Welcome to Hack3d: The Web3 Security Report for Q3 2024. Hack3d serves as an essential resource and record of statistics for understanding security challenges and vulnerabilities in the Web3 space. It equips stakeholders with the knowledge and insights needed to fortify their defenses and make informed decisions in an increasingly high-stakes environment.
The third quarter of 2024 experienced significant progress in the crypto industry, including the approval of Spot Ethereum ETFs. This development sparked optimism, drawing further institutional interest after the introduction of Spot Bitcoin ETFs, and paving the way for broader adoption of digital assets. Additionally, activity on decentralized finance (DeFi) platforms continues to grow, reflecting increased on-chain activity.
Despite these positive trends, security challenges remain a persistent issue. Q3 saw a total of $753,094,610 stolen by malicious actors across 155 security incidents. This is an approximate 9.5% increase in value lost, but 27 fewer total incidents compared to the previous quarter. Cybersecurity remains a critical concern within Web3, as hackers continue to become more sophisticated. One indication of this is the fact that hackers have stolen nearly $2 billion so far in 2024.
Phishing was the most costly attack vector this quarter, with $343,099,650 stolen across 65 incidents. Other notable incidents involved private key compromises, code vulnerabilities, and reentrancy events — all highlighting critical security challenges in DeFi.
Similar to last quarter, Ethereum is still the most targeted network, with $387,892,629.16 stolen in 86 incidents — well above Bitcoin, which was the second most targeted network. Additionally, attackers stole $89,838,491.98 in hacks orchestrated across multiple chains.
Despite advancements in security, hacks remain a persistent threat in the crypto space. As the industry evolves, so do the tactics of attackers, who continue to exploit vulnerabilities in both centralized and decentralized platforms. While the decrease in the number of hacks this quarter is encouraging, the increase in total amount stolen serves as a reminder that better user education and more sophisticated security measures are essential to protect assets and maintain trust in the ecosystem.
In our report, we discuss in detail the latest trends in Web3 security, including an analysis of the most prominent attack vectors, targeted chains, and the top three security incidents. We also highlight a variety of our recently-published technical and educational resources.