The blockchain industry continued to face significant security challenges in the third quarter of 2024. According to Certik’s Q3 Security Report, there were 155 security incidents during this period, resulting in total losses of $753.09 million. Compared to Q2 2024, although the number of incidents decreased by 27, the amount of losses increased by 9.5%. These figures indicate that while the frequency of security incidents has decreased, the average loss per incident has risen, reflecting the increasing complexity and sophistication of attack methods. Large-scale phishing attacks and private key leaks, in particular, have caused substantial losses for users and businesses, raising widespread concerns within the industry regarding security issues.
Analysis of Security Incident Types and On-Chain Distribution
In the third quarter, phishing attacks were the most prevalent, involving 65 incidents and causing approximately $343.09 million in losses. These attacks often exploit user negligence, impersonating legitimate websites or wallets to steal users' private keys and sensitive information. Additionally, private key leaks represented another significant threat, resulting in $324.4 million in losses from just 10 incidents, each with considerable financial damage, highlighting their high destructive potential. Besides these primary types, other attack methods, including smart contract exploits and exchange hacks, also impacted the market during this quarter.

Among these security incidents, attacks on the Ethereum chain were the most frequent, with 86 incidents and total losses of $387.89 million, closely tied to its status as one of the most active blockchain platforms. Additionally, Bitcoin saw the largest loss in a single incident, with a whale wallet breach in August causing a massive loss of $238 million. The phenomenon of multi-chain attacks also stood out, with 7 incidents across multiple chains, resulting in nearly $90 million in losses, indicating that attackers are expanding their targets beyond a single blockchain.

The Long Road Ahead for Industry Security
The overview of blockchain security incidents in Q3 2024 highlights the diversity of attacks and the varying destructive power of different types. Compared to traditional technical vulnerabilities, phishing attacks and private key leaks occurred more frequently and caused greater financial damage. This underscores the continued weaknesses in information security education and prevention among users and businesses. Meanwhile, as blockchain infrastructure supports large-scale user engagement and capital flows, it faces heightened risks of attacks.
The overall situation this quarter also revealed an important trend: the development of multi-chain interoperability and the expansion of the Bitcoin ecosystem have provided attackers with more targets and opportunities. While the growth of on-chain activities helps to drive market and ecosystem dynamism, it also offers hackers and malicious actors a broader attack surface. This necessitates a strong focus on cybersecurity as technological innovation and application scenarios expand.

#CertiK #SecurityAlert

A hacker acquired the private key for liquidity management through a sophisticated social engineering attack. This key breach allowed the hacker to create new tokens, subsequently liquidate them, and drain financial resources.
Concentric Under Attack: Protocol Misuse on Arbitrum
Through the misuse of the private key, the Concentric application, managing liquidity on the #Arbitrum network, was compromised. The attacker modified the protocol's vaults using this key, created new LP tokens, and then depleted their assets, as reported by the Concentric team.
 

 
Security Warning for Concentric Users
Users are urged to revoke all approvals for vault addresses listed in the protocol's documentation as a precautionary measure.
 Financial Losses and Possible Link to Another Attack
The security platform #CertiK reported losses exceeding $1.8 million. Moreover, the attacker's wallet is linked to a wallet that previously exploited the decentralized exchange OKX, suggesting a possible connection between the two incidents.
 

 
Response and Investigation by the Concentric Team
The Concentric team announced the commencement of a thorough investigation and is preparing a post-mortem report with a plan to address vulnerabilities. They emphasize their commitment to restoring the security and integrity of the Concentric protocol.
Growing Popularity of Liquidity Management Protocols
Popularity Increase Following Uniswap's 2021 Innovation
Liquidity management protocols, which allow setting price ranges and rebalancing funds on decentralized exchanges, gained popularity following the introduction of "concentrated liquidity" by Uniswap. This innovation allows liquidity providers to better control the prices at which their assets can be traded.
 Another Case of Attack: Gamma Protocol
Another liquidity manager, Gamma Protocol, faced an attack in early January, where nearly half a million dollars were drained through vulnerabilities in smart contracts. These two attacks appear to be unrelated, as they employed different methods.
#BTC #ETF
 Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
 

There's a new twist in the CertiK white-hat hacking saga.Onchain records show that at an earlier date someone tried to exploit the same bug the auditor discovered in Kraken.
The bug that #Kraken said it patched had been used to exploit other centralised exchanges as early as last month, according to multiple crypto security experts.
That’s the latest development in the saga of two major crypto players, US-based exchange Kraken and auditor #CertiK .
On Wednesday, Kraken said it patched a “critical” bug that allowed millions of dollars in crypto to be erroneously withdrawn from the US-based exchange.
CertiK came under fire after it admitted to being behind the exploit of that bug. The firm withdrew $3 million from Kraken over several days in early June.
After a public back-and-forth, CertiK returned all the funds it took and called its actions a white-hat operation, meaning they ostensibly acted as ethical hackers with the intention of identifying and fixing security vulnerabilities rather than exploiting them for malicious purposes.
Onchain records first identified by security platform Hexagate, and confirmed to DL News by multiple other security researchers, show a hacker attempted to exploit other crypto exchanges  — using the same bug as early as May 17.
Those attempts came three weeks before CertiK said it found the bug on Kraken on June 5.
“We have no evidence these exchanges have been impacted,” Hexagate posted on X. “We only traced onchain evidence for similar activity.”
Centralised crypto exchanges hold a gargantuan amount of crypto on their customers’ behalf. The top five crypto exchanges that have publicly disclosed their wallet addresses hold a combined $172 billion worth of crypto, per DefiLlama data.
CertiK didn’t immediately respond to DL News’ request for comment.
Attempted exploits
The records highlighted by Hexagate show a hacker attempted to use a so-called “revert” attack to trick centralised exchanges into letting them withdraw funds.
To do that, the hacker created a smart contract that contains a transaction to deposit funds to a centralised exchange. The contract is engineered so that the main transaction succeeds but the deposit reverts.
This tricks the exchange into thinking a user has deposited funds when they haven’t. The hacker then requests a withdrawal from the exchange, debiting the fake deposit amount.
nchain records show multiple attempts to use such a contract when depositing funds to Binance took place on BNB Chain on May 17.
Between May 29 and June 5, the same address, as well as another that was funded by it, made similar attempts on OKX, BingX and Gate.io on BNB Chain, Arbitrum, and Optimism.
Is CertiK involved?
Although CertiK first disclosed the revert attack publicly, there’s no proof it was involved in those earlier attacks.
Smart contracts functions each have a so-called signature hash they can be identified by.
In the case of the revert attack contract, the signature hash isn’t available, meaning the name of the function isn’t publicly known, a security researcher who wished to remain anonymous told DL News.
This means the function name for the revert attack is known onto CertiK or someone else has used exactly the same name as well, the researcher said.

According to CertiK co-founder Ronghui Gu, who spoke with Cointelegraph, the year 2023 brought "positive progress" in #blockchain security.
Throughout 2023, more than 1.8 billion dollars in digital assets were lost in 751 security incidents. Although this is still a significant amount, it represents a 51% decrease compared to 2022, when hackers and other incidents led to losses of 3.7 billion dollars.
 This information comes from the annual report of #CertiK , a company specializing in blockchain security, titled "Hack3d: The Web3 Security Report 2023." The report, which addresses the state of Web3 security over the past year, was compiled on January 3.
 The report notes that the largest losses were recorded in the third quarter of 2023, exceeding 686 million dollars. The most costly vector of attack was the compromise of private keys, with over 880 million dollars lost in 47 incidents.
 

Losses and security incidents by blockchain. Source: CertiK
 In terms of individual blockchains, Ethereum recorded the highest losses. According to CertiK, losses in the Ethereum network amounted to 686 million dollars across 224 incidents, averaging 3 million dollars per incident. In contrast, the BNB Chain recorded 387 security incidents, but the total losses were only 134 million dollars, significantly less than Ethereum.
 The report also highlights the problem of interoperability between blockchains in the cryptocurrency sector. Losses due to security breaches affecting multiple blockchains reached nearly 800 million dollars.
 Ronghui Gu, co-founder of CertiK, expressed optimism about the progress in blockchain security in 2023 and hopes for a further reduction in losses in 2024. Gu attributes the 51% decrease in losses to the broader bear market, which led to decreased token valuations and treasury values. Gu believes that if losses remain low during a bull market, it will indicate that the Web3 sector is "learning from its security lessons."
#Bitcoin #ETF #crypto2024SpaceCatch
💥If this article caught your interest, don't forget to follow us and give a like. Throughout this year, we will bring you the most interesting analyses and tips to help you get rich🐳 
 Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“