Hack3d: The Web3 Security Quarterly Report - Q2 + H1 2024

리서치 보안 보고서
Hack3d: The Web3 Security Quarterly Report - Q2 + H1 2024

Executive Summary

Q2

  • A total of $688,102,941 was lost across 184 onchain security incidents in Q2 2024. This represents a 37% increase in value lost compared to Q1 2024, though there was an 18% decrease in the number of incidents quarter-over-quarter.
  • Phishing was the most costly attack vector in Q2 2024, with $433,688,871 lost across 67 incidents, accounting for a large majority of total financial losses.
  • Private key compromises followed, with $170,064,635 lost in 16 major incidents.
  • Ethereum experienced the highest number of security incidents, with a total of 83 hacks, scams, and exploits leading to $170,636,798 in losses.
  • The total dollar value of funds returned was $99,328,507 across 7 separate incidents, leading to adjusted total losses of $588,774,434 for the quarter.
  • The average loss per incident was $3,739,689 and the median loss per incident was $204,614.

H1

  • $1,190,398,361 was lost across 408 onchain security incidents in H1 2024.
  • Phishing accounted for $497,735,904 lost across 150 incidents. Private key compromises followed, with $408,949,115 lost in 42 incidents, highlighting persistent vulnerabilities in key management.
  • Ethereum was the most affected chain, experiencing 235 incidents and $397,405,773 in losses.
  • The total value of funds returned in H1 2024 was $177,791,389 across 18 incidents, leading to adjusted total losses of $1,012,606,971 for the first half of 2024.
  • The average loss per incident was $2,932,729, and the median loss per incident was $230,784.

Statistics and Graphs

Q2H1 graph-Q2 by chain

Q2H1 graph-Q2 by type

Q2H1 graph-Q2 by chain 1

Q2H1 graph-H1 by type

관련 블로그

CertiK Hack3D: H1 2026 Report
새로운 · 리서치 ·보안 보고서

CertiK Hack3D: H1 2026 Report

Web3 security losses exceeded $1.31 billion in H1 2026 across 344 incidents, with wallet compromise emerging as the most financially destructive attack vector and phishing shifting toward fewer, higher-value social engineering attacks.

Introducing CertiK Hunt, The Invite-Only Security Platform for Web3 Projects and Top Security Researchers

Introducing CertiK Hunt, The Invite-Only Security Platform for Web3 Projects and Top Security Researchers

CertiK Hunt is an invite-only platform connecting elite security researchers with web3 projects through bug bounty programs, audit competitions, and AI challenges.

Security Considerations for Passkey-Based Web3 Wallets

Security Considerations for Passkey-Based Web3 Wallets

This article analyzes that security model across the full asset-control lifecycle. It traces a single transaction through Clave's open-source implementation, surveys past vulnerabilities in WebAuthn, FIDO2, and CTAP, maps them onto the lifecycle of a typical Passkey Wallet, and ends with implementation checks for teams building one.