Nearly $2.4 billion was stolen across 760 on-chain incidents in 2024. That was just one revelation in CertiK’s Hack3d: The Web3 Security Report 2024.
Even though the total number of incidents decreased by roughly 4%, the amount stolen surged by 31%, meaning that even though thieves are successful less often, when they succeed, it’s increasingly worth it.
The average hack cost victims $3.1 million, up 23%. At $151,000 stolen, the median amount rose 47%. May was the worst month, with $444 million swiped across 63 incidents. Hackers were busiest in the third quarter when they pilfered $753 million from 157 hacks. They enjoyed their work in the final quarter, which saw the incident rate decline by nearly half.
Phishing was the leading 2024 trend. Its practitioners ripped off more than $1 billion from 296 events. Three of those saw takes north of $100 million.
“This represents nearly half the value stolen in the year and 39.1% of the number of incidents, suggesting that on average, phishing attacks typically lead to larger amounts stolen per incident than other vulnerabilities,” the report states.
Private key compromises came in second, producing more than $855 million from 65 occurrences. Phishing and private key compromises were common in all four quarters.
While code vulnerabilities were the second most common incident type, with 218 in 2024, they were less lucrative, producing only $171 million overall. Exit scams were the third most popular but only generated a meagre $85.4 million.
Hackers love Ethereum. It saw 403 hacks, scams and exploits that generated almost $749 million in losses. That is close to $1.9 million per incident.
Nearly $543 million in Bitcoin and $133 million in Tron were stolen in 2024.
There were 39 incidents of security breaches involving multiple chains in 2024. Collectively, they accounted for $435 million in losses over the year.
WazirX was the most costly incident at $235 million. Chris Larsen was second with $112 million. Rounding out the top five are BtcTurk, Munchable, and BitForex.
Other 2024 highlights include a late October incident where a wallet possibly owned by the United States government lost $20 million in funds previously seized from the 2016 Bitfinex hack.