1
Private key compromises are expected to continue driving major losses in the cryptocurrency industry this year. Richard Patterson/flickr.com

KEY POINTS

  • During Q1 2023, PKC losses were at $18.8 million, meaning Q1 2024 saw a jump of 1,160% in dollar value loss
  • Ripple Labs' Chris Larsen was the biggest target of PKC actors so far in 2024
  • PKCs are expected to 'highly likely' drive major losses in the crypto world this year

Private key leakages have had a devastating impact on the web3 ecosystem, with approximately $239 million worth of digital assets lost in the said breaches, a new report by blockchain security firm CertiK revealed over the weekend.

During a five-day period in the middle of March, U.S.-based CertiK saw nine private key compromises (PKC) that resulted in combined losses of at least $22.96 million in the month, it revealed in the report. "These incidents showcase the continued devastation that private key leakages can have on the Web3 ecosystem which has already seen approximately $239 million lost to this type of attack in 2024," the firm said.

In comparison, CertiK identified some $18.8 million in losses due to PKCs during the first quarter of 2023, marking a staggering 1,160% increase in dollar value losses. In the same period last year, there were only 11 PKCs, compared to 24 attacks so far in Q1 2024.

Web3 and blockchain audit firm ImmuneBytes noted that bad actors who gain access to private keys can breach the wallets of not only regular decentralized finance (DeFi) participants, but even crypto whales, developers, and digital asset executives.

Such was the case with the biggest PKC attack so far in the year. PKC actors targeted the wallets of Chris Larsen, co-founder and executive chairman of payment protocol and digital asset exchange network Ripple Labs. Hackers stole around $112 million worth of cryptocurrencies after Larsen's private keys were compromised.

Another huge hack involving PKC was that of decentralized crypto exchange FixedFloat, which saw at least $26 million in Bitcoin and Ether pilfered in what the exchange said was an "external attack." The crypto firm previously clarified to International Business Times that user funds were not affected by the PKC hack.

CertiK is expecting threat actors to continue using PKCs as an attack vector this year and will "highly likely continue to be a major driver for losses in the Web3 ecosystem." If trends related to compromises in private keys continue this year, CertiK projects that 2024 will likely record a higher number of private key-related system breaches compared to 2023.

Exit scams – or scams that threat actors paint to look like legitimate projects only to end up being fake after investors put their money on such projects – are still the biggest crypto-related scams so far this year, with 26 incidents, compared to 24 in PKCs, CertiK noted.

Still, compromises of digital wallet private keys are a major driver for dollar losses in the cryptocurrency realm, the web3 security firm said.