The digital currency sector faced a tough start in the first quarter of 2024, with cybercriminals stealing an astonishing $502.52 million across 223 on-chain security breaches.
This amount marks a significant 54% rise from the first quarter of 2023, during which the losses amounted to $326 million. Although there was a slight decrease from the $522 million lost in the last quarter of 2023, the figures are still concerningly elevated.
How Hackers Steal Users’ Cryptos?
CertiK’s “The Web3 Security Quarterly Report” reveals that in January, cybercriminals stole $193.1 million in 78 separate incidents. The following months, February and March, also saw significant financial losses due to cyber attacks, totaling $160.4 million and $149 million across various incidents, respectively.
The most common method leading to these substantial financial damages was the compromise of private keys, which, despite occurring in only 26 instances, accounted for nearly half of the quarter’s total losses.
Tactics Used By Hackers
Scammers utilized a range of strategies to perpetrate these thefts, including breaches in access control, exit scams, and phishing operations.
Among these, exit scams, also referred to as rug pulls, were particularly devastating, resulting in $68.3 million in losses to users. Losses from code vulnerabilities and flash loan attacks were also significant, amounting to $42.6 million and $37.7 million, respectively.
Ronghui Gu, the co-founder of CertiK, highlighted in an interview that the persistence of identical attack methods depleting the ecosystem’s value clearly indicates that such vulnerabilities are being overlooked.
Gu pointed out the difficulty of engaging with cryptocurrency without awareness of concepts like exit scams or rug pulls. Despite this, he noted that $68 million was siphoned off through 34 exit scams in the first quarter alone, excluding the countless softer rug pulls associated with the introduction of new tokens.
Ethereum Is The Platform That Suffered The Most
Ethereum found itself at #1 in the ranking of cybersecurity woes, enduring 131 security lapses that resulted in financial damages totaling $139 million. In a turn of events, efforts to mitigate these losses saw a recovery of $77.9 million, with operations like Munchables contributing to the recuperation.
A significant breach occurred on January 30 when an attack targeted Ripple’s co-founder, Chris Larsen. Intruders managed to illicitly move about 213 million XRP from his wallets, an act valued at roughly $112 million.
This breach stood out as the most considerable security lapse in 2024, catalyzing swift responses from both cryptocurrency exchanges and law enforcement agencies to locate and secure the hijacked assets.
The Munchables episode in March also caught attention when the culprits, after stealing $62.5 million, unexpectedly returned the funds.
Additionally, the crypto community was rattled by the BitForex platform’s exit scam in February, leading to $56.5 million in losses. The abrupt cessation of withdrawals, following the vanishing of assets from the platform’s hot wallets, sparked immediate concern and panic among its users.
