Web3 in 2024 has been a year of both progress and peril. While regulatory breakthroughs like the US approval of Bitcoin and Ethereum exchange-traded funds (ETFs) signaled mainstream acceptance, the industry was overshadowed by a surge in hacks and scams, putting billions at risk.To unpack the scale of these threats, we spoke with Prof. Ronghui Gu, Co-Founder at CertiK, whose firm’s latest Hack3d: The Web3 Security Report 2024 reveals a staggering $2.36 billion in losses across 760 on-chain incidents—a 31.61% increase from last year. With phishing attacks alone responsible for nearly half of these losses, the findings highlight the urgent need for stronger security measures across the ecosystem.BeInCrypto: What were the key factors behind Ethereum’s high number of targeted attacks?Prof. Gu: Ethereum’s status as the most popular EVM chain reflects its success, but it is also a prime target for exploits, given the large number of projects and users operating on the network. Additionally, its open and composable ecosystem allows developers to build on existing protocols, which, while fostering innovation, can inadvertently introduce vulnerabilities through interconnected dependencies. The frequent deployment of experimental or untested code by newer projects further increases these risks. BeInCrypto: How can the industry combat the rise of phishing attacks that caused nearly 50% of 2024’s losses?Prof

The following is a guest post by Lukas Schor, Co-Founder of Safe.2024 has been a pivotal year for DeFi. Practical applications for smart accounts are already in use. Major infrastructure milestones like chain abstraction, along with positive market sentiment and consistent growth, will enable a return to fundamentals in the coming year. This means products that bring real value to users that truly revolutionize the digital world. Here are some of the developments to expect in 2025:1. At least 20% of Ethereum users will rely on EIP-7702-enabled smart accountsIn just the first quarter of 2024, private key compromises cost the industry over $239 million in losses

Create an account to save your articles.Create an account to save your articles.Decrypt’s Art, Fashion, and Entertainment Hub. Discover SCENEThe crypto industry faced $3 billion in losses due to hacks and scams in 2024, marking a 15% increase from $2.61 billion in 2023, according to blockchain security firm Peckshield.Hacks accounted for $2.15 billion—or over 70%—of total losses, a 42.38% increase from $1.51 billion in 2023, while scams contributed $834.5 million, as per the security firm’s annual report.It was harder to recover stolen funds in 2024. Approximately $488.5 million worth of stolen crypto assets were recovered, representing a 27.62% decline from the $674.9 million recovered in 2023.#PeckShieldAlert 2023 saw 600+ major hacks in the crypto space, resulting in ~$2.61B in losses, with $674.9M recovered.$1.51B lost to hacks (excluding #Multichain unauthorized withdrawals) & $1.1B to scams. This marks a 27.78% decrease from 2022. #DeFi protocols remained prime… pic.twitter.com/G7PIU3WyrX — PeckShieldAlert (@PeckShieldAlert) January 29, 2024While recovering nearly half a billion dollars is a promising step, the sheer scale of stolen funds exposed the pressing need for better security protocols across the industry.PeckShield did not immediately respond to Decrypt’s request for comment.DeFi Under FireDecentralized finance (DeFi) protocols remained the most vulnerable, as their inherent weaknesses continued to attract cyber criminals.Peckshield identified May as the most devastating month, with losses peaking at $662.2 million. July and August also recorded significant activity, with losses exceeding $280 million each.December, however, saw a notable decline, with losses dropping to $46.5 million—the lowest monthly total of the year.Among the largest heists of the year was Japanese exchange DMM Bitcoin’s $305 million hack, followed by a $290 million breach of PlayDapp and a $238 million Bitcoin scam.The Bitcoin scam involved a Genesis creditor falling victim to a social engineering attack by scammers posing as Google support