Hackers: Q3 2024 Sees Lowest Number of Hacks in Three Years, but Recovery Rates are Alarming
Overview
The number of hacks in Q3 2024 has dropped to its lowest point in three years, with only 28 incidents reported, resulting in a total of $463.6 million stolen. However, the overall outlook remains concerning as there’s no chance of recovering over $440 million of the stolen funds.
Worst Recovery Rates Ever
According to the latest report by cybersecurity firm Hacken, an alarming 95% of the stolen funds were lost permanently. This is a sharp contrast to earlier quarters when 50-60% of the stolen assets were frozen or recovered.
As such, this high rate of unrecovered funds highlights the urgent need for stronger post-incident response strategies.
“This is the worst quarter in recent times in terms of recovered or frozen funds. Among all the victims, only three projects were able to recover the lost assets. We had hoped that the trend of refunding a percentage of the siphoned funds, which was common in previous quarters, would continue – but alas!”
Regional Losses
When examining losses by region, Asia experienced the highest amount this quarter, with $264 million in losses. Australia followed with $43.3 million, while Europe reported $22.16 million, and North America saw $15 million in losses during the same period.
Most Damaging Attacks
The most damaging type of attack continues to be when a malicious actor gains control over seed phrases or functions, allowing them to withdraw funds at will from wallets or smart contracts. With eight incidents and $316 million stolen in Q3, access control breaches accounted for more than twice the percentage of assets lost compared to all other attack types combined.
Next up is the reentrancy attack, which is considered one of the most persistent methods of extracting assets from a protocol. This involves an attacker exploiting a loop in the smart contract’s withdrawal function to repeatedly withdraw funds. This attack is especially harmful to protocols with liquidity pools.
Although there were only three reentrancy attacks this quarter, they resulted in losses exceeding $33 million across various assets.
Evolving Threats
Although traditional rug pulls have decreased, there has been a surge in meme coin launches on platforms like Base, Tron, and Solana. On Solana’s meme coin platform, pump.fun, more than 2 million coins were recently launched, but only 89 achieved a market cap of $1 million.
According to Hacken’s report, this indicates that many rug pull scammers have shifted to these platforms, creating low-value coins that imitate rug pull tactics without demonstrating legitimate activity.
Conclusion
In conclusion, while the number of hacks in Q3 2024 has decreased, the recovery rates are alarming, with an overwhelming 95% of stolen funds lost permanently. This highlights the urgent need for stronger post-incident response strategies to mitigate the damage caused by these attacks.
FAQs
- What is the total amount of stolen funds in Q3 2024? The total amount of stolen funds in Q3 2024 is $463.6 million.
- What percentage of stolen funds were recovered or frozen? Only 5% of the stolen funds were recovered or frozen, with an overwhelming 95% lost permanently.
- Which region experienced the highest amount of losses in Q3 2024? Asia experienced the highest amount of losses in Q3 2024, with $264 million in losses.
- What is the most damaging type of attack in Q3 2024? The most damaging type of attack in Q3 2024 is access control breaches, which accounted for more than twice the percentage of assets lost compared to all other attack types combined.
- What is a reentrancy attack? A reentrancy attack is a type of attack that involves an attacker exploiting a loop in the smart contract’s withdrawal function to repeatedly withdraw funds, especially harmful to protocols with liquidity pools.
