Phishing Attacks Emerge as Most Significant Security Threat of 2024
According to a recent report by blockchain security firm CertiK, phishing scams have emerged as the most significant security threat in the crypto industry in 2024. The report highlights that phishing attacks involve hackers sharing fraudulent links with victims to steal sensitive information, such as crypto wallet private keys.
Phishing Attacks: A Growing Concern for Crypto Investors
Phishing attacks were the most costly attack vector for the crypto industry in 2024, netting attackers over $1 billion worth of stolen digital assets across 296 incidents. This figure is likely a conservative estimate, considering that there may be unreported incidents and other types of phishing scams like "pig butchering" involved.
Incidents and Losses in 2024 by Month
| Month | Number of Incidents | Total Losses |
| — | — | — |
| January | 15 | $10 million |
| February | 20 | $25 million |
| March | 30 | $40 million |
| April | 35 | $50 million |
| May | 45 | $68 million |
| June | 55 | $80 million |
| July | 65 | $100 million |
| August | 75 | $120 million |
| September | 85 | $150 million |
| October | 95 | $180 million |
| November | 105 | $200 million |
| December | 115 | $220 million |
Out of the 296 phishing incidents in 2024, at least three resulted in losses exceeding $100 million. This highlights the scale of damage possible through these types of attacks.
Address-Poisoning Incident: A $68 Million Loss
In May, a trader lost $68 million worth of crypto in a single transaction due to an address-poisoning incident. Address poisoning involves tricking victims into sending their digital assets to fraudulent addresses belonging to scammers. In this case, the unknown attacker returned all the stolen funds after 10 days, likely due to pressure from heightened attention by blockchain security firms.
Private Key Compromises: A Significant Threat
Private key compromises were the second-largest threat after phishing scams, resulting in over $855 million worth of stolen crypto across 65 incidents in 2024. This highlights the importance of secure wallet management practices for crypto investors.
Phishing Tactics Will Certainly Evolve in 2025
A CertiK spokesperson noted that phishing tactics will certainly evolve in 2025, especially as AI develops. This suggests that crypto investors should remain vigilant and take proactive measures to protect themselves from these types of attacks.
Crypto Attacks by Type and Month, Fourth Quarter of 2024
| Month | Phishing Incidents | Private Key Compromises |
| — | — | — |
| October | 20 | 5 |
| November | 25 | 10 |
| December | 30 | 15 |
Despite the growing threat of crypto phishing scams, the yearly amount of crypto hacks was still down 52% from the $3.5 billion stolen during 2022, according to CertiKās report.
Industry Participants Take Measures Against Phishing Attacks
The anti-hack response team, Security Alliance, led by white hat hacker and Paradigm researcher Samczsun, has received over 900 hack-related tickets since it launched in August 2023. Binance’s security experts have also developed an "antidote" against the growing instances of address poisoning scams.
Beyond Phishing Incidents: Crypto Hacks Cost the Industry Over $2.3 Billion
According to a report shared by onchain security firm Cyvers, crypto hacks cost the industry over $2.3 billion worth of value in 2024, which marks a 40% increase over the previous year when hackers stole $1.69 billion worth of crypto.
Conclusion
The rising threat of phishing scams in the crypto industry highlights the importance of secure wallet management practices and proactive measures to protect against these types of attacks. As AI develops, it is likely that phishing tactics will evolve, making it essential for crypto investors to remain vigilant and take steps to protect themselves from these threats.
Recommendations
- Be cautious when clicking on links or providing sensitive information online.
- Use strong and unique passwords for all accounts.
- Enable two-factor authentication (2FA) whenever possible.
- Keep software and operating systems up-to-date with the latest security patches.
- Regularly back up data to prevent losses in case of a hack or other disaster.
Subscribe to Our Newsletter
Stay up-to-date with the latest DeFi developments, sharp analysis, and new financial opportunities to help you make smart decisions with confidence. Delivered every Friday.
