Cryptocurrency continues to be a hot target for cybercriminals, with over $1.1bn lost in Web3 cybersecurity incidents in the first half of 2024, according to Certik, a blockchain monitoring firm. This staggering amount was the result of 408 onchain security incidents, with the average cost per incident totaling $2.9m. The median loss stood at $230,784, showcasing the vast difference in losses suffered by victims.
Phishing emerged as the most common attack vector, accounting for 150 incidents and $497.7m in losses. Private key compromises also posed a significant threat, with 42 incidents leading to $408.9m in losses, underscoring the ongoing vulnerabilities in key management practices.
The main attack vectors for volume and financial losses included phishing, code vulnerabilities, private key compromises, exit scams, price manipulation, and access control. Ethereum was the most targeted blockchain in the first half of 2024, with 222 incidents resulting in $315m in losses. Bitcoin, on the other hand, experienced only one security incident during this period, resulting in the theft of 4,502.9 BTC worth $304m due to a hack at a Japanese cryptocurrency exchange.
Other cryptocurrencies such as Blast and Arbitrum also suffered significant losses due to security incidents, with Blast experiencing seven incidents totaling $70.7m in losses, and Arbitrum facing 28 incidents resulting in $31m in losses.
The increase in Web3 losses in H1 2024 marks a substantial rise compared to H1 2023, indicating a growing threat landscape for cryptocurrency users. The value of losses from security incidents in Q2 2024 saw a 37% increase compared to Q1, although there was an 18% decrease in the number of incidents quarter-over-quarter. This discrepancy could be attributed to the fluctuating prices of cryptocurrencies like Bitcoin, which surged in value during 2024.
Web3, a decentralized internet service based on blockchain and cryptocurrencies, offers users more control over their online activities. However, the rise of decentralized finance (DeFi) platforms within Web3 has made them prime targets for cybercriminals seeking to steal large amounts of crypto in a single attack. With the relaxation of cryptocurrency trading restrictions in markets like Dubai and Hong Kong, DeFi platforms need to prioritize enhanced security measures to capitalize on the growing opportunities in the market.