PANews reported on September 29 that according to Beosin Alert monitoring and early warning, as of September 25, the total losses in the Web3 field in Q3 2024 due to hacker attacks, phishing scams and project party Rug Pull reached US$730 million. Among them, there were 23 major attack incidents with a total loss of approximately US$430 million; there were 3 project party Rug Pull incidents with a total loss of approximately US$4.24 million; and the total loss of phishing scams was approximately US$295 million.
From the perspective of the types of projects attacked, the project type with the highest loss is CEX. The three attacks on CEX caused a total loss of approximately US$297 million, accounting for approximately 40.6% of all attack losses. From the perspective of the amount of losses on each chain, Ethereum is still the chain with the highest amount of losses and the most attacks. 21 attacks and phishing incidents on Ethereum caused a loss of US$348 million, accounting for approximately 47.6% of the total losses. From the perspective of attack methods, there were 5 private key leaks in Q3, causing losses of US$305 million, accounting for approximately 41.7% of the total attack losses, which is the highest proportion of attack types. From the perspective of fund flows, only approximately US$16.9 million of stolen funds were frozen or recovered. The vast majority (approximately 78.9%) of the stolen funds are still stored in the attacker's on-chain address.
Compared with the same period in 2023, the total losses caused by hacker attacks, phishing scams, and project party Rug Pull in Q3 2024 decreased slightly to US$730 million (the figure was US$889 million in Q3 2023). Factors such as the decline in coin prices in Q3 2024 have a certain impact on the reduction in the total amount, but overall, the situation in the field of Web3 security is still not optimistic. Among the more than 20 attacks in Q3, 18 were still from contract vulnerability exploits. It is recommended that project parties seek audits from professional security companies before going online.