The number of hacks in Q3 2024 has dropped to its lowest point in three years, with only 28 incidents, across which a total of $463.6 million was stolen.
However, the overall outlook remains concerning as there’s no chance of recovering over $440 million of the stolen funds.
Worst Recovery Rates Ever
According to the latest report by cybersecurity firm Hacken shared with CryptoPotato, an alarming 95% of the stolen funds were lost permanently. This is a sharp contrast to earlier quarters when 50-60% of the stolen assets were frozen or recovered.
As such, this high rate of unrecovered funds highlighted the urgent need for stronger post-incident response strategies.
“This is the worst quarter in recent times in terms of recovered or frozen funds. Among all the victims, only three projects were able to recover the lost assets. We had hoped that the trend of refunding a percentage of the siphoned funds, which was common in previous quarters, would continue – but alas!”
When examining losses by region, Asia experienced the highest amount this quarter, with $264 million in losses. Australia followed with $43.3 million, while Europe reported $22.16 million, and North America saw $15 million in losses during the same period.
The most damaging type of attack continues to be when a malicious actor gains control over seed phrases or functions, allowing them to withdraw funds at will from wallets or smart contracts. With eight incidents and $316 million stolen in Q3, access control breaches accounted for more than twice the percentage of assets lost compared to all other attack types combined.
Next up is the reentrancy attack which is considered as one of the most persistent methods of extracting assets from a protocol. This involves an attacker exploiting a loop in the smart contract’s withdrawal function to repeatedly withdraw funds. This attack is especially harmful to protocols with liquidity pools.
Although there were only three reentrancy attacks this quarter, they resulted in losses exceeding $33 million across various assets.
Evolving Threats
Although traditional rug pulls have decreased, there has been a surge in meme coin launches on platforms like Base, Tron, and Solana. On Solana’s meme coin platform, pump.fun, more than 2 million coins were recently launched, but only 89 achieved a market cap of $1 million.
According to Hacken’s report, this indicates that many rug pull scammers have shifted to these platforms, creating low-value coins that imitate rug pull tactics without demonstrating legitimate activity.