The latest CertiK Web3 Security Report reveals that $1.19 billion has been lost to onchain security incidents in the first half of 2024, prompting the need for improved security measures.

The report highlights that most of the losses were attributable to phishing attacks and private key compromises, with phishing attacks accounting for almost $498 million.

In a written Q&A with Cointelegraph, Ronghu Gu, co-founder of CertiK, articulated the need for multifactor authentication, such as two-factor authentication (2FA) and “security keys.” 

“All wallets with significant funds should be interacted with using a hardware wallet or similarly secure and well-designed key management solution.”
An infographic showing the types of cyberattacks and financial losses attributed to each type. Source: CertiK

H1 hack attack

Among the security breaches in 2024, the DMM Bitcoin attack was the biggest in the second quarter, joining the ranks of the most significant hacks in history, with $304 million lost.

The Japanese crypto exchange experienced a breach that resulted in the theft of 4,502.9 Bitcoin (BTC), leading to the platform’s enhanced security measures to prevent future thefts.

Another incident with the Turkish crypto exchange BtcTurk involved a cyberattack targeting hot wallets, resulting in a $90 million loss.

Gu informed Cointelegraph that the latest breaches show that “attackers are still out there” aiming to test the defenses of large crypto custodians.

“It’s important to put proactive measures in place, as well as a highly reactive response team for when an incident occurs.”
An infographic showing the top 10 incidents and financial losses of each. Source: CertiK

FIT21 introduces regulatory hope

Amid the losses experienced during the first half of 2024, the regulatory framework bill FIT21 was introduced and passed in the United States.

The FIT21 bill aims to improve consumer protections and support crypto sector innovation through its comprehensive regulatory digital asset framework.

The bill received bipartisan support and is expected to create a safer and better-regulated environment for digital asset exposure in the United States.

Gu added that the FIT21 bill “will likely attract more institutional investors and drive greater compliance efforts and requirements across the industry.”

Lessons learned and crime trends

Although CertiK’s report paints a concerning picture of Web3 security’s current state, Gu explains that “the trend is not pointing downward.”

Despite Gu’s perspective and crypto hacks causing the loss of nearly $385 million in May, exploits and hacks fell by 54.2% in June.

According to PeckShield data, $176.2 million was lost to crypto hacks in June, a marked reduction from May.

Gu told Cointelegraph that the magnitude of losses could be “just a part of the industry” for now but that there are also “simple measures” all users can take to protect themselves, like 2FA.