Open in app

Sign in

Write

Sign in

Crypto Security Truths: Issue 14

Cyber Strategy Institute
21 min readOct 7, 2024

--

Top Cybersecurity Incidents, Topics, Tools and Issues in Web3, Crypto, and Blockchain Space This Week

27 Sep 24–4 Oct 24

Don’t forget you can vote up to 50-times a day for your favorite articles. We accept more than 1-vote.

Introduction

Imagine being held at gunpoint, forced to transfer millions in crypto to your captors — a nightmare that became reality for crypto executive Nick Drakon. This chilling incident isn’t isolated; from Costa Rica to Ukraine, armed robberies targeting crypto holders are on the rise. Meanwhile, in the digital realm, a staggering $753 million was lost to hacks and scams in Q3 2024 alone. What’s driving this surge in both physical and cyber threats? As we delve into this week’s summary, we’ll uncover how a single misplaced click led to a $231 million heist from WazirX, and why the approval of Spot Ethereum ETFs signals unwavering institutional faith despite these dangers. We’ll explore the double-edged sword of innovation, where tools like Drosera offer real-time threat detection, while simultaneously, criminals evolve their tactics from digital to physical attacks. In this high-stakes world where blockchain meets the real world, are we witnessing the birth of a new era of crime, or can the crypto community rally to protect both digital assets and human lives?

Hacked

Bedrock Exploit: A Costly Lesson in Smart Contract Oversight

On September 25, 2024, Bedrock’s uniBTC vault experienced a major vulnerability, allowing Ethereum deposits to be exchanged for Bitcoin at an inflated rate, resulting in a $2 million loss. The vulnerability, affecting 8 different blockchain networks, stemmed from a mishandling of native tokens on non-native BTC chains, rendering safeguards against unauthorized minting ineffective. This flaw allowed users to mint uniBTC tokens in unintended ways.

Dedaub discovered the issue and immediately alerted Bedrock, but the protocol’s delayed response allowed attackers to drain millions before contracts were paused. The exploit highlighted the dangers of deploying unaudited smart contract upgrades in DeFi, with 125 exploiters across multiple chains taking advantage of the flaw.

Bedrock now faces a $1.8 million liquidity shortfall and a significant blow to its reputation. The incident serves as a cautionary tale about the importance of thorough audits and careful protocol management in the fast-moving world of decentralized finance. [ rekt blog ]

Analyst Takeaway: The Bedrock exploit serves as a stark reminder of the critical importance of thorough audits in DeFi environments. The fact that a $2 million vulnerability was exploited across eight blockchain networks highlights how easily mishandling of smart contracts can lead to massive financial losses and reputational damage. As DeFi continues to evolve, stakeholders must prioritize rigorous oversight and timely response mechanisms to safeguard user assets.

Malware

GatherumMeeting Malware Alert

A newly rebranded malware called “GatherumMeeting” is spreading via the domain gatherum[.]ca. It uses the familiar tactic of luring victims with claims of beta testing or hiring for a team position, stating that the team doesn’t speak English and relies on “AI custom software.” This is a fraudulent scheme designed to trick users — avoid engaging with it. [ NFT_dreww on X ]

Global Sanctions Target Russia-Based Evil Corp Cybercrime Syndicate

On October 1, 2024, the U.S. Department of Treasury’s OFAC, the UK’s FCDO, and Australia’s DFAT imposed joint sanctions on members of Evil Corp, a Russia-based cybercrime syndicate responsible for over $100 million in theft via Dridex malware and BitPaymer ransomware. Building on a 2019 OFAC action against Evil Corp’s leader, Maksim Yakubets, and affiliates linked to Russian intelligence, these new sanctions further expose the group’s deep ties to Russia’s FSB and its collaboration with Lockbit, a notorious ransomware group. Evil Corp and Lockbit have shared cryptocurrency addresses and infrastructure, showcasing their operational overlap.

In a coordinated global crackdown, law enforcement in the U.K., France, and Spain arrested Lockbit affiliates and seized servers, disrupting their ransomware operations. An investigation by the UK’s National Crime Agency (NCA) revealed additional Evil Corp members, including Aleksandr Ryzhenkov, a key figure linked to both Evil Corp and Lockbit, as part of Operation Cronos. Evil Corp’s criminal activities have extorted over $300 million globally, and the recent sanctions target 16 members, including previously undisclosed individuals. This multilateral effort emphasizes the power of international cooperation in tackling cybercrime, exploiting blockchain transparency to trace illicit activities, and disrupting major cybercrime syndicates like Evil Corp and Lockbit. [ Chainalysis blog] [ Chainalysis on X ] [ National Crime Agency NCA on X ]

Analyst Takeaway: The emergence of “GatherumMeeting” malware illustrates the innovative tactics cybercriminals employ to exploit unsuspecting victims. By masquerading as job offers or beta testing opportunities, this malware exemplifies how social engineering remains a powerful weapon in the cyber arsenal. The recent sanctions against the Evil Corp syndicate demonstrate that international cooperation is vital in combating such threats, yet the persistence of these sophisticated networks indicates a long battle ahead.

Phishing

Spear Phishing Warning from MichaelK.eth

MichaelK.eth shared a cautionary thread on X (formerly Twitter) about the dangers of spear phishing in web3. He highlighted how these threats from web2 can compromise your web3 assets, urging users to be cautious. Although the files sent by scammers may not immediately contain malware, the real danger comes during scheduled meetings through unfamiliar software, where malicious payloads are executed. The thread emphasizes the importance of vigilance, trust verification, and using security tools like RevokeCash and WalletGuard to protect against such scams. [ MichaelKdc on X]

Address Poisoning Scam — User Rekt for $100,000

Web3 Antivirus reported an address poisoning scam where a user lost $100,000 by sending funds to a fake address mimicking their original one. The user was also scammed for $12.5k in ETH shortly before. Address poisoning, where scammers create look-alike addresses to trick users into sending funds, is an increasing threat. Solutions like Rabby and Web3 Antivirus aim to warn users before they interact with suspicious addresses. While Web3 Antivirus is working on SOL support, they offer tools to help users monitor transactions and avoid such attacks. [ Web3 Antivirus on X ]

Address Poisoning Scam the Debate on Prevention

A recent address poisoning scam resulted in a loss of $100,000, where scammers manipulated a fake address to appear similar to the victim’s actual address. This type of attack often happens through direct transfers but can also occur with smart contract interactions. Some services like Rabby.io alert users when interacting with a new address, which could help prevent such scams if adopted more widely by wallets like MetaMask. However, critics argue that frequent warnings could lead to alert fatigue. In certain cases, scammers send small amounts (like 0.000 USDT) to a victim’s address to poison the transaction history, making future warnings less effective. Crypto experts suggest avoiding address copying and using bookmarks to minimize the risk, yet many users continue unsafe practices. [ Web3 Antivirus and Cryptoshields.et on X ]

Analyst Takeaway: The phishing landscape in the web3 space is increasingly dangerous, as highlighted by the address poisoning scams and spear phishing warnings. Users must remain vigilant and verify the legitimacy of communications, especially as sophisticated tactics continue to evolve. Utilizing available security tools is crucial, yet the responsibility ultimately falls on individuals to protect their assets by adopting safer practices, such as avoiding direct address copying.

Scammers

Beware of Coinbase KYC Scam Emails

NFT_Dreww.eth warns about a phishing scam involving fake Coinbase KYC emails. Scammers are sending emails urging users to update their information or risk account lockout. These emails appear legitimate but come from non-Coinbase sources like Staples or Timbermart. The scam tricks users into logging into a fake Coinbase site, capturing their credentials and 2FA details. Once scammers gain access, they change account settings and withdraw assets. Always verify the email sender and avoid clicking links — go directly to Coinbase’s website to stay safe. [ NFT_Dreww on X ]

Exposing Fraudulent Crypto Websites and Scam Tactics

Two scam websites — IQStockTrade.com and Abitrageindex.com — were uncovered after a detailed investigation aimed at protecting the online community. These sites target unsuspecting users through impersonation and social engineering tactics, primarily using fake social media accounts and fraudulent Discord servers to build trust. The scammers then redirect victims to these sites, prompting them to enter personal information and cryptocurrency deposits. Key warning signs include suspicious email addresses, fraudulent login sites, and unsolicited direct messages (DMs). Victims are advised to check if their personal information has been compromised on data breach websites and to stay vigilant by securing privacy settings, especially on Discord. Additionally, scam-related cryptocurrency deposit addresses have been identified and reported to aid law enforcement. [ Intell_On_Chain on X ]

Fake Chrome Extension — Lido Staking Intercepted

User being scammed on Lido.fi’s official site due to a malicious browser extension. The extension secretly redirected funds instead of completing staking transactions. The user had no knowledge of how the malicious extension was installed, highlighting the importance of checking extensions and using secure browsers when interacting with Web3. These incidents underscore the need for constant vigilance and caution when dealing with digital assets and online platforms. Stay safe by verifying sources and avoiding unsolicited DMs or unexpected browser extensions. [ 1c4m3by on X ]

CEX Criteria is a Scam on Projects?

The conversation highlights the ongoing challenges web3 game developers face when launching tokens, particularly the reliance on outdated and inflated social media metrics, such as Twitter followers, to meet Tier 1 centralized exchange (CEX) listing requirements. Despite exchanges knowing these metrics are unreliable, they still demand them, as a listing on a major CEX like Binance can significantly boost a project’s Fully Diluted Valuation (FDV), making it highly lucrative for developers. This leads to a cycle of “pump and dump” behavior, where projects build hype, secure a listing, see a short-term surge in value, and then crash. Likely due to the significant impact of a listing on Binance can have on a project’s Fully Diluted Valuation (FDV). For instance, new projects on Binance can reach a $700M FDV, while listings on smaller exchanges typically stay between $100M-$300M. Alternatives like decentralized exchanges (DEXs) are gaining traction for their autonomy, but still come with trade-offs. Some exchanges are shifting toward evaluating game revenue rather than follower count, though this too is prone to manipulation. In the current market, the flawed system persists because the financial rewards are too substantial for many projects to ignore.

Key factors for securing a listing on a Tier 1 CEX:

  1. Inflated social media metrics (e.g., 100k+ Twitter followers).
  2. Ability to generate significant hype prior to listing.
  3. High Fully Diluted Valuation (FDV) projections, especially on Binance.
  4. Strong treasury for post-listing campaigns or token sales to VCs.
  5. Potential revenue metrics in place of follower count (for some exchanges).

Recommendations for projects:

  1. Explore DEX-only launches for more autonomy and control.
  2. Build real, engaged communities rather than inflating social metrics.
  3. Prioritize generating authentic game revenue as a more sustainable metric.
  4. Be mindful of manipulation in metrics like revenue or followers to avoid short-term “pump and dump” dynamics.
  5. Focus on creating long-term value for the token rather than just securing a listing boost.

ScamSniffer September Phishing Report

In September 2024, crypto phishing scams resulted in approximately $46 million in losses from 10,000 victims. The total phishing losses for Q3 2024 reached $127 million, with two major victims accounting for $87 million. Common phishing methods included fake signatures and contaminated addresses, with most phishing attacks originating from fake accounts on X and Google phishing ads. ScamSniffer emphasizes the importance of user vigilance and offers solutions like phishing signature displays and blocklists to help users protect their assets. [ RealScamSniffer on X ]

FTX Phishing Site Impersonation Warning

ScamSniffer warned users about phishing sites pretending to be the official FTX Customer Claims Portal. These fraudulent sites are targeting users affected by the FTX collapse, preying on their desire for recovery. ScamSniffer urges caution and suggests enhancing security by using its extension to help detect phishing attempts. This warning serves as a reminder of the risks posed by recovery scammers, particularly in the aftermath of large-scale crypto events like FTX’s downfall. [ RealScamSniffer on X ]

ZachXBT Exposes Ape 31 Trading Scam

ZachXBT revealed details about Ape 31, a scammer who defrauded over 250 victims, stealing $650,000 through fake trading schemes. Ape 31 manipulated victims by promising significant profits and blackmailing them into sending more funds, only to disappear afterward. Victims reported similar tactics, including fabricated trading results and ghosted communications. ZachXBT mapped out the scammer’s network of deposit addresses and hopes this information will assist law enforcement in identifying and stopping Ape 31. [ ZachXBT on X ]

Analyst Takeaway: The prevalence of scams targeting cryptocurrency users underscores the urgent need for greater awareness and education within the community. With tactics ranging from phishing emails to fraudulent websites, scammers are exploiting vulnerabilities in user behavior. By enhancing personal security measures and staying informed about common threats, individuals can mitigate their risk of falling victim to these increasingly sophisticated scams.

Crime

Illicit Virtual Asset Notification Public-Private Partnership (IVAN)

The White House announced in October 2021 the launch of the Illicit Virtual Asset Notification (IVAN) platform, a public-private partnership to improve the detection and disruption of illicit virtual currency activities, such as ransomware payments. MITRE, as the platform’s trusted third party, collaborated with various government agencies and private industry members to create a sharing platform that enables partners to exchange intel on illicit virtual asset use. IVAN aims to enhance both technical capabilities and global outreach to combat cybercriminals exploiting blockchain technology. [ Chainalysis on X and MITRE ]

Analyst Takeaway: The collaborative efforts represented by platforms like the Illicit Virtual Asset Notification (IVAN) initiative demonstrate a proactive approach to combating cybercrime. By fostering collaboration between the public and private sectors, these efforts aim to enhance detection capabilities for illicit virtual currency activities. Continuous research and intelligence sharing will be critical in staying ahead of emerging threats in the evolving landscape of cryptocurrency.

On-Chain

Nolan’s White Hat Fix for SEI Vulnerability

DeFiHackLabs celebrated community white hat Nolan, who identified and fixed a critical vulnerability in SEI Network. For his contribution, Nolan earned a $150,000 reward. This achievement highlights the important role of white hats in maintaining DeFi security and protecting users from potential exploitation. [ DeFiHackLab on X ]

Analyst Takeaway: Nolan’s successful identification of a critical vulnerability in the SEI Network is a testament to the invaluable role of white hat hackers in enhancing DeFi security. This incident not only underscores the potential for positive contributions from the community but also highlights the need for ongoing investment in security measures. Rewarding such efforts is essential to encourage proactive engagement in identifying and mitigating vulnerabilities.

News

SunSec’s Web3 CTF Co-Learning Success

SunSec concluded its first 21-day Web3 CTF Co-Learning session, which saw 110 participants, 34 of whom successfully completed the challenge, with 9 achieving perfect attendance. SunSec encouraged participants to continue honing their skills and hinted at a second session, showcasing the growing interest in collaborative cybersecurity learning in the Web3 space. [ DeFiHackLabs on X ]

Ben.eth Sends 245 ETH to Exchanges

Ben.eth’s recent activity raised curiosity when it was discovered that he transferred 245 ETH to Coinbase and HitBTC. While some observers speculated on the intent behind the transfers, platforms like MetaSleuth provided a transparent view of the transactions. Discussions ensued on the potential implications for his followers, with no indication of malicious intent but plenty of intrigue. [ Intell_On_Chain on X ]

Eigenlayer Token Dump Sparks Speculation

A wallet received 1.67 million $EIGEN tokens from the Eigenlayer team and promptly sold them via MetaMask for $3.3 per token, incurring over $50K in fees. The transaction raised eyebrows within the community, with observers noting the use of ChangeNow to fund the wallet without KYC verification. While Eigenlayer is investigating, the event has led to lively discussions, with many questioning the motives behind the sudden sale. [ WazzCrypto on X ]

Derivative Markets and Bitcoin Debasement Debate

Willy Woo sparked a debate on whether derivative markets on Bitcoin dilute its fixed supply, likening it to monetary debasement. He argues that “paper BTC” created through futures and other financial instruments dilutes the scarcity of Bitcoin, which underpins its value. While Bitcoin’s hard cap of 21 million coins is central to its appeal, derivative markets allow institutions to take exposure without owning physical BTC, thus introducing a fiat-like quality. Woo suggests that the growth of futures markets could suppress Bitcoin’s price unless its market cap grows significantly. [ Woo on Economics on X ]

Analyst Takeaway: This week’s insights reveal a dynamic landscape within the crypto and Web3 sectors, emphasizing the growing importance of education, transparency, and critical discussions about market impacts. SunSec’s inaugural Web3 CTF Co-Learning session attracted 110 participants, with 34 completing the challenge and 9 achieving perfect attendance, highlighting a strong interest in collaborative cybersecurity learning in the Web3 space. Meanwhile, the recent transfer of 245 ETH by Ben.eth to exchanges sparked curiosity without signs of malicious intent, as platforms like MetaSleuth provided transparency and prompted discussions on potential implications for his followers. Additionally, Eigenlayer’s sudden sale of 1.67 million $EIGEN tokens for $3.3 each raised eyebrows and questions about the motives behind such transactions, particularly when bypassing KYC verification. This incident underscores the necessity for greater scrutiny and transparency in token sales to maintain investor trust. Lastly, Willy Woo’s critique of Bitcoin’s derivative markets introduces a compelling debate about their potential to dilute Bitcoin’s inherent value, as the proliferation of “paper BTC” challenges the scarcity that underpins its appeal. Collectively, these developments illustrate the importance of continued engagement, transparency, and critical analysis in navigating the evolving crypto landscape.

Tools

Pre-Launch Security Framework for Crypto Projects

A new specialized security framework is designed for crypto projects before token listings, focusing on identifying vulnerabilities during the pre-launch phase. This proactive approach enhances security, giving developers and early investors confidence in the project’s resilience. By addressing potential weaknesses early on, this framework aims to ensure a more robust and secure launch, mitigating risks that could affect token performance and trust. [ Certik on X ]

Smart Calendar for Crypto Events

The Smart Calendar is a tool to stay on top of critical crypto events like airdrops, token unlocks, centralized exchange (CEX) listings, and major project updates. It provides a streamlined way for users to stay informed and ahead of the market, ensuring they never miss an important event. This tool helps users make timely decisions, keeping them at the forefront of key developments in the crypto space. [ Certik Community on X ]

Drosera and the Evolution of Web3 Security

The early days of Web3 resembled the Wild West, with vulnerabilities leading to fast-spreading exploits and slow security responses. Today, security in Web3 is evolving, and automated solutions like Drosera are becoming the new standard. Unlike traditional, manual intervention systems, Drosera detects and mitigates threats in real-time, preventing a single vulnerability from causing widespread damage. This shift towards proactive, embedded security ensures that Web3 protocols remain secure without compromising decentralization. [ 0xkr8os on X ]

The Future of Development with Free Security Tools

Free security tools are shaping the future of crypto development, as highlighted by a discussion on Roscoe’s vision for open-source security and the community’s support for tools like RevokeCash. These tools foster collaboration and innovation, allowing developers to enhance security without financial barriers. Open-source solutions help protect users and developers alike, promoting a more secure crypto ecosystem. [ levelupweb3 on X ]

Best Tools for Tracing in Blockchain Audits

In an interview with CyfrinAudits, the best tools for blockchain tracing were discussed, including Phalcon Explorer, Tenderly, OpenChain, and Dedaub for contract decompilation. Phalcon Explorer’s tips include disabling static calls to reduce noise, using color markers, and focusing on gas usage to identify key calls. Though tracing hacks can be challenging initially, experience with these tools leads to significant improvements in speed and accuracy, enhancing the audit process. [ 00xSEV on X ]

X’s Encrypted DMs for Privacy and Security

X (formerly Twitter) is rolling out encrypted DMs to enhance user privacy, ensuring that private messages remain secure — even from the platform itself. The encryption process relies on device-specific private and public key pairs, with a per-conversation key to encrypt messages before they leave the sender’s device. This ensures that even under pressure, X cannot access users’ messages. The feature is in early access, with plans for widespread release soon, aiming to prioritize privacy in digital communication. [ NFT_Dreww on X ]

Single Pane of Glass for Trusted Sources

The MetaMask dApp Store launch provides a secure, single source for trusted companies and links in Web3, helping users avoid scams, misspellings, and malicious redirects. Trusted names like ApeCoin, Arweave, Malwarebytes, and others are already part of this rollout, making Web3 navigation safer. However, there’s concern about review times for new dApps. [NFT_Dreww on X ]

Spectra Tool for Transparency in Non-KYC Exchanges

Spectra, a tool in beta by IOC, offers transparency in tracking transactions across non-KYC exchanges like ChangeNOW and FixedFloat. Powered by Arkham Intel, it helps users evaluate the risk of a protocol or exchange, providing insights into transaction behavior. Currently available in Terminal, this tool offers a sneak peek into whether a protocol might be malicious, simplifying the “Do Your Own Research” (DYOR) process. [ CryptoaaService on X ]

Revoke.cash Introduces Batch Revoking

Revoke.cash has launched “Batch Revoking,” allowing users to queue up multiple revocation transactions in one session. This new feature streamlines the process of securing permissions in the Web3 space, making it more convenient to safeguard assets. [ Revoke Cash on X ]

Analyst Takeaway: This week’s developments underscore the vital role of innovative tools and frameworks in bolstering security within the crypto space. A new security framework is being implemented for crypto projects before token listings, proactively identifying vulnerabilities and instilling confidence among developers and early investors in the project’s resilience. Meanwhile, the Smart Calendar tool helps users keep track of essential crypto events — such as airdrops and CEX listings — ensuring they stay informed and can make timely decisions. As security in Web3 evolves from its chaotic beginnings, solutions like Drosera are leading the charge with automated, real-time threat detection, significantly reducing the risk posed by individual vulnerabilities. The discussion around open-source security tools, such as RevokeCash, highlights the community’s commitment to fostering collaboration and innovation, ensuring developers can enhance security without financial barriers. For blockchain audits, tools like Phalcon Explorer and Tenderly are essential for tracing transactions, improving audit processes and accuracy. The rollout of encrypted DMs by X (formerly Twitter) marks a significant step toward prioritizing user privacy in digital communication, ensuring that even the platform cannot access private messages. The launch of the MetaMask dApp Store introduces a secure, centralized resource for trusted companies in Web3, helping users navigate the space safely. Finally, Spectra is set to improve transparency in non-KYC exchanges, assisting users in evaluating transaction behaviors and risks, while Revoke.cash’s new “Batch Revoking” feature streamlines the process of securing permissions, making it easier to protect assets. Together, these tools and frameworks illustrate a collective movement towards enhanced security, transparency, and user empowerment in the ever-evolving world of crypto.

Research

Physical Threats in the Crypto World

As digital wealth rises, so does the risk of physical threats. A chilling story of Nick Drakon, a crypto exec who was forced at gunpoint to transfer millions in crypto, highlights the growing danger. Similar incidents are happening globally — from armed robberies in Costa Rica and Ukraine to a high-stakes kidnapping in Malaysia. These incidents reveal the dark side of crypto, where digital assets attract real-world violence, transforming online wealth into physical peril. As criminals shift from digital to physical attacks, crypto holders face new, grave risks. [ rekt on and blog ]

Hack3D Q3 2024 Report Summary

In Q3 2024, 155 hacks, scams, and exploits in Web3 led to a total loss of $753 million — a 9.5% increase in value compared to Q2, despite fewer incidents. The losses bring the total for 2024 to $2.24 billion across 611 incidents. Phishing was the most common attack vector, causing $343 million in losses. Ethereum was the most targeted blockchain, accounting for $387.9 million lost across 86 incidents. Notable hacks included WazirX ($231M), BingX ($48M), and Penpie ($27M). $30.9 million was recovered across 9 incidents, reducing Q3’s net losses to $722 million. Despite rising attacks, institutional interest remains strong, as reflected in the approval of Spot Ethereum ETFs. [ Certik on X ]

MistTrack Q3 2024 Report Summary

MistTrack’s Q3 2024 report analyzed 313 cases of crypto theft, with 228 from domestic sources and 85 from international ones. Private key leaks and phishing attacks remained the top causes of theft, driven by careless key storage and misleading ads or links. MistTrack helped freeze $34.39 million in stolen assets across 16 platforms and reported a rise in fake mining pool scams and fraudulent OTC trades. The report stressed prevention through secure private key storage, cautious link usage, and awareness of fake projects. MistTrack also offers free consultation services to victims of theft and continues to enhance its AML and asset-tracking tools. [ Mist Track on X ]

PeckShieldAlert September 2024 Hack Summary

In September 2024, over 20 crypto hacks resulted in $120.23 million in losses, not including the $32.4 million drained via phishing using Permit signatures. The top incidents included hacks on BingX ($44M), Penpie ($27M), and Indodax ($21M). Other notable targets were DeltaPrime, Truflation, Shezmu (partial funds returned), and Onyx, with smaller losses ranging from $1.4M to $5.98M. This report highlights continued vulnerability across major platforms. [ Peck Sheild Alert on X ]

Analyst Takeaway: The analysis this week sheds light on the alarming intersection of physical threats and cybercrime within the crypto landscape, revealing a disturbing trend as digital wealth increasingly translates into real-world violence. High-profile incidents, such as the harrowing case of Nick Drakon being forced at gunpoint to transfer millions in crypto, underline the gravity of these risks that crypto holders now face. As the latest Hack3D Q3 2024 report details, the crypto sphere witnessed a staggering $753 million lost to 155 hacks, scams, and exploits, marking a 9.5% increase in financial losses despite fewer incidents. Phishing attacks emerged as the primary vector, causing $343 million in losses, while Ethereum was notably the most targeted blockchain. Complementing this, MistTrack's report emphasized the need for heightened security practices, as private key leaks and phishing scams remain prevalent. With over $34 million in stolen assets frozen, the necessity for proactive measures is clear. Additionally, PeckShieldAlert's summary of September's hacking incidents reveals a continuous wave of vulnerabilities, with major exchanges suffering significant losses. Despite these threats, institutional interest persists, illustrated by the approval of Spot Ethereum ETFs. Collectively, these findings illustrate a pressing need for enhanced security awareness and preventive measures within the crypto community, as both digital assets and their holders confront unprecedented dangers.

Conclusion

This week’s developments paint a stark picture of the cryptocurrency landscape’s evolving challenges and opportunities. With Q3 2024 seeing $753 million lost to hacks and scams, including high-profile incidents like the $231 million WazirX heist, the urgent need for enhanced security measures is clear. The rise in physical threats, exemplified by Nick Drakon’s harrowing experience, adds a troubling dimension to digital asset ownership. Yet, amidst these challenges, innovation flourishes. Tools like Drosera for real-time threat detection, Spectra for non-KYC exchange transparency, and the MetaMask dApp Store for secure navigation showcase the community’s proactive stance. The approval of Spot Ethereum ETFs signals sustained institutional confidence, highlighting the sector’s resilience. Moving forward, the crypto world must balance technological advancement with robust security practices and user education. The community’s ability to adapt swiftly, implementing pre-launch security frameworks and leveraging tools like the Smart Calendar, will be crucial. As we navigate this complex landscape, the collaboration between developers, users, and security experts will be paramount in forging a future where cryptocurrency is not just profitable, but also secure in both digital and physical realms.

Thanks for getting this far in our article. Don’t forget that you can vote up to 50-times a day for your favorite articles on Medium. We accept more than 1-vote, as it helps us spread the Cybersecurity insights into Crypto. The more people that see this information, the more people we can help. We should share information about criminals and scammers to help protect each other, just like we pick up stray trash and put it in the trash can.

Further Resources about Cyber Strategy Institute:

If interested in other analysis, checkout our other Medium articles, our Indpeth Analysis Articles and for more of a daily understanding of the Cryptoverse follow our Twitter account. Relying on a dying Cybersecurity model is not a foundation for success; that is what Warden changes for the good!

Warden

It is designed leveraging a Zero Trust model, stopping all known bad and unknown malicious threats. This starts by defending at the kernel level, so that any software does not know it’s been placed into a sandbox. We call this the “Inception Protection” model, which will not allow any program to impact your systems. No other system can do this on the market today. Protect your digital life, your families or your organization today with Warden!

If you want a 50% Discount on your purchase, then sign up for our newsletter, and we will send you the code for your support. Just reply to your first email saying you would like a discount.

Cyber Strategy Institute

Medium: https://cyberstrategy1.medium.com/

Twitter: https://twitter.com/CyberStrategy1

X: https://x.com/Warden_Secure

Website: https://cyberstrategyinstitute.com

Protect Yourself, Family or Business Today with Warden!

https://cyberstrategyinstitute.com/personal-protection-warden

Web3
Crypto
Blockchain
Cybersecurity
Crypto Security Truths

--

--

Cyber Strategy Institute

Written by Cyber Strategy Institute

70 Followers

Crypto Security Truths - Scam Hunter, ZeroTrust Endpoint Defense & writing about all things Crypto Security. Stay up-to-date on latest Threats by following us!

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams