Phishing attacks, private key leaks resulted in $668m stolen in Q3: CertiK

In Q3, threat actors stole over $750 million worth of cryptocurrency across 150+ security incidents, marking a 9.5% increase in value lost despite 27 fewer incidents compared to Q2.

Phishing attacks and private key compromises were significant contributors to over $750 million in cryptocurrency thefts during Q3, according to data from blockchain analytics firm CertiK. Despite a decline in the total number of security incidents to more than 150, the total value lost increased by 9.5% compared to the previous quarter.

Per CertiK’s estimates, hackers have now stolen nearly $2 billion in 2024 alone, with the data showing $505.5 million lost across 224 attacks in Q1 and $687.5 million in Q2. In Q3, phishing emerged as the most damaging attack vector, with nearly $343.1 million stolen across 65 incidents.

“These attacks typically involve bad actors posing as legitimate entities to trick users into revealing sensitive information, such as login credentials.”

CertiK

Private key compromises ranked as the second most costly attack vector, resulting in $324.4 million stolen across 10 incidents. Together, these two vectors accounted for $668 million in losses, while additional security incidents in Q3 involved code vulnerabilities, reentrancy events, and price manipulation, highlighting the urgent need for improved security protocols in the decentralized finance sector.

CertiK notes that Ethereum (ETH) remained the most targeted blockchain, with $387.9 million stolen in 86 incidents, significantly outpacing Bitcoin (BTC), which was also heavily targeted. As hackers continue to evolve their tactics, the blockchain firm says the crypto industry must prioritize user education and advanced security measures to protect assets.