The third quarter of the year saw a surge in crypto-related hacks and scams, with malicious actors stealing over $750 million, bringing the total losses for the year to a staggering $1.9 billion. According to CertiK’s quarterly Hack3d security report, a total of 155 incidents contributed to this figure, showing a 9.5% increase in stolen funds compared to the previous quarter. Despite the rise in stolen funds, there were 27 fewer incidents compared to the second quarter.
Three major events accounted for most of the funds stolen during the quarter. The largest incidents included a $238 million phishing attack targeting a Bitcoin whale, a $231 million hack of India-based centralized exchange WazirX, and a phishing scam that resulted in a $55.4 million loss for an individual investor. Additionally, approximately $30.9 million was recovered across nine incidents, reducing the adjusted net losses to around $722 million for the quarter.
Phishing attacks and private key compromises were the primary methods used by malicious actors during the third quarter. Phishing alone caused losses exceeding $343 million in 65 cases, where attackers pose as trusted entities to deceive victims into sharing sensitive information like passwords. Private key compromises ranked second, with over $324 million lost across 10 cases, allowing attackers to transfer funds without further authentication.
Other vulnerabilities included code flaws, reentrancy bugs, price manipulation, and fundraising-related scams. Ethereum was the most targeted blockchain network, with 86 hacks and scams resulting in losses of over $387 million. The Bitcoin network followed closely, with $238 million stolen in a single phishing incident. CertiK attributed the targeting of these networks to their high transaction volume, large user base, and Total Value Locked (TVL).
Multi-chain platforms also suffered significant losses of around $90 million, while other blockchain networks like Binance Smart Chain (BSC), Cosmos, Scroll, Solana, Base, Blast, and Optimism accounted for the remaining incidents. Despite efforts to recover stolen funds and mitigate risks, the crypto industry continues to face challenges from sophisticated cybercriminals. Stay vigilant and ensure the security of your crypto assets to protect against such attacks.