In 2024, cryptocurrency hackers are on track to outdo their exploits from 2023, with a significant shift in their attack strategies. Rather than focusing on smart contract vulnerabilities, hackers are increasingly targeting private key leaks.
Rising Hack Incidents in 2024
The first quarter of 2024 saw hackers steal digital assets worth $542.7 million, marking a 42% increase compared to the same period in 2023. This surge in hacking incidents is attributed to hackers shifting their focus to easier targets, according to Mriganka Pattnaik, co-founder and CEO of Merkle Science.
“While smart contract vulnerabilities remain a concern, hackers increasingly target areas outside smart contracts, like private key leaks. These leaks, often due to phishing attacks or insecure storage practices, have led to significant losses,” Pattnaik explained.
The Shift to Private Key Leaks
Phishing attacks, which aim to steal sensitive information such as crypto wallet private keys, are becoming more prevalent. A specific type of phishing attack, known as an address poisoning scam, tricks investors into sending funds to fraudulent addresses that resemble ones they have previously used.
One of the most notable phishing attacks in 2024 involved a trader losing $71 million in crypto. The attacker deceived the trader into transferring 99% of their funds to the attacker’s address. Interestingly, the thief returned the funds a week later when blockchain investigation firms got involved and identified the attacker’s location.
Improved Security in Smart Contracts
Historically, smart contracts were prime targets for hackers. However, the 2024 HackHub report by Merkle Science reveals a significant decline in funds lost to smart contract vulnerabilities. In 2023, hacked funds from smart contracts dropped by 92% to $179 million, down from $2.6 billion in 2022.
This decrease is attributed to advanced security tools that identify and fix weaknesses in smart contracts before exploitation. Additionally, hackers are opting for less technically challenging targets like private key theft.
Future Security Concerns
Private key leaks now pose the greatest security threat in the crypto space. Over 55% of hacked digital assets in 2023 were due to private key leaks. Pattnaik emphasized the need for robust security measures to protect private keys, noting, “The biggest security concern right now is the rapid increase in losses due to private key leaks. Hackers may be looking for easier targets that require less technical knowledge to exploit, such as stealing private keys.
