiK shared two case studies on the formal verification of zero-knowledge proofs (ZKP) this quarter:
Advanced Formal Verification of Zero-Knowledge Proofs: How to Prove Zero-Knowledge Memory
Technical Detail | Divide and Conquer: Hidden Vulnerabilities in ZK Division
And two technical analysis articles about Solana vulnerabilities:
Technical Details | CertiK Reveals Secretly Patched Solana Core Vulnerability
During this period, CertiK received two acknowledgments from Apple, becoming the Web3.0 security organization that has received the most public acknowledgments from Apple to date:
On July 17, the Hong Kong Treasury and the HKMA adopted two recommendations proposed by CertiK:
Hong Kong’s Treasury and HKMA adopt CertiK’s recommendations to help develop stablecoin regulation
Conclusion
CertiK is committed to continuously tracking security trends in the Web3.0 field. So far, it has conducted more than 70 white hat operations, reported more than 4,000 security incidents, discovered more than 115,000 code vulnerabilities, and protected more than $360 billion in digital assets from potential losses; and delivered key security information to the industry in the form of annual and quarterly security reports. Once the security report was released, it received high attention from the industry and was quickly reported and cited by core media in the Web3.0 field such as CoinDesk and Cointelegraph.
CertiK’s Hack3d security report not only provides raw data on security incidents, but also deeply analyzes the potential impact of these vulnerabilities on the entire Web3.0 ecosystem, providing valuable reference for understanding the security status, challenges and opportunities of Web3.0, and providing security information education and support to the community.
You are welcome to copy and open the link at the end of the article to read the full "Hack3d: Web3.0 Security Report for the Third Quarter of 2024" for more comprehensive analysis, insights and suggestions.
Full text link: https://indd.adobe.com/view/fd940244-b0b1-467f-984a-00463f8d8e2a