Blockchain security firm CertiK has issued a warning to crypto investors about the rising threat of phishing scams, which emerged as the most significant security threat of 2024.

Crypto phishing attacks involve hackers sharing fraudulent links with victims to steal sensitive information, such as crypto wallet private keys.

Phishing attacks were the most costly attack vector for the crypto industry in 2024, netting attackers over $1 billion worth of stolen digital assets across 296 incidents, according to CertiK’s annual Web3 security report published on Jan. 2.

“Phishing was the most costly attack vector last year,” a CertiK spokesperson told Cointelegraph. “Our figures are conservative, the actual figure is higher when you consider unreported incidents and other types of phishing scams like pig butchering.”

Incidents and losses in 2024 by month. Source: CertiK

Out of the 296 phishing incidents in 2024, at least three resulted in losses exceeding $100 million, highlighting the scale of damage possible from a single event.

In May 2024, a trader lost $68 million worth of crypto in a single transaction due to an address-poisoning incident, which involves tricking victims into sending their digital assets to fraudulent addresses belonging to scammers.

However, in a fortunate turn of events, the unknown attacker returned all the stolen funds after 10 days, likely due to pressure from heightened attention by blockchain security firms.

Private key compromises cost the industry over $855 million in 2024

Private key compromises were the second-largest threat after phishing scams, resulting in over $855 million worth of stolen crypto across 65 incidents in 2024.

“Phishing tactics will certainly evolve in 2025, especially as AI develops,” a CertiK spokesperson added.

Crypto attacks by type and month, fourth quarter of 2024. Source: CertiK

Despite the growing threat of crypto phishing scams, the yearly amount of crypto hacks is still down 52% from the $3.5 billion stolen during 2022, according to CertiK’s report.

Industry participants are already taking measures against phishing attacks.

The anti-hack response team, Security Alliance, led by white hat hacker and Paradigm researcher Samczsun, has received over 900 hack-related tickets since it launched in August 2023.

The world’s largest exchange is also battling crypto scammers. Binance’s security experts developed an “antidote” against the growing instances of address poisoning scams.

Beyond phishing incidents, crypto hacks cost the industry over $2.3 billion worth of value in 2024, which marks a 40% increase when hackers stole $1.69 billion worth of crypto, according to a report shared by onchain security firm Cyvers.

Truth Terminal — The GOAT of AI Bots. Source: YouTube

Magazine: Down to $200 one day, Pixels founder had $2.4M the next: Luke Barwikowski, X Hall of Flame