‘Crypto’ crime surged in 2024; billions stolen in phishing

Getting your Trinity Audio player ready...

Digital asset criminals had yet another record-breaking year, stealing over $2.3 billion from victims across 760 reported on-chain incidents, a new report has revealed.

The ‘Web3 Security Report 2024’ by New York-based blockchain security firm CertiK revealed that last year’s loot was a 31.6% increase on the 2023 total, with the number of incidents increasing marginally. On average, the criminals stole $3.1 million per incident.

Phishing emerged as the top attack vector, with victims losing $1.05 billion in nearly 300 incidents. Phishing involves criminals sending links that look legitimate on the surface but redirect to fraudulent websites that steal log-in data and take control of a victim’s wallet. Phishing surges whenever there’s a data breach and customer data is leaked, with scammers using the leaked data to customize their phishing attempts. Two weeks ago, for instance, a revamped phishing campaign targeted users of hardware wallet Ledger using data leaked in a previous breach.

Phishing has recorded a sharp spike, surging from $243 million in 2023 and a mere $70 million in 2022.

According to a CertiK spokesperson, the figures are conservative as most incidents go unreported. The report also didn’t include some types of scams like pig butchering, which has exploded in recent years, with Tether accounting for over 80% of the payments.

Private key compromises were the second-deadliest vector, with 65 incidents that cost victims over $855 million. 

To protect against phishing campaigns, CertiK advises digital asset holders to enable two-factor authentication, examine URLs and emails carefully, treat any unsolicited communication with skepticism, avoid transacting over public Wi-Fi, and keep their software updated.

Beyond the consumer-targeting attacks, criminals were just as actively targeting centralized and decentralized platforms. As we reported, exchanges and DeFi platforms lost $1.27 billion in 2024. Overall, $2.2 billion was lost to hacks in 2024, and while it was higher than 2023’s $1.8 billion, it was lower than the record $3.7 billion stolen in 2022, according to Chainalysis.

Last year’s digital asset-related crimes went beyond the on-chain activity. On January 2, police officers in Le Mans, northwestern France, rescued a man tied up in the trunk of a car by abductors who had fled the scene. The criminals had reportedly demanded digital asset ransom from the man’s son, who’s a ‘crypto’ influencer living in Dubai.

In another incident, Pakistani police arrested seven suspects accused of kidnapping a local digital asset trader and forcing him to transfer $340,000 in digital assets.

Watch: Digital Asset Recovery takes token recovery seriously