In the first quarter of 2024, Ronghui Gu, co-founder of blockchain security firm CertiK, stated that while there were “relatively typical” hacks and exploits, there is growing concern over the complexity of private key compromises and phishing attacks.
CertiK’s quarterly security report, Hack3d, revealed that losses from private key compromises reached $239 million in just 26 incidents. This marks a significant increase compared to the first quarter of 2023 when losses were only around $18.8 million, indicating a 1,171% rise in compromised private key losses.
Additionally, there were 83 incidents attributed to phishing attacks, resulting in total losses of $64 million. Gu emphasized the worrisome complexity of these attacks.
Despite the ongoing risks associated with private key compromises and phishing attacks in the Web3 space, Gu believes that the crypto community can take measures to enhance security. Implementing multisig wallets and multi-party computation, according to him, can greatly strengthen security. These techniques ensure that no single entity has complete control over the assets, forcing attackers to target multiple parties to gain access to a project’s private keys.
Gu stressed the importance of incorporating both Web2 and Web3 security practices to counter targeted and advanced attacks. This includes encrypting internal systems properly, implementing multi-factor authentication, and conducting regular security audits to address potential vulnerabilities. Education plays a vital role in combating security attacks, as Gu noted that educating team members about the latest phishing and social engineering tactics can significantly reduce the risk of compromises.
Looking ahead, Gu predicted that the trends observed in the first quarter are likely to continue throughout the year due to the recent market upswing. He explained that as the market grows, the incentive for cybercriminals to exploit vulnerabilities increases. Therefore, he emphasized the need to proactively prepare for the emergence of new and innovative attack vectors.
In other news, Ava, a magazine, criticized Web3 gaming, claiming it “sucks.” Meanwhile, 2 million Bitcoin Miner players reportedly earned only 13 cents in the Web3 gaming industry.