Beosin Alert monitoring and early warning shows that as of September 25, the total losses caused by hacker attacks, phishing scams and project party Rug Pull in the Web3 field in Q3 2024 reached US$730 million. Among them, there were 23 major attacks with a total loss of approximately US$430 million; 3 project party Rug Pull incidents with a total loss of approximately US$4.24 million; and the total loss of phishing scams was approximately US$295 million.
From the perspective of the types of attacked projects, the project type with the highest loss was CEX. The three attacks on CEX caused a total loss of approximately US$297 million, accounting for approximately 40.6% of the total loss of all attacks.
From the perspective of the loss amount of each chain, Ethereum is still the chain with the highest loss amount and the most attack incidents. 21 attacks and phishing incidents on Ethereum caused a loss of US$348 million, accounting for approximately 47.6% of the total loss.
From the perspective of attack methods, there were 5 private key leaks in Q3, causing losses of $305 million, accounting for about 41.7% of the total attack losses, which is the highest proportion of attack types.
From the perspective of capital flow, only about $16.9 million of stolen funds were frozen or recovered. The vast majority (about 78.9%) of the stolen funds are still stored in the attacker's on-chain address.
Compared with the same period in 2023, the total losses caused by hacker attacks, phishing scams, and project party Rug Pull in Q3 2024 decreased slightly to $730 million (the figure in Q3 2023 was $889 million). Factors such as the decline in coin prices in Q3 2024 have a certain impact on the reduction in the total amount, but overall, the situation in the Web3 security field is still not optimistic. Among the more than 20 attacks in Q3, 18 still came from contract vulnerability exploits.
Catherine
