Q1 2024 Witnesses Surge in Blockchain Security Threats: CertiK Co-founder Predicts Growing Complexities
Summary:
The first quarter of 2024 has seen a significant rise in the complexity of private key compromises and phishing attacks on blockchain systems, according to CertiK co-founder Ronghui Gu. Compared to Q1 2023, losses from private key attacks have increased by 1,171%, accumulating to $239 million. Phishing incidents have also raised concerns, with 18 attacks resulting in over $1 million losses. Despite these security threats, Gu believes utilising multisig wallets and multi-party computation can significantly mitigate risks. He emphasized on integrating Web2 and Web3 security practices and continuous employee education to counter upcoming threats.
As we delve into the opening quarter of 2024, more than the usual count of hacking incidents and exploits are emerging, shares Ronghui Gu, co-founder of the blockchain security company CertiK. What's causing a stir is the intricacy of attacks involving private key invasions and phishing strikes. Gu revealed to Cointelegraph that this quarter witnessed a substantial upsurge in losses associated with private key breaches compared to the initial quarter of the prior year. The quarterly security review, "Hack3d" by CertiK, pinpointed the losses caused by this specific attack to $239 million, resulting from merely 26 episodes.
A contrast with the same quarter in 2023 shows a massive leap in losses. During that period, it was approximately $18.8 million, marking a colossal 1,171% escalation for Q1 2024 that's caused by private key involvements. Moreover, the total number of phishing attacks stood at 83, amounting to a loss of $64 million. Gu voiced concerns over the embedded complexities in these attacks, pointing out that phishing attacks have reached distressing new heights, with every 18th case resulting in damages over $1 million.
Despite the continual threat from these two modes of attack for the Web3 space, Gu mentions the crypto fraternity isn't entirely vulnerable. He suggests that the deployment of multisig wallets and multi-party computation mechanisms could intensely boost security. "These approaches not only decentralize the authority power, reducing the possibility of single-point failures and unauthorized infiltrations, but also prohibit sole control over the assets by any entity, making it obligatory for attackers to target multiple parties to get hold of a project's private keys," Gu explained.
Gu believes that although the current threats might appear to be predominantly a Web3 issue, defensive tactics must involve both Web2 and Web3 security strategies. These include encrypting internal systems appropriately, enforcing multi-factor authentication, and undertaking frequent security reviews to identify and rectify potential vulnerabilities. Further, educating the workforce on the most recent phishing and social engineering techniques could significantly minimize security breaches, according to Gu.
When queried about the likelihood of the first quarter's trends extending throughout the year, Gu contemplated that a follow-through could be on the cards given the current market surge. He reasoned that as the market expands, so does the motivation for cybercriminals to exploit security weak spots. Gu added, "Taking into account the intensifying sophistication of the attacks, it's prudent to not only anticipate an increase in serious security incidents, but also proactively brace ourselves for the emergence of novel, avant-garde attack methods.
Published At
4/3/2024 4:00:00 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.