Malicious actors stole more than $750 million in various crypto-related hacks and scams in the third quarter, bringing total losses for the year to more than $1.9 billion, according to CertiK’s quarterly Hack3d security report.
The losses have been suffered in 155 separate incidents, showing a 9.5% increase in stolen money compared to the previous quarter. However, there were 27 fewer incidents than in the second quarter.
According to the report, three major events accounted for the majority of stolen funds during the quarter. Two of the biggest incidents were a $238 million phishing attack targeting a Bitcoin whale and a $231 million hack of India-based centralized exchange WazirX. The third largest incident involved an individual investor who fell victim to a phishing scam that resulted in a loss of $55.4 million.
Meanwhile, roughly $30.9 million was recovered across nine incidents, reducing adjusted net losses for the quarter to about $722 million.
Phishing remains a problem
Phishing attacks and private key compromise were the most dominant attack methods used by malicious actors in the third quarter.
Phishing alone caused losses of more than $343 million in 65 cases. Typically, these scams involve attackers posing as trusted entities to trick victims into sharing sensitive information such as passwords.
Private key compromise ranks second, with losses exceeding $324 million in ten cases. In these scenarios, attackers gain control of private keys, allowing them to transfer funds without the need for further authentication.
Other notable vulnerabilities included code errors, re-entry bugs, price manipulation, and fundraising scams.
Ethereum suffered the most losses
Within blockchain networks, Ethereum saw the most security breaches, with 86 hacks and scams resulting in losses of more than $387 million. The Bitcoin network followed suit, with $238 million stolen in one phishing incident.
CertiK explained that the top two blockchain networks were the most targeted due to their “high transaction volume, large user base and TVL.”
Meanwhile, multi-chain platforms also suffered significant losses of around $90 million, while other blockchain networks such as Binance Smart Chain (BSC), Cosmos, Scroll, Solana, Base, Blast and Optimism were responsible for the remaining incidents.
