Hack3d: The Web3 Security Quarterly Report - Q2 + H1 2024

Research Security Reports
Hack3d: The Web3 Security Quarterly Report - Q2 + H1 2024

Executive Summary

Q2

  • A total of $688,102,941 was lost across 184 onchain security incidents in Q2 2024. This represents a 37% increase in value lost compared to Q1 2024, though there was an 18% decrease in the number of incidents quarter-over-quarter.
  • Phishing was the most costly attack vector in Q2 2024, with $433,688,871 lost across 67 incidents, accounting for a large majority of total financial losses.
  • Private key compromises followed, with $170,064,635 lost in 16 major incidents.
  • Ethereum experienced the highest number of security incidents, with a total of 83 hacks, scams, and exploits leading to $170,636,798 in losses.
  • The total dollar value of funds returned was $99,328,507 across 7 separate incidents, leading to adjusted total losses of $588,774,434 for the quarter.
  • The average loss per incident was $3,739,689 and the median loss per incident was $204,614.

H1

  • $1,190,398,361 was lost across 408 onchain security incidents in H1 2024.
  • Phishing accounted for $497,735,904 lost across 150 incidents. Private key compromises followed, with $408,949,115 lost in 42 incidents, highlighting persistent vulnerabilities in key management.
  • Ethereum was the most affected chain, experiencing 235 incidents and $397,405,773 in losses.
  • The total value of funds returned in H1 2024 was $177,791,389 across 18 incidents, leading to adjusted total losses of $1,012,606,971 for the first half of 2024.
  • The average loss per incident was $2,932,729, and the median loss per incident was $230,784.

Statistics and Graphs

Q2H1 graph-Q2 by chain

Q2H1 graph-Q2 by type

Q2H1 graph-Q2 by chain 1

Q2H1 graph-H1 by type

Related Blogs

CertiK Hack3D: H1 2026 Report

CertiK Hack3D: H1 2026 Report

Web3 security losses exceeded $1.31 billion in H1 2026 across 344 incidents, with wallet compromise emerging as the most financially destructive attack vector and phishing shifting toward fewer, higher-value social engineering attacks.

Security Considerations for Passkey-Based Web3 Wallets

Security Considerations for Passkey-Based Web3 Wallets

This article analyzes that security model across the full asset-control lifecycle. It traces a single transaction through Clave's open-source implementation, surveys past vulnerabilities in WebAuthn, FIDO2, and CTAP, maps them onto the lifecycle of a typical Passkey Wallet, and ends with implementation checks for teams building one.

Quantum Computing Threats to the Blockchain Industry

Quantum Computing Threats to the Blockchain Industry

This report examines how future fault-tolerant quantum computers may compromise blockchain cryptography, and what protocols, validators, custodians, and ecosystem participants must do to migrate before the window closes.