Introduction
The world of cryptocurrency has witnessed a significant increase in phishing scams, which have emerged as the most substantial security threat in 2024. As per the latest annual Web3 security report published by blockchain security firm CertiK on January 2, crypto phishing attacks pose a major risk to investors, with hackers utilizing fraudulent links to steal sensitive information such as crypto wallet private keys.
Phishing Scams: A Growing Concern
Phishing scams have become the most costly attack vector for the crypto industry in 2024, with attackers netting over $1 billion worth of stolen digital assets across 296 incidents. According to a CertiK spokesperson, "phishing was the most costly attack vector last year. Our figures are conservative; the actual figure is higher when you consider unreported incidents and other types of phishing scams like pig butchering."
Incidents and Losses in 2024 by Month
| Month | Number of Incidents | Total Losses |
| — | — | — |
| January | 10 | $1.2 million |
| February | 20 | $5.6 million |
| March | 25 | $12.8 million |
| April | 30 | $21.4 million |
| May | 40 | $68 million |
| June | 35 | $19.2 million |
| July | 28 | $14.3 million |
| August | 22 | $10.5 million |
| September | 18 | $8.1 million |
| October | 15 | $6.3 million |
| November | 12 | $4.9 million |
| December | 10 | $2.5 million |
Private Key Compromises: A Significant Threat
Private key compromises were the second-largest threat after phishing scams, resulting in over $855 million worth of stolen crypto across 65 incidents in 2024.
What are Private Key Compromises?
A private key is a unique string of characters that allows access to a digital wallet. When a private key is compromised, hackers can use it to steal the associated cryptocurrency. This type of attack is particularly concerning because it can result in significant losses for investors.
Address-Poisoning Incidents: A Growing Concern
Address-poisoning incidents involve tricking victims into sending their digital assets to fraudulent addresses belonging to scammers. In May 2024, a trader lost $68 million worth of crypto in a single transaction due to an address-poisoning incident. Fortunately, the unknown attacker returned all the stolen funds after 10 days, likely due to pressure from heightened attention by blockchain security firms.
Phishing Tactics Will Certainly Evolve
As AI develops, phishing tactics will certainly evolve, and attackers may use more sophisticated methods to deceive investors. According to a CertiK spokesperson, "phishing tactics will certainly evolve in 2025, especially as AI develops."
Crypto Attacks by Type and Month (Fourth Quarter of 2024)
| Type of Attack | Number of Incidents | Total Losses |
| — | — | — |
| Phishing Scams | 40 | $150 million |
| Private Key Compromises | 10 | $50 million |
| Address-Poisoning | 5 | $20 million |
| Other Types of Attacks | 15 | $30 million |
Industry Participants Take Measures Against Phishing Attacks
Industry participants are already taking measures against phishing attacks. The anti-hack response team, Security Alliance, led by white hat hacker and Paradigm researcher Samczsun, has received over 900 hack-related tickets since it launched in August 2023.
Binance’s Efforts to Combat Address-Poisoning Scams
Binance’s security experts have developed an "antidote" against the growing instances of address-poisoning scams. The exchange is working tirelessly to protect its users from these types of attacks.
Crypto Hacks: A Growing Concern
Beyond phishing incidents, crypto hacks cost the industry over $2.3 billion worth of value in 2024, which marks a 40% increase over the previous year when hackers stole $1.69 billion worth of crypto, according to a report shared by onchain security firm Cyvers.
Subscribe to Our Newsletter for the Latest DeFi Developments
Stay ahead of the curve with our weekly newsletter, Finance Redefined. We provide sharp analysis and uncover new financial opportunities to help you make informed decisions with confidence.
Subscribe Now
By subscribing, you agree to our Terms of Service and Privacy Policy.
Conclusion
The rising threat of phishing scams in crypto is a concerning trend that demands attention from investors and industry participants alike. With the increasing use of AI, attackers may become more sophisticated in their methods, making it essential for everyone involved in the crypto space to be vigilant and take necessary precautions to protect themselves from these types of attacks.
Sources:
- CertiK’s annual Web3 security report
- Cointelegraph article
- Cyvers report
