Phishing was the most costly attack vector in Web3 in 2024, in a year where a total of $2.3 billion was lost across 760 on-chain security incidents, according to CertiK’s Web3 Security Report 2024.
According to the report:
- The year (2024) saw a 31.61% increase in value stolen compared to 2023
- The number of security incidents year-over-year increased by 29
- The average amount lost per hack in 2024 was $3,18 million
- The median amount stolen was $150,925
- Similar to Q3 of 2023, Q3 of 2024 saw the most losses, with $753.34 million stolen in 157 hacks, scams, and exploits
- The subsequent quarter (Q4 2024) saw a 46.65% decline in the amount stolen
- May 2024 was the most costly month of the year, with $444,37 million lost across 63 incidents
- Phishing attacks dominated in value lost and incident count with $1,01 billion lost across 296 incidents, and
- 3 phishing incidents of more than $100,000,000 lost,
notes CertiK’s Web3 Security Report 2024.
“This represents nearly half of all value stolen in the year and 39.1% of the number of incidents suggesting that, on average, phishing attacks typically lead to larger amounts stolen per incident than other vulnerabilities,” the report said.
- Private key compromises followed, with $855.35 million stolen across 65 incidents
- All four quarters of 2024 saw high levels of activity involving phishing attacks and private key theft
In terms of chains,:
- Ethereum once again experienced the highest number of security incidents, with a total of 403 hacks, scams, and exploits leading to $748.66 million in losses. This resulted in an average of $1,87 million stolen per incident
Hackers also heavily targeted Bitcoin and Tron, with:
- Bitcoin having $542,7 million stolen and
- TRON having $133,09 million stolen
Security breaches affecting multiple chains accounted for $435.01 million in losses across 39 incidents, the report added.
Phishing is expected to be the dominant attack vector in Web3 in 2025, and users are cautioned as the crypto economy is set for more expansion.
According to CertiK, phishing is particularly popular among criminals because it preys on human vulnerabilities rather than solely targeting technological weaknesses. By crafting deceptive emails, fake websites, or fraudulent messages, attackers trick users into divulging sensitive information like passwords, private keys, or wallet addresses.
“In the crypto space, the irreversible nature of transactions makes phishing particularly devastating, as funds cannot be recovered once transferred – unless the attacker decides to return funds.”
You can read the report for free here.
Follow us on X for the latest posts and updates
Join and interact with our Telegram community
_________________________________________
_________________________________________
