Original

Important | CertiK "Hack3d: 2024 Third Quarter Security Report" (with full report link)

avatar
CertiK
10-02
This article is machine translated
Show original

CertiK’s Hack3d: Web3.0 Security Report for Q3 2024 has been released. This report provides an in-depth analysis of the on-chain security situation from July to September 2024. The total loss amount this quarter was US$753 million. Phishing and private key leakage were the main causes of asset losses this quarter.

Key data

In the third quarter of 2024, there were 155 on-chain security incidents with losses amounting to $753 million, bringing the total losses from 2024 to date to nearly $2 billion.

Although the number of security incidents decreased by 27 compared with the previous quarter, the total loss increased by about 9.5% compared with the previous quarter. It can be seen that the average scale of attacks is increasing, and the entire industry urgently needs stricter security measures.

Phishing and private key leaks were the two most damaging attack methods this quarter, resulting in a total of $668 million in stolen assets. Phishing was the first to cause asset losses, totaling $343 million, followed by private key leaks, which caused a total loss of $320 million.

In the most notable phishing incident, attackers stole $238 million from a Bitcoin whale. Thanks to the efforts of the community, about $500,000 has been recovered. Another large attack occurred on WazirX, where an attacker stole approximately $231 million by obtaining the private keys of the wallet.

Safety Tips

Phishing attacks usually involve criminals impersonating legitimate entities to trick users into revealing sensitive information such as private keys or login credentials. Once attackers have access to this information, they can gain unauthorized access to the victim's wallets and accounts and steal funds. To prevent such attacks, users should remain vigilant, be skeptical of any request for private information, carefully check website URLs and email addresses, enable two-factor authentication (2FA) to increase the security of their accounts, and avoid signing or approving phishing contracts.

Quarterly Review

This quarter, CertiK hosted and participated in multiple events in multiple countries and regions:

Sincerely Invited | 3 days left for EthCC Lunch & Learn!

Sincerely Invitation | Malaysia Blockchain Week will start next week, welcome to sign up!

Invitation | CertiK Korea Blockchain Week Event Overview, Registration Now Open

Sincerely Invited | One week left to CertiK Token 2049 Singapore event!

During Token 2049, it announced a major upgrade to its products and services, disclosed the funding size of CertiK Ventures, and received coverage from many well-known media:

CertiK: Ventures announces $45 million investment plan, Token Scan and other community security tools are free to use

Cointelegraph published: Security company CertiK launches $45 million investment plan to support the development of Web3

Lianhe Zaobao: CertiK launches $45 million investment plan to upgrade products to cover the entire cycle of Web3.0 projects

CertiK also launched security tools such as Token Scan and Wallet Scan, giving back to the community for free:

Skynet: Multi-dimensional functions help Web3.0 community upgrade security

This quarter, CertiK co-founder Professor Gu Ronghui and several team members accepted media interviews:

Southern Metropolis Daily interview with Professor Gu Ronghui: Interpretation of Microsoft Blue Screen Incident

DEF CON 32 Spotlight: CertiK Security Engineer Reveals dApp Security Challenges

AI and blockchain: Professor Ronghui Gu discusses the future of technology convergence at the Blockchain Futurist Conference

The intersection of Web2.0 and Web3.0: Beware of the dual challenges of network security

Media Interview | CertiK Chief Security Officer Professor Li Kang: The changing regulatory environment for crypto assets brings new opportunities

Interview | Cointelegraph interview with CertiK: Threats and prevention of AI deep fake attacks

Korean media interviewed CertiK’s Chief Business Officer: Continue to focus on the Korean market and work hard to solve Web3 security and compliance issues

Techub Exclusive Interview with Professor Gu Ronghui: Decoding CertiK’s Security Strategy

In the technology field, CertiK shared two case studies on the formal verification of zero-knowledge proofs (ZKP) this quarter:

Advanced Formal Verification of Zero-Knowledge Proofs: How to Prove Zero-Knowledge Memory

Technical Detail | Divide and Conquer: Hidden Vulnerabilities in ZK Division

And two technical analysis articles about Solana vulnerabilities:

Technical Details | CertiK Reveals Secretly Patched Solana Core Vulnerability

Technical Details | CertiK Assists in Fixing DOS Vulnerability in Solana’s Large Integer Modular Exponentiation

During this period, CertiK received two acknowledgments from Apple, becoming the Web3.0 security organization that has received the most public acknowledgments from Apple to date:

Honor | CertiK receives Apple’s recognition for fifth time, dedicated to providing comprehensive security solutions

Honor | CertiK is recognized by Apple for the 6th time for discovering a vulnerability in Apple Vision Pro eye tracking technology

On July 17, the Hong Kong Treasury and the HKMA adopted two recommendations proposed by CertiK:

Hong Kong’s Treasury and HKMA adopt CertiK’s recommendations to help develop stablecoin regulation

Conclusion

CertiK is committed to continuously tracking security trends in the Web3.0 field. So far, it has conducted more than 70 white hat operations, reported more than 4,000 security incidents, discovered more than 115,000 code vulnerabilities, and protected more than $360 billion in digital assets from potential losses; and delivered key security information to the industry in the form of annual and quarterly security reports. Once the security report was released, it received high attention from the industry and was quickly reported and cited by core media in the Web3.0 field such as CoinDesk and Cointelegraph.

CertiK’s Hack3d security report not only provides raw data on security incidents, but also deeply analyzes the potential impact of these vulnerabilities on the entire Web3.0 ecosystem, providing valuable reference for understanding the security status, challenges and opportunities of Web3.0, and providing security information education and support to the community.

You are welcome to copy and open the link at the end of the article to read the full "Hack3d: Web3.0 Security Report for the Third Quarter of 2024" for more comprehensive analysis, insights and suggestions.

Full text link: https://indd.adobe.com/view/fd940244-b0b1-467f-984a-00463f8d8e2a

Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.
Like
4
Add to Favorites
1
Comments