Crypto hackers steal $750M in Q3 2024, as losses grow by 9.5% — CertiK


The third quarter of 2024 has witnessed a decrease in the total number of reported crypto hacks but a spike in the value of assets stolen.

According to an Oct. 1 report by cybersecurity firm CertiK, the overall financial damage surged by approximately 9.5%, with a total of $753 million taken from investors across 155 incidents. 

The Ethereum network suffered the most security incidents, with 86 hacks, scams, and exploits costing over $387 million.

The largest incident occurred on Aug. 19, when a Bitcoin whale lost 4,064 Bitcoin (BTC), worth around $238 million, in an apparent wallet compromise.

Another major theft occurred at India-based crypto exchange WazirX, through which over $235 million was stolen. The hack contributed to a significant portion of the quarter’s losses. 

Security incidents by chain in 3Q24. Source: CertiK

In 2024 to date, hackers have stolen nearly $2 billion. In the first quarter of 2024, attackers made off with over $505 million across 224 attacks. The second quarter saw an escalation, with $687 million stolen. 

In addition, recovery of stolen funds shrunk in the last quarter. According to the report, only 4.1% of stolen assets were recovered, down from the 14.4% returned in the previous quarter. 

Related: September crypto hacks surpass $120M, centralized exchanges hit

Phishing and Private Key Compromises Dominate

Phishing emerged as the most costly attack method in the third quarter of 2024, with bad actors stealing over $343 million across 65 incidents.

Phishing attacks typically involve scammers posing as legitimate institutions to deceive users into disclosing sensitive information, such as login credentials or private keys. Victims are often tricked through emails, social media, or fake websites. 

“To prevent falling victim to these attacks, users should be wary of unsolicited messages asking for private information, double-check website URLs and email addresses, and enable two-factor authentication (2FA),” noted CertiK.  

Private key compromises represented the second most damaging attack type, accounting for $324 million in losses across just 10 incidents. This quarter also saw a number of code vulnerabilities, reentrancy events, and price manipulation attacks.

Magazine: Advanced AI system is already ‘self-aware’ — ASI Alliance founder