CertiK's "Hack3d: Web3.0 Security Report for the First Quarter of 2024" has been released. This report provides an in-depth analysis of the security situation on the Web3.0 chain in the first three months of 2024. Private key leakage is still the main cause of asset losses. reason. Hack3d provides a panoramic scan of the current security of the Web 3.0 ecosystem and provides the Web 3.0 community with detailed statistics including on-chain hacking attacks, scams, and vulnerability exploits.
This article summarizes and sorts out the report content, hoping to help readers better understand and read:
Key data:
In the first quarter of 2024, there were 223 on-chain security incidents in the Web3.0 field, resulting in a total asset loss of US$502 million. The loss amount increased by 54% from US$326 million in the same period of 2023, but decreased by 3.8% from US$522 million in the previous quarter. The losses were most severe in January, with 78 on-chain security incidents resulting in a total loss of US$193 million.
Private key leakage has once again become the most costly type of security incident. Although such incidents accounted for only 11.7% of all security incidents, the economic losses they caused were as high as US$239 million, accounting for almost half of the total losses.
Ethereum suffered the highest amount of losses this quarter, with a total of 131 security incidents including hacking attacks, fraud and vulnerability exploitation, resulting in $139 million in asset losses.
A total of US$77.97 million in assets was returned during the quarter, mainly due to the follow-up to the Munchables incident. For specific reasons, please refer to CertiK’s previously published “Battle for US$97 million in Blast chain. Are hackers from a certain country unfamiliar?” "article.
Analysis of major security incidents:
Top 4 security incidents:
The report details four of the most notable security incidents of the quarter:
Chris Larsen's XRP wallet was hacked and he lost about $112 million; Munchables was attacked and he lost nearly $63 million (the hacker later returned the loss); BitForex's exit scam, $56.5 million of funds were transferred; PlayDapp was attacked due to a contract vulnerability, The loss was US$32.49 million.
These incidents are not only notable for the huge economic losses they cause, but also because they reveal deep-seated issues and challenges in the field of blockchain security. The report not only records the ins and outs of these major security incidents in detail, but also provides an in-depth analysis of the reasons behind each incident, attack methods and response strategies.
Private key hacking risks:
In the first quarter of 2024, the number of private key leaks and economic losses increased significantly, with a total loss of $239 million. Chris Larsen, founder of Ripple, lost $112 million due to private key leaks, and the PlayDapp and FixedFloat incidents caused losses of $32 million and $26 million respectively. Another serious incident was the hacking of Charlotte Fang, founder of Milady Maker, whose wallet lost about 300 ETH and other assets.
Rounding error vulnerability:
A newly discovered vulnerability targeting uninitialized lending pools allows attackers to manipulate the liquidity index to cause rounding errors and steal a large amount of assets. This emerging threat requires industry attention.
Industry Trends:
Institutions, Tokenization, Securitization and ETFs:
The approval of Bitcoin ETF and the record high inflow of funds, and the launch of tokenized funds by BlackRock show the integration trend of traditional financial markets and blockchain technology. The tokenization of real-world assets has the advantages of improving transparency, reducing costs through automation, increasing liquidity, improving risk management, simplifying regulatory compliance, and increasing financial product innovation.
Ethereum Dencun upgrade:
The successful upgrade of Ethereum Dencun has improved the scalability and efficiency of the network, reduced transaction costs, and enhanced its competitiveness in the blockchain field.
Highlights
At the beginning of this quarter, CertiK received recognition and thanks from 9 traditional Internet companies including Samsung, Ant Group, and ByteDance. This series of honors is not only a recognition of CertiK’s professionalism by the traditional industry, but also an important milestone for CertiK to accelerate the expansion of Web3.0 security research boundaries, help the Web3.0 security industry break through the circle, and achieve organic integration with the traditional Internet security world.
Conclusion
CertiK's Web3.0 security report is an important reference for the industry. It not only records the security development process of the Web3.0 ecosystem, but also provides direction for future security strategies and technological innovations. Ensuring the security of Web3.0 is not only a technical challenge, but also a social responsibility. Only through continuous technological innovation and win-win cooperation can we ensure the security of Web3.0 and promote its healthy and sustainable development. As a leading pioneer in the security track, CertiK is committed to helping ordinary users or developers improve their security awareness, thereby further improving the security standards of the Web3.0 industry.
Please click on the link to read the full "Hack3d: Web3.0 Security Report for the First Quarter of 2024" for more comprehensive analysis, insights and recommendations. Let us work together to build a more secure Web3.0 world.
