CertiK warns the phishing threat is rising

In 2024, attackers stole more than $1 billion across 296 phishing incidents, according to CertiK’s annual report.

The numbers from 2024 are in, and the Web3 ecosystem faces significant challenges. Over $2.36B was stolen across 760 incidents, marking a 31.61% increase from the previous year.

Dive into the 2024 Hack3d Report to see the insights that shaped the year and what’s next.?? pic.twitter.com/86QyfYia8M

— CertiK (@CertiK) January 2, 2025

“Phishing was the most costly attack vector last year. Our numbers are conservative; the real ones are higher if you account for unreported incidents and other kinds of [similar] scams,” a CertiK representative told Cointelegraph.

Of the 296 incidents in 2024, at least three resulted in losses exceeding $100 million.

Analysts named the compromise of private keys the second-biggest threat last year after phishing. More than $855 million was stolen across 65 incidents. Critical code vulnerabilities also remain a problem.

Among the year’s most high-profile incidents, analysts highlighted the May hack of the Japanese cryptocurrency exchange DMM Bitcoin. Hackers withdrew 4,502 BTC ($320 million at the time) — losses were the second largest in the country after the attack on Coincheck. In December, DMM Bitcoin announced its liquidation.

“Phishing tactics will undoubtedly evolve in 2025, especially as artificial intelligence develops,” the CertiK representative added.

Earlier, Hacken estimated that the Web3 market’s cumulative losses over the past year exceeded $2.9 billion, including damage to DeFi, CeFi-platforms, games and metaverses. In 78% of cases, access-control vulnerabilities were the cause of breaches.

According to Chainalysis, North Korean hackers stole at least $1.34 billion in cryptoassets in 2024.