Crypto phishing attacks reached ‘alarming levels’ — CertiK co-founder

cyptouser3 months agoCryptocurrencies News74
25cc9d4a>

While the first quarter of 2024 seems “relatively typical” when it comes to hacks and exploits, Ronghui Gu, the co-founder of blockchain security firm CertiK, said the complexity of private key compromises and phishing attacks raises concerns.

Gu told Cointelegraph that among the incidents this quarter, losses attributed to private key compromises had increased significantly compared to the first quarter of 2023.

In its quarterly security report titled Hack3d, CertiK highlighted that losses from this attack reached $239 million there being only 26 incidents.

Chart showing the number of incidents and amount lost for Q1 2024. Source: CertiK

Compared to the same time period in 2023, when losses were only around $18.8 million, this quarter recorded a 1,171% increase in losses caused by compromised private keys.

Apart from private key compromises, the overall number of incidents attributed to phishing attacks reached 83 with the total losses reaching $64 million. Gu explained that the complexity of such attacks also raises concerns.

“The sophistication and success of phishing attacks have also reached alarming levels, with 18 phishing incidents, each causing over $1 million in losses,” he added.

Despite these two attack vectors being a constant risk for the Web3 space, Gu believes the crypto community is not entirely helpless. He said implementing multisig wallets and multi-party computation can greatly enhance security. He said:

“Private keys are the keystones of security in the blockchain world. Multisig wallets and multi-party computation can enhance security by distributing authorization power, thus mitigating the risk of single-point failures and unauthorized access.”

Gu explained that these techniques ensure that no single entity holds complete control over the assets. This means that attackers must attack multiple parties to gain access to a project’s private keys.

Related: Nearly $100M recovered from hacks in March — PeckShield

While the threats seem like a Web3 problem, Gu believes that countering targeted and advanced attacks requires incorporating both Web2 and Web3 security practices.

This includes properly encrypting internal systems, implementing multi-factor authentication and conducting regular security audits to address potential vulnerabilities.

Apart from these, Gu also noted that educating employees is necessary to combat security attacks. “Educating team members on the latest phishing and social engineering tactics can significantly reduce the risk of compromises.”

Losses from Web3 security incidents by quarter. Source: CertiK 

When asked if the trends observed in the first quarter would carry over to the rest of the year, Gu predicted tha a continuation is reasonable because of the recent market upswing. He explained that as the market grows, the incentive for cybercriminals to exploit vulnerabilities also increases.

“This, combined with the escalating sophistication of attacks, suggests that we should not only expect the continuation of serious security incidents but also proactively prepare for the emergence of new, innovative attack vectors,” he added.

Magazine: ‘Web3 Gaming sucks’ says Ava, 2M Bitcoin Miner players make 13c: Web3 Gamer

The content on this website comes from the Internet. Due to the inconvenience of proofreading the authenticity and accuracy of the copyright or content of some content, it may be temporarily impossible to confirm the authenticity and accuracy of the copyright or content. For copyright issues or other issues caused by this, please Call or email this site. It will be deleted or changed immediately after verification.

related articles

Victim who lost $7M in Ethereum re-staking exploit gets funds back

Victim who lost $7M in Ethereum re-staking exploit gets funds back

55966e89˃An unfortunate victim who lost 1,807 liquid staked Ether (ETH), worth $6.91 million, on May...

OpenAI, Microsoft face fresh lawsuit over copyright infringement filed by authors

Nonfiction authors Nicholas Basbanes and Nicholas Gage have filed a class-action lawsuit against Mic...

Paraguay floats temp crypto mining ban as illegal ‘farms’ cripple grid

Paraguay floats temp crypto mining ban as illegal ‘farms’ cripple grid

92485d12˃Paraguay lawmakers have proposed a bill to temporarily ban crypto mining and related activi...

Ethereum tokens lead KuCoin's $500 million withdrawal spike post US charges

Ethereum tokens lead KuCoin's $500 million withdrawal spike post US charges

Embattled crypto exchange KuCoin endured a surge in withdrawal requests the past day after the US au...

Hut 8 grapples with revenue fall, Bitcoin mining output in challenging Q2 2023

Hut 8 Mining Corp, the U.S. digital asset mining company, has released its financial resul...

Sora Ventures, Metaplanet bet $6.5 million on Bitcoin to create 'Asia’s first MicroStrategy'

Metaplanet, a Tokyo Stock Exchange-listed company, announced on April 8 that it has embraced Bitcoin...