Q3 2024 Blockchain Hack Report

19 October, 2024

Q3 2024 Blockchain Hack Report

In the third quarter of 2024, the blockchain and cryptocurrency ecosystem experienced a dramatic spike in losses due to cyberattacks, even as the number of incidents decreased. According to the latest findings, the total value stolen from investors amounted to a staggering $750 million, representing a 9.5% increase in overall financial damage compared to Q2 2024. Despite the rise in stolen funds, there were fewer incidents reported, with 155 hacks compared to the previous quarter's 224. The most significant incidents targeted well-known projects, exchanges, and individual wallets, with the largest single event being a compromise of 4,064 Bitcoin, valued at $238 million, from a Bitcoin whale's wallet on August 19.

Overview of Q3 2024 Blockchain Attacks

The quarter saw a range of attack vectors, with phishing and private key compromises emerging as the most damaging types of exploits. These forms of attacks collectively accounted for over 88% of the total losses.

By Attack Type:

  • Phishing: $309,278,519 stolen across 65 incidents
  • Private Key Compromise: $317,786,322 stolen across 10 incidents
  • Code Vulnerabilities: $39,680,651 across 44 incidents
  • Reentrancy Attacks: $30,353,579 across 5 incidents
  • Price Manipulation: $7,686,536 across 3 incidents
  • IDO/Fund Raising Rug: $2,118,058 across 1 incident
  • Token Dump: $1,415,342 across 11 incidents
  • Honeyspot: $404,102 across 2 incidents

Phishing remained the top attack method, responsible for over $343 million in losses. This tactic involves deceiving users into sharing sensitive information, such as private keys, which are then used to drain their wallets. Hackers typically use social engineering tactics, fake websites, or impersonation to lure victims.

Major Incidents of Q3 2024

The largest individual losses stemmed from prominent entities within the crypto space. Among the top 10 incidents, two massive breaches—one involving a Bitcoin whale and another targeting the India-based exchange WazirX—accounted for nearly half of the quarter’s total losses.

Q3 Top Incidents:

  1. WazirX: $231,469,024
  2. BingX: $48,477,499
  3. Penpie: $27,348,259
  4. Indodax: $22,125,742
  5. Ronin Network: $11,769,159
  6. Li.Fi: $11,600,000
  7. Bittensor PyPi Package: $8,000,000
  8. Rho Market: $7,620,279

Blockchain Networks Under Attack

In terms of blockchain ecosystems, Ethereum continues to be the most targeted, with 86 reported incidents resulting in over $387 million in losses. Other notable blockchain networks that suffered significant breaches include Bitcoin, BSC (Binance Smart Chain), and Solana. Ethereum’s position as the leading smart contract platform makes it an attractive target for bad actors, particularly through vulnerabilities in decentralized finance (DeFi) protocols.

Losses by Blockchain:

  • Ethereum: $387,892,629.16, 86 incidents
  • Bitcoin: $238,000,000.00, 1 incident
  • Multiple Chains: $89,838,491.98, 7 incidents
  • Other: $8,000,000.00, 1 incident
  • Scroll: $7,620,279.00, 1 incident
  • BSC: $4,702,658.02, 39 incidents
  • Cosmos: $2,801,845.00, 1 incident
  • Base: $2,263,265.39, 3 incidents

This quarter, cross-chain bridges and multi-chain projects were also frequently targeted, contributing to a total of $741,119,168.55 in losses across incidents.

Recovery Efforts and Future Implications

While the amount stolen in Q3 was significant, only 4.1% of these funds were recovered, marking a steep decline from the 14.4% recovery rate in Q2. This reduced recovery rate emphasizes the increasing sophistication of the attacks and the challenges faced by security firms in tracking and retrieving stolen assets.

As hackers continue to evolve their tactics, it is critical for the blockchain industry to strengthen security protocols. At PrismBlocks, we recommend rigorous smart contract audits, advanced multi-factor authentication (MFA) systems, and regular phishing simulation training to minimize risks. Additionally, decentralized exchanges and projects must prioritize ongoing vulnerability assessments and continuous monitoring.

The rise in private key compromises and phishing attacks demonstrates that user awareness and robust authentication mechanisms are more crucial than ever in maintaining the integrity of blockchain projects and platforms.

Conclusion

Q3 2024 has reinforced the need for greater security measures across the blockchain ecosystem. While decentralized technologies offer immense potential, they also present new opportunities for malicious actors. The increasing losses due to phishing, private key compromises, and smart contract vulnerabilities serve as a wake-up call for both projects and users alike.

As we move into Q4, PrismBlocks is committed to staying at the forefront of blockchain security by offering cutting-edge solutions, rigorous audits, and continued education for our clients. Together, we can create a safer, more resilient blockchain future.

15 October, 2024

The Rise of Phishing Attacks in Web3 Security

Phishing, a form of social engineering attack, tricks individuals into revealing sensitive information such as private keys or passwords by impersonating legitimate entities.

Read More

11 November, 2024

October 2024 Hack Report: Crypto Industry Faces $126.93 Million in Losses

October 2024 was marked by significant security breaches, with crypto asset losses totaling $126.93 million. The incidents targeted both centralized exchanges and decentralized platforms

Read More

23 November, 2024

Protecting Web3 from Human Exploits: Top Social Engineering Tactics

As Web3 grows, attackers exploit human psychology through social engineering tactics like phishing, baiting, and impersonation to gain access to sensitive data.

Read More

28 November, 2024

What is Liquid Staking? How does it work?

Liquid staking enables users to stake ETH without locking funds or running nodes. Platforms like Lido offer liquid staking tokens (LSTs) to represent staked assets and rewards.

Read More