CertiK Issues Alert: Phishing Attempts Escalating
In the digital world of Web3, security concerns remain a pressing issue. The year 2024 saw a significant rise in cyberattacks, with critical code vulnerabilities taking a back seat to more insidious threats. According to the 2024 Hack3d Report and insights from CertiK, phishing attacks emerged as the most costly and frequent source of crypto asset loss.
CertiK's 2024 Web3 Security Report revealed that phishing attacks caused over $1 billion in losses across 296 incidents. These attacks typically exploit human psychology, tricking users into authorising malicious transactions or revealing sensitive information. Social engineering, therefore, becomes a prime factor in breaches rather than code vulnerabilities.
The digital asset criminals stole over $2.36 billion in 760 reported on-chain incidents throughout 2024, averaging $3.1 million stolen per incident. This surge in Web3 security breaches includes, but is not limited to, phishing.
Binance took a proactive approach to combat phishing by developing an anti-poisoning algorithm in May 2024. This algorithm detected about 15 million potentially malicious addresses designed to dupe users into sending assets to fake or lookalike wallet addresses.
Hackers in 2024 were found to focus more on exploiting users' trust and errors rather than purely attacking smart contract code or protocols. The rise of social engineering tactics such as phishing and "pig butchering" scams (long-con confidence fraud) was also observed.
Reports from blockchain analytics firms like Chainalysis and PeckShield confirmed 2024 as a record year for crypto theft, with ongoing increases into 2025. The FBI also issued alerts on related fraud schemes involving fake law firms, emphasising the growing sophistication and persistence of scams impacting Web3 users.
The May attack on Japanese cryptocurrency exchange DMM Bitcoin resulted in a loss of 4,502 BTC, valued at approximately $320 million at the time. This hack was the second-largest loss in Japan, following the Coincheck breach.
North Korean hackers were also active, stealing at least $1.34 billion worth of crypto assets in 2024.
Phishing tactics are expected to evolve in 2025, potentially incorporating artificial intelligence. Despite this, ongoing efforts by exchanges and security teams are crucial in mitigating these threats and protecting the Web3 ecosystem.
Bitcoin, with its extensive use in the Web3 world, was a common target for phishing attacks in 2024, contributing to the $1.34 billion worth of cryptocurrency stolen by North Korean hackers. As cybersecurity concerns persist, technology like the anti-poisoning algorithm developed by Binance in May 2024, can help combat these insidious threats, preparing for potential evolution of phishing tactics using artificial intelligence in 2025.
