According to PANews, the Web3 sector experienced significant financial losses in the third quarter of 2024 due to cyber attacks, phishing scams, and project-related rug pulls. As of September 25, the total losses amounted to $730 million. The primary incidents included 23 major attacks resulting in approximately $430 million in losses, three rug pull events causing around $4.24 million in losses, and phishing scams leading to about $295 million in losses.
Centralized exchanges (CEX) were the most affected, with three attacks causing losses of approximately $297 million, accounting for 40.6% of the total attack-related losses. Ethereum remained the most targeted blockchain, with 21 attacks and phishing incidents resulting in $348 million in losses, representing 47.6% of the total losses. Private key leaks were the most common attack method, with five incidents causing $305 million in losses, making up 41.7% of the total attack-related losses. Only about $16.9 million of the stolen funds have been frozen or recovered, while the majority (approximately 78.9%) remain in the attackers' blockchain addresses.
Compared to the same period in 2023, the total losses in Q3 2024 saw a slight decrease from $889 million to $730 million. Factors such as the decline in cryptocurrency prices contributed to the reduction in total losses. However, the overall security situation in the Web3 sector remains concerning. Out of the more than 20 attacks in Q3, 18 were due to contract vulnerabilities. It is recommended that project teams seek professional security audits before launching their projects.