Bitcoin 
Ethereum 
Tether 
XRP 
BNB 
Solana 
Dogecoin 
USDC 
Lido Staked Ether 
Cardano 
TRON 
Avalanche 
Chainlink 
Wrapped stETH 
Toncoin 
Sui 
Shiba Inu 
Wrapped Bitcoin 
Stellar 
Polkadot 
Hyperliquid 
Hedera 
WETH 
Bitcoin Cash 
LEO Token 
Uniswap 
Litecoin 
Pepe 
Wrapped eETH 
NEAR Protocol 
Ethena USDe 
Bitget Token 
Aptos 
USDS 
Internet Computer 
Aave 
Cronos 
POL (ex-MATIC) 
Mantle 
Ethereum Classic 
Render 
VeChain 
Monero 
MANTRA 
WhiteBIT Coin 
Bittensor 
Dai 
Artificial Superintelligence Alliance 
Arbitrum 
Ethena 
Kaspa 
Filecoin 
Fantom 
Algorand 
OKB 
Virtuals Protocol 
Cosmos Hub 
Stacks 
Ondo 
Optimism 
Bonk 
Immutable 
Celestia 
Movement 
Theta Network 
Binance-Peg WETH 
Coinbase Wrapped BTC 
Injective 
The Graph 
dogwifhat 
Pudgy Penguins 
Sei 
Worldcoin 
THORChain 
Kelp DAO Restaked ETH 
First Digital USD 
Rocket Pool ETH 
FLOKI 
Gate 
JasmyCoin 
Tokenize Xchange 
Mantle Staked Ether 
Lido DAO 
GALA 
Flare 
Lombard Staked BTC 
Maker 
Beam 
Fasttoken 
Usual USD 
The Sandbox 
KuCoin 
NEXO 
Pyth Network 
Tezos 
Kaia 
Solv Protocol SolvBTC 
Raydium 
Brett 
Renzo Restaked ETH 
EOS 
Helium 
Binance Staked SOL 
Ethereum Name Service 
Aerodrome Finance 
XDC Network 
Jupiter 
Flow 
Core 
Starknet 
Arweave 
Bitcoin SV 
AIOZ Network 
IOTA 
BitTorrent 
dYdX 
Marinade Staked SOL 
Curve DAO 
NEO 
Axie Infinity 
MultiversX 
Polygon 
Solv Protocol SolvBTC.BBN 
Fartcoin 
Decentraland 
Arbitrum Bridged WBTC (Arbitrum One) 
ether.fi Staked ETH 
Zcash 
Pendle 
ApeCoin 
Jito 
Akash Network 
Mog Coin 
Eigenlayer 
Chiliz 
ai16z 
L2 Standard Bridged WETH (Base) 
USDD 
Conflux 
Wormhole 
Jupiter Staked SOL 
Mina Protocol 
Compound 
Ronin 
Arbitrum Bridged WETH (Arbitrum One) 
Popcat 
SuperVerse 
PancakeSwap 
SPX6900 
eCash 
DOG•GO•TO•THE•MOON (Runes) 
Synthetix Network 
Gnosis 
Binance-Peg Dogecoin 
Ether.fi Staked BTC 
Chia 
Amp 
dYdX 
Axelar 
Tether Gold 
Notcoin 
Frax 
ZKsync 
Mantle Restaked ETH 
Peanut the Squirrel 
LayerZero 
Terra Luna Classic 
CHEX Token 
Reserve Rights 
Coinbase Wrapped Staked ETH 
Grass 
Vana 
Baby Doge Coin 
Turbo 
Super OETH 
Safe 
cat in a dogs world 
ORDI 
Oasis 
Echelon Prime 
sUSDS 
Beldex 
Blur 
Usual 
1inch 
Trust Wallet 
PayPal USD 
Avalanche Bridged BTC (Avalanche) 
PAX Gold 
DeXe 
pumpBTC 
Creditcoin 
APENFT 
Livepeer 
Frax Ether 
Goatseus Maximus 
TrueUSD 
Polygon PoS Bridged WETH (Polygon POS) 
Kusama 
Arkham 
cryptopolitan.com 4 h
Out of all the crypto scams plaguing users, private key theft and phishing are among the most prevalent a blockchain security firm has said.
Speaking to Cryptopolitan, a spokesperson for blockchain security firm CertiK said, “Phishing attacks are especially effective because they typically target human vulnerabilities rather than technical ones.”
“Attackers often create fake websites or impersonate well-known platforms to lure users into providing sensitive information,” the spokesperson said.
“Since private keys grant full access to one’s crypto assets, losing them can be financially devastating,” they added.
Phishing is a scam in which hackers deceive people into revealing sensitive information, such as a private key that allows access to a company’s systems. Private key theft can also occur when a hacker installs phishing malware, such as viruses, adware, or ransomware, on a user’s device to steal information.
According to an Oct. 31 CertiK report posted to X, October’s two most significant security incidents came from phishing crypto scams.
October’s two most significant security incidents came from phishing attacks. Source: CertiK
An attacker gained control of several signers’ private keys and smart contracts and was able to drain $58 million from lending protocol Radiant Capital. An unlucky Whale also lost $36 million in a phishing attack.
Overall, CertiK found that around $129.7 million was lost to exploits, hacks and scams throughout October. Specifically, $1.2 million to exit scams, $1.5 million to flash loan attacks, and $127 million to exploits, including the $94 million from Radiant Capital and the Whale’s phishing attacks.
October experiences more security incidents but lower losses
In 2024, an average of 63 crypto-related security incidents per month have been recorded. October sits above this average at 71 incidents. However, the number of incidents in October with losses above $1 million was the lowest in six months.
“October losses due to private key compromises accounted for approximately $75 million, and losses due to phishing scams accounted for approximately $50 million,” the CertiK spokesperson said. “Additionally, a lot less has been lost to code vulnerabilities this year,” they added.
In its Hack3d: The Web3 Security Quarterly Report, CertiK found that over $753 million was stolen by malicious actors in Quarter 3 across 155 security incidents. The value loss increased by 9.5% compared to Q2, but there were 27 fewer total incidents than in the previous quarter.
“From what we’ve seen, there has been a fundamental shift to the use of drainers as a service and private key compromises, which typically yield higher rewards for scammers and enable malicious actors without coding backgrounds to take advantage,” the CertiK spokesperson said.
“As smart contracts get more secure, combined with lucrative bug bounties, we expect code exploits to decrease. On the other hand, phishing is likely to increase if preventative measures do not improve.”
Crypto scam losses lower than previous years
A report from Blockchain intelligence firm TRM Labs found that losses from crypto hacking were down more than 50% from 2022 to 2023, thanks to improvements in industry security.
In the last two years, crypto losses have been far less than in 2022. Source: TRM Labs
In 2023, crypto projects lost about $1.7 billion to hacks and crypto scams, less than half the $4 billion stolen in 2022.
CertiK estimates losses in 2024 have exceeded $2 billion across the crypto space. Unless significant incidents happen in the next two months, 2024’s losses will likely be lower than 2022’s as well.
According to the CertiK spokesperson, while blockchain security has improved over the years, more work remains as attackers become more sophisticated and change tactics.
“Advances in blockchain security tools and techniques — such as more sophisticated auditing practices and enhanced on-chain monitoring — may discourage some malicious actors,” they said.
“Additionally, regulatory scrutiny and compliance standards have encouraged some protocols to implement stronger safeguards. However, there is still a lot of work to be done.”
