A Total of $688M Was Lost Across 184 On-Chain Security Breaches in Q2: CertiK
Blockchain security auditor CertiK has published its Web3 Report for the second-quarter of 2024, highlighting losses across on-chain security vulnerabilities.
Per the report released Thursday titled Q2 “Hack3D: The Web3 Security Report,” a total of $688,102, 941 were lost across 184 on-chain security incidents in Q2.
“This represents a 37% increase in value lost compared to Q1 2024, though there was an 18% decrease in the number of incidents quarter-over-quarter.”
The report attributes majority of the losses associated with phishing attacks, followed by private key compromises. That said, phishing accounted for around $433.7 million loss across 67 incidents, while, 16 major private key compromises contributed to $170.1 million loss.
Further, the findings noted that Ethereum on-chain faced highest number of security breaches – a total of 83 hacks and scams.
The ETH blockchain has borne the brunt of the attacks occurred in the first half (H1) of 2024. It experienced 222 incidents that led to nearly $15.5 million in losses.
Prominent On-chain Security Breaches
In terms of individual incidents, the top 10 losses in Q2 were dominated by phishing attacks. The largest single on-chain attack on a Japanese exchange – DMM Bitcoin, – resulted in a $305 million loss.
Another widely-reported crypto attack, linked to Turkish exchange BtcTurk, amassed $54 million worth of Avalanche tokens. The stolen funds were subsequently converted to Bitcoin and moved to two separate wallets.
“Other notable types of incidents in Q2 include code vulnerabilities, access control issues, and exit scams,” the report read.
Code vulnerabilities, which allows attackers to inject malicious scripts into web pages, accounted for $37.37 million across 57 incidents. While, access control failures, though smaller in number, resulted in in significant losses of $7.51 million, CertiK added.
Exit scams have contributed to $10.31 million in losses, spanning across 20 incidents.
By blockchain, BNB Chain followed Ethereum, with 44 incidents totaling $12 million. Other on-chain incidents occurred on Arbitrum and Avalanche, “highlighting that security challenges are not confined to any single blockchain,” the report added.