Ethereum in the Crosshairs as Q3 Sees $750M Stolen in Hacks: CertiK

Last updated:

Junior Content Creator

Harvey Hunter

Junior Content Creator

Harvey Hunter

About Author

Harvey Hunter is a Junior Content Creator at Cryptonews.com. With a background in Computer Science, IT, and Mathematics, he seamlessly transitioned from tech geek to crypto journalist.

Last updated:

Why Trust Cryptonews

With over a decade of crypto coverage, Cryptonews delivers authoritative insights you can rely on. Our veteran team of journalists and analysts combines in-depth market knowledge with hands-on testing of blockchain technologies. We maintain strict editorial standards, ensuring factual accuracy and impartial reporting on both established cryptocurrencies and emerging projects. Our longstanding presence in the industry and commitment to quality journalism make Cryptonews a trusted source in the dynamic world of digital assets. Read more about Cryptonews

Cyber security firm CertiK revealed that despite a decline in the number of hacks, the total value stolen soared to 750M Q3, with Ethereum as the top target.

In its latest Web3 Security Report, CertiK noted that Hackers managed to get away with $753 million across 155 incidents, bringing the year’s total losses to $2.2 billion.

This represents a 9.5% increase in the total value lost despite 27 fewer incidents compared to the previous quarter.

Despite fewer incidents, attacks have grown more severe, with phishing and private key compromises as the most prevalent attack vectors, contributing $668 million in losses.

Phishing alone caused $343 million in damages across 65 incidents.

Losses by attack type. Source: CertiK
Losses by attack type. Source: CertiK

The Big Scores: Where Did the Losses Come From?

A standout case involved a Bitcoin whale who suffered a $238 million loss in August, making it the single most significant phishing attack for Q3.

The attack compromised the whale’s wallet, and although some funds were recovered by the community, most of the stolen amount remains unaccounted for.

Private key compromises were responsible for approximately $317 million in losses across just 10 incidents. The most notable private key attack was on WazirX, one of India’s leading crypto exchanges.

In July, hackers exploited WazirX’s private key vulnerabilities, leading to the theft of $231 million across more than 200 cryptocurrencies, making it one of the most major breaches in Q3.

Of these losses, the report noted that only 4.1% of stolen funds were recovered this quarter, a sharp decline from the 14.4% recovered in Q2. Despite fewer incidents, the average loss per hack reached $5.93 million.

Of all these attacks, the report noted the Ethereum network as a consistent prime target, with $387.8 million stolen across 86 incidents, far surpassing any other blockchain.

Losses by chain. Source: CertiK
Losses by chain. Source: CertiK

The report highlighted potential risks associated with cross-chain functionality, with $89.8 million stolen across several networks.

While phishing and private key compromises led the quarter in terms of value lost, blockchain vulnerabilities ranked among the most frequent attack vectors.

Code vulnerabilities that facilitate Ethereum hacks resulted in $39.6 million in losses over 44 incidents. Meanwhile, Reentrancy attacks, which allow hackers to repeatedly withdraw funds before the system can update balances, accounted for $30.3 million in losses across five incidents.

Ethereum Hacks Dominate: Bad Sign For Ethereum?

Despite these significant losses, it is not all doom and gloom. CertiK remained optimistic about the Ethereum network as a whole, referencing the approval of spot Ethereum ETFs as a reflection of growing institutional interest in secure digital assets.

BlackRock’s ETHA fund recently reached a milestone, surpassing $1 billion in total net asset value just two months after its launch. It is the second Ethereum ETF to achieve this benchmark, following Grayscale’s Ethereum Mini Trust.

This trend signals a potential shift in the landscape, with more institutions recognizing the value and security of digital assets.

CertiK noted on-chain activity on Ethereum as signs of a “steady recovery from the crypto bear market,” specifically citing the rising Total Value Locked (TVL) and new wallet addresses over 2024.

According to on-chain metrics from DeFiLlama, the end of September has seen a significant uptick in TVL, a cooldown from the decline observed over the quarter.

USD TVL on Ethereum. Source: DeFiLlama.
USD TVL on Ethereum. Source: DeFiLlama.

The report also noted this consistent growth as a sign of increased adoption, marking a “shift to on-chain solutions for trading, lending, and governance as traders seek alternatives to centralized platforms.”

Something the firm credited to the consistent increase in losses observed this year as “overall ecosystem growth comes with increased risk of exploits.”