CertiK’s Web3 Report for the second quarter of 2024 reveals that a total of $688 million was lost across 184 on-chain security breaches. This represents a 37% increase in value lost compared to Q1 2024, despite an 18% decrease in the number of incidents quarter-over-quarter.
The report attributes the majority of the losses to phishing attacks, followed by private key compromises. Phishing accounted for approximately $433.7 million across 67 incidents, while 16 major private key compromises contributed to $170.1 million in losses.
Ethereum on-chain faced the highest number of security breaches, with 83 hacks and scams. The ETH blockchain experienced 222 incidents in the first half of 2024, resulting in nearly $15.5 million in losses.
The top 10 losses in Q2 were dominated by phishing attacks, with the largest single on-chain attack at a Japanese exchange resulting in a $305 million loss. Another widely-reported crypto attack linked to a Turkish exchange amassed $54 million worth of Avalanche tokens, which were subsequently converted to Bitcoin and moved to two separate wallets.
The report also noted code vulnerabilities, access control issues, and exit scams as notable types of incidents in Q2. Code vulnerabilities accounted for $37.37 million across 57 incidents, access control failures resulted in significant losses of $7.51 million, and exit scams contributed to $10.31 million in losses across 20 incidents.
By blockchain, BNB Chain followed Ethereum, with 44 incidents totaling $12 million. Other on-chain incidents occurred on Arbitrum and Avalanche, highlighting that security challenges are not confined to any single blockchain.
