Phishing Scams Dominate Crypto in 2024: What We Learned About Security

Tags: certik, scam, security

Key Takeaways

1. Phishing scams became the biggest threat to crypto users in 2024, stealing over $1 billion.
2. Private key theft remains a significant issue, exposing gaps in user awareness and security.
3. While overall losses have decreased since 2021-2022, phishing attacks are a stark reminder that crypto security still has a long way to go.

The Rise of Phishing in 2024

Phishing scams exploded in 2024. According to CertiK, a blockchain security firm, phishing attacks stole over $1 billion from crypto users. That’s almost half of all crypto-related thefts last year! CertiK recorded 296 phishing incidents, with three attacks alone causing losses of more than $100 million each.

These scams are dangerous because they don’t just target systems; they exploit people. Scammers use fake emails, websites, and messages to trick users into giving up sensitive information—passwords, wallet addresses, or private keys. Once the funds are gone, there’s no getting them back. It’s the dark side of crypto’s irreversible transactions.

Phishing Tactics: Smarter and Sneakier

Phishing scams aren’t what they used to be. They’ve evolved to keep up with crypto’s rapid development. Here are some of the sneakiest methods scammers used in 2024:

• Fake platforms: Scammers created convincing copies of trusted exchanges and marketplaces. One click on the wrong link, and users handed over their credentials.
• Mobile wallet tricks: Hackers sent fake notifications to mobile wallets, pretending to be trusted apps. Users unknowingly approved malicious transactions.
• “Ice Phishing”: Instead of stealing private keys outright, scammers convinced users to approve harmful transactions, redirecting funds to the scammers’ wallets.
• Address poisoning: Fraudsters inserted fake wallet addresses into transaction histories. Victims accidentally copied these addresses when transferring large sums, sending their funds directly to the hackers.

One major incident involved a trader who lost $68 million in May 2024 due to address poisoning. In a rare twist, the hacker returned the money after intense pressure from blockchain security firms.

Another case in August saw a creditor from Genesis lose $243 million. Scammers impersonated Google and Gemini support staff, tricking the victim into resetting their two-factor authentication (2FA). They drained the account and even accessed private keys stored in the victim’s Bitcoin Core wallet.

Numbers That Tell the Story

CertiK’s report painted a stark picture of crypto’s security challenges in 2024:

Metric	Value
Total stolen funds	$2.36 billion
Losses from phishing	$1.05 billion (296 cases)
Losses from private key theft	$855.4 million (65 cases)
Largest monthly loss	$444.4 million (May)
Most targeted blockchain	Ethereum ($748.7 million)

Phishing caused twice as much damage as private key theft. And Ethereum, as the most widely used blockchain, was the top target. While Bitcoin and Tron also saw significant losses, it’s clear that no platform is immune.

Incidents & Losses in 2024. Source: Certik

Is Crypto Security Improving?

When comparing 2024 to previous years, the numbers are mixed. Losses increased by 31.6% compared to 2023, but they were still far below the $5.2 billion stolen in 2021 or $3.5 billion in 2022. That’s a good sign, but it’s not time to celebrate just yet.

CertiK’s analysis found a link between Total Value Locked (TVL) in DeFi protocols and security risks. As TVL rises, so do the stakes. But other factors also play a role:

• New attack techniques: Scammers are always finding smarter ways to trick users.
• Uneven security standards: Not all platforms take security seriously.
• Regulatory gaps: Weak regulations make it easy for hackers to operate in certain countries.
• Market volatility: When prices swing wildly, hackers see opportunities.

Fighting Back: The Heroes of Crypto Security

Not all the news is bad. Many people and organizations worked hard in 2024 to protect crypto users. Here’s how:

• Security Alliance: This white-hat hacker group, led by Samczsun, handled over 900 cases since mid-2023.
• Binance: The world’s largest crypto exchange developed tools to combat address poisoning, protecting millions of users.
• CertiK and others: Security firms kept innovating, creating tools to identify and prevent scams.

Even the community played a role. Users flagged suspicious activities, shared warnings, and helped each other stay safe.

Lessons from 2024 and the Way Forward

Phishing scams in 2024 taught us some hard lessons about crypto security. If you want to stay safe, here’s what to do:

1. Be cautious: Double-check emails, links, and messages. Don’t click anything that seems off.
2. Protect your private keys: Use hardware wallets, and never share your keys with anyone.
3. Enable 2FA: It’s a simple but effective layer of protection.
4. Stay informed: Learn about new scams and how to avoid them.
5. Choose trusted platforms: Stick to exchanges and wallets with strong security records.

Finally, the industry needs to work together. Developers, exchanges, security firms, and users must collaborate to stay ahead of scammers.

CertiK’s Role in Securing Web3

CertiK isn’t just reporting on crypto scams—it’s fighting them. Here are some of the tools and services it offers:

• KYC services: Certifying project teams to ensure transparency.
• Penetration testing: Finding vulnerabilities before hackers do.
• Bug bounty programs: Rewarding white-hat hackers who find security flaws.
• Real-time alerts: Warning users about scams and exploits.

With platforms like Skynet and Smart Money Wizard, CertiK helps users and developers protect their funds and stay ahead of threats.

Final Thoughts

Phishing scams stole the spotlight in 2024, but they also brought attention to a bigger issue: crypto’s ongoing security challenges. While the numbers are troubling, they’re also a call to action. By staying informed, taking precautions, and working together, we can make the crypto space safer for everyone.

The future of Web3 depends on how well we address these threats. Let’s learn from 2024 and take steps to protect the promise of decentralized finance.