The number of reported cryptocurrency hacking incidents has decreased in the third quarter of 2024, but the value of the stolen assets has skyrocketed. On the 1st, cybersecurity company CertiK released a report.
According to the report, overall monetary damage increased by about 9.5%, with 155 hacking incidents resulting in a total of $753 million being stolen from investors.
Among cryptocurrencies, Ethereum (ETH) was the most frequently hacked. More than $387 million was lost in 86 hacking incidents.
The largest hacking incident occurred on August 19th. A major Bitcoin (BTC) investor lost 4,064 BTC, equivalent to about $238 million, due to unauthorized access to his cryptocurrency wallet.
WazirX, a cryptocurrency exchange based in India, was also the victim of a major hack, losing more than $235 million. This hack accounts for the majority of the quarter's losses.
As of now, hackers appear to have illicitly obtained about $2 billion worth of cryptocurrency in 2024. In the first quarter of 2024, hackers illicitly obtained more than $500 million in cryptocurrency in 224 attacks. They also stole $687 million in the second quarter.
In addition, the recovery rate of stolen cryptocurrency has decreased compared to the previous quarter. According to the report, the recovery rate of stolen cryptocurrency is only 4.1%, down from 14.4% in the previous quarter. This means that hackers' money laundering techniques are improving.
Phishing scams appear to have become the most popular hacking method in the third quarter of 2024. More than $343 million was stolen in 65 hacking incidents.
In phishing attacks, hackers usually pose as legitimate financial institutions and trick users into providing login IDs, passwords, private keys, and other information.
Classic phishing scams are the norm
Victims are tricked through email, social media, and fake websites. Although classic, phishing scams still seem to be a legitimate crime today.
Many phishing scams pose as service sites or banks and trick users into entering information on fake websites after receiving emails or social media messages stating that their login information is inappropriate, that their information has been leaked, or that their input data is incorrect.
CertiK pointed out that "To avoid falling victim to such attacks, users should be wary of unsolicited messages requesting personal information, double-check website URLs and email addresses, and enable two-factor authentication (2FA, smartphone authentication, etc.)."
Private key hacks were the second most common attack, causing over $324 million in damages across just 10 incidents. Code vulnerabilities, reentrancy and price manipulation attacks were also rampant in the quarter.
Reference: CertiK
Image: Shutterstock
Related articles
North Korean hackers cause cryptocurrency hacking damage in 2023 to approx. 87 billion yen
KyberSwap hacker demands complete control, including transfer of management rights