CertiK has released its “Hack3d: Q1 2024 Web3.0 Security Report,” which provides an in-depth analysis of the security landscape of Web3.0 in the first three months of 2024. The report highlights that private key leaks continue to be the main cause of asset loss. Hack3d offers a comprehensive scan of the current Web3.0 ecosystem’s security and provides detailed statistics on on-chain hacker attacks, scams, and vulnerabilities for the Web3.0 community.
This article summarizes and organizes the contents of the report to help readers better understand and read it. Here are the key findings:
Key Data:
In Q1 2024, there were a total of 223 on-chain security incidents in the Web3.0 space, resulting in a total asset loss of $502 million. This represents a 54% increase in losses compared to the same period in 2023. However, compared to the previous quarter’s $522 million, the losses decreased by 3.8%. The month of January saw the most severe losses, with 78 on-chain security incidents resulting in a total loss of $193 million.
Private key leaks once again emerged as the most significant type of security incident. Although they accounted for only 11.7% of all security incidents, they caused economic losses of up to $239 million, almost half of the total losses.
Ethereum suffered the highest amount of losses this quarter, with 131 security incidents, including hacker attacks, scams, and vulnerabilities, resulting in a total asset loss of $139 million.
A total of $77.97 million in assets were recovered this quarter, mainly due to the aftermath of the Munchables incident. For more details, refer to CertiK’s previously published article, “The $97 Million Battle on Blast Chain: Did State-Sponsored Hackers Get Rusty?”
Main Security Incident Analysis:
Top 4 Security Incidents:
The report analyzes in detail the four most notable security incidents of the quarter: Chris Larsen’s XRP wallet hack resulting in a loss of approximately $112 million, the Munchables attack with a loss of nearly $63 million (the hackers later returned the stolen funds), the BitForex exit scam transferring $56.5 million, and the PlayDapp attack due to a contract vulnerability resulting in a loss of $32.49 million.
These incidents not only attracted attention due to their significant economic losses but also revealed underlying issues and challenges in the blockchain security field. The report not only provides a detailed account of these major security incidents but also delves into the underlying causes, attack methods, and response strategies for each incident.
Private Key Intrusion Risks:
In Q1 2024, both the number of private key leaks and economic losses increased significantly, resulting in a total loss of $239 million. Ripple founder Chris Larsen suffered a loss of $112 million due to a private key leak, PlayDapp and FixedFloat incidents incurred losses of $32 million and $26 million, respectively. Another severe incident involved the invasion of Milady Maker founder Charlotte Fang’s wallet, resulting in a loss of approximately 300 ETH and other assets.
Rounding Error Vulnerability:
A newly discovered vulnerability targeting uninitialized lending pools allowed attackers to manipulate the liquidity index and steal a large number of assets. This emerging threat requires industry attention.
Industry Trends:
Institutions, Tokenization, Securitization, and ETFs:
The approval of Bitcoin ETFs and the surge of funds into them, along with BlackRock’s launch of tokenized funds, demonstrate the trend of integrating traditional financial markets with blockchain technology. Tokenizing real-world assets offers advantages such as increased transparency, cost reduction through automation, enhanced liquidity, improved risk management, simplified regulatory compliance, and increased financial product innovation.
Ethereum’s Dencun Upgrade:
The successful upgrade of Ethereum’s Dencun improves the network’s scalability and efficiency, reduces transaction costs, and enhances its competitiveness in the blockchain field.
Highlights:
At the beginning of the quarter, CertiK received recognition and gratitude from nine major traditional internet companies, including Samsung, Ant Group, and ByteDance. This series of honors not only acknowledges CertiK’s professionalism in the traditional industry but also signifies an important milestone in CertiK’s efforts to expand the boundaries of Web3.0 security research and facilitate the integration of the Web3.0 security industry with the traditional internet security world.
Conclusion:
CertiK’s Web3.0 Security Report is an important reference in the industry. It not only documents the security development of the Web3.0 ecosystem but also provides direction for future security strategies and technological innovations. Ensuring the security of Web3.0 is not just a technological challenge but also a social responsibility. Only through continuous technological innovation and win-win cooperation can we ensure the security and promote the healthy and sustainable development of Web3.0. As a leading player in the security field, CertiK is committed to helping ordinary users and developers enhance their security awareness, thereby further improving the security standards of the Web3.0 industry.
Read the complete “Hack3d: Q1 2024 Web3.0 Security Report” for a more comprehensive analysis, insights, and recommendations. Let us work together to build a safer Web3.0 world.
Report Link:
https://indd.adobe.com/view/0f0dd8da-a7c3-4afa-aeb5-f305c1e71acb
