Phishing attacks and private key leaks led to $668 million theft in Q3: CertiK

In the third quarter, threat actors stole over $750 million worth of cryptocurrencies in more than 150 security incidents. This represents a 9.5% increase in loss of value, despite there being 27 fewer incidents compared to the second quarter.

Phishing attacks and private key compromise were major contributors to over $750 million worth of cryptocurrency thefts in the third quarter, according to data from blockchain analytics firm CertiK. Despite a decrease in the total number of security incidents to over 150, the total value loss increased by 9.5% compared to the previous quarter.

CertiK estimates that hackers stole nearly $2 billion in 2024 alone, with data showing a loss of $505.5 million across 224 attacks in the first quarter and $687.5 million in the second quarter. In the third quarter, phishing emerged as the most damaging attack vector, with nearly $343.1 million stolen in 65 incidents.

“These attacks typically involve malicious actors posing as legitimate entities to trick users into revealing sensitive information such as login credentials.”

CertiK

Private key compromise was the second most expensive attack vector, resulting in $324.4 million in theft across ten incidents. Together, these two vectors caused losses of $668 million, while additional security incidents in the third quarter involved code vulnerabilities, re-entry events and price manipulation, highlighting the urgent need for improved security protocols in the decentralized finance sector.

CertiK notes that Ethereum (ETH) remained the most targeted blockchain, with $387.9 million stolen in 86 incidents, significantly surpassing Bitcoin (BTC), which was also heavily targeted became. As hackers evolve their tactics, the crypto industry must prioritize user education and advanced security measures to protect assets, according to the blockchain company.