The blockchain security firm, CertiK, recently highlighted the increasing prevalence of private key theft and phishing scams among the myriad of crypto scams plaguing users. In an interview with Cryptopolitan, the firm’s spokesperson emphasized that phishing attacks are frequently effective due to their exploitation of human vulnerabilities, rather than technical failings.
Hackers commonly execute these attacks by creating counterfeit websites or masquerading as reputable platforms to trick users into revealing sensitive data. The spokesperson added, “Since private keys grant full access to one’s crypto assets, losing them can be financially devastating.”
Phishing scams involve tricking individuals into disclosing sensitive information, such as a private key, which provides access to a company’s systems. Private key theft could also happen when a hacker plants phishing malware, including viruses, adware, or ransomware, on a user’s device to pilfer information.
An October 31 report by CertiK highlighted two significant security incidents in October that stemmed from phishing crypto scams. One attacker managed to gain control of multiple signers’ private keys and smart contracts, thereby draining $58 million from the lending protocol Radiant Capital. In another unfortunate incident, a Whale lost $36 million to a phishing attack.
CertiK concluded that around $129.7 million was lost to exploits, hacks, and scams throughout October. This figure comprised $1.2 million to exit scams, $1.5 million to flash loan attacks, and $127 million to exploits, including the $94 million from Radiant Capital and the Whale’s phishing attacks.
Despite October recording a higher than average number of security incidents, the amount lost to scams was the lowest in six months. The spokesperson elucidated, “October losses due to private key compromises accounted for approximately $75 million, and losses due to phishing scams accounted for approximately $50 million. Additionally, a lot less has been lost to code vulnerabilities this year.”
CertiK’s Hack3d: The Web3 Security Quarterly Report revealed that malicious actors stole over $753 million in Q3 across 155 security incidents, representing a 9.5% increase compared to Q2. However, there were 27 fewer total incidents.
The spokesperson noted a fundamental shift towards using drainers as a service and private key compromises, which reward scammers more generously and enable malicious actors without coding backgrounds to participate.
Blockchain intelligence firm TRM Labs reported that losses from crypto hacking dropped by over 50% from 2022 to 2023, thanks to enhanced industry security. In 2023, crypto projects lost about $1.7 billion to hacks and crypto scams, significantly less than the $4 billion stolen in 2022.
CertiK estimates that losses in 2024 have surpassed $2 billion across the crypto space. However, barring significant incidents in the next two months, 2024’s losses could be less than those recorded in 2022.
Despite the improvements in blockchain security, the CertiK spokesperson stressed the need for continued vigilance as attackers evolve and adapt their tactics. The spokesperson concluded, “Advances in blockchain security tools and techniques may discourage some malicious actors. Regulatory scrutiny and compliance standards have encouraged some protocols to implement stronger safeguards. However, there is still a lot of work to be done.”
