Increased Warning Issued Over Phishing Attempts: CertiK Advises Caution
In the digital landscape of 2024, the Web3 ecosystem faced a significant surge in cyber attacks, with losses totalling an alarming $3.1 billion. According to the latest data, human and operational security weaknesses have become the primary sources of these losses, eclipsing pure code exploits.
The year saw a 31.61% increase in cyber attacks, with a total of $2.36 billion stolen across 760 incidents. The major attack vectors were access-control failures, including phishing and private key compromise, and code vulnerabilities in smart contracts.
Access-control exploits, such as phishing and private key theft, accounted for nearly 59% of the losses, totalling approximately $1.8 billion. Phishing was the most costly attack vector in 2024, accounting for over $1 billion in losses. Out of the 296 phishing attacks in 2024, at least three resulted in losses exceeding $100 million.
Private key compromise was the second most significant threat, resulting in over $855 million in losses across 65 incidents. Notable among these incidents was the DMM Bitcoin hack, which resulted in the loss of 4,502 BTC (worth approximately $320 million at the time), making it the second-largest loss in Japan, following the Coincheck breach.
Smart contract vulnerabilities, while less dominant than access control failures, still led to significant losses. Critical bugs, such as the liquidity overflow vulnerability that caused the $223 million Cetus DeFi exploit in Q2 2025, and recurring bugs in legacy codebases like GMX v1, which was heavily exploited due to outdated and unpatched contracts, contributed to the total losses.
Phishing tactics are expected to evolve in 2025, potentially incorporating artificial intelligence. A representative from CertiK stated that the figures for phishing attacks in 2024 are conservative, and the real tally is likely higher. Unreported incidents and other scams are likely to increase the total.
In 78% of cases in 2024, exploits in the Web3 ecosystem stemmed from access control vulnerabilities. North Korean hackers are reported to have stolen at least $1.34 billion worth of crypto assets in 2024.
The 2024 Hack3d Report provides insights into the year's cyber attacks and what to expect moving forward. In December 2024, DMM Bitcoin announced its liquidation. The reported figure for phishing attacks in 2024 is conservative, with emerging AI-related threats and other risks likely increasing the total.
As we move into 2025, it is crucial for the Web3 community to prioritise security measures, focusing on human error and operational weaknesses to minimise the impact of cyber attacks. The 2024 Hack3d Report serves as a valuable resource for understanding the current threat landscape and developing effective strategies for security and resilience.
Defi vulnerabilities, such as the one that caused the $223 million Cetus exploit, highlight the importance of addressing code vulnerabilities in smart contracts, a key aspect of the Web3 technology. In 2024, cybersecurity breaches related to Bitcoin saw a significant increase, with the DMM Bitcoin hack being the second-largest loss in Japan.
