A recurring theme in the web3 ecosystem, private key thefts have spiked significantly in March 2024 leaving behind the greatest financial imprints. As per the most recent findings by Web 3 security firm, Certik, private key compromises from March 12 until March 16 cost approximately $22.96 million in losses overall.
These events also show the continuous exposure of private keys on the digital asset market, where 2024’s first quarter Q1 resulted in $239 million worth of losses caused by such attacks. This is dramatically higher than the cases of the earlier year of 2023.
Moreover, the number of cases of private key breaches has also been on the rise, with 24 attacks being observed in 2024 compared to 11 in the first quarter of 2023. The accident with Chris Larsen, Co-founder and Executive Chairman of Ripple whose X account was compromised accounted for almost all losses to this attack vector and amounted to somewhere about 112 Million dollars.
Major Private Key Compromises of March
- NFPrompt: A group of hackers broke into Prompt’s wallet and compromised the accounts of contract administrators of the company causing approximately $10.4 million in losses. A suspicious wallet set up a multi-sig wallet and sent around $7 million of NFP tokens. What’s more, around 3.6 million NFT tokens currently worth $3.4 million at the time of transaction have moved to MEXC.
- Mozaic Fi: On March 15, the private key was stolen from the Master role wallet of Mozaic Fi. In total, $2.1 was swindled from the users and sent to MEXC and Binance. Fortunately, Mozaic Fi even recovered 90 % of the stolen money by reporting and freezing the funds on relevant exchanges on time.
- Wilder World: Nine legacy vesting contracts of Wilder World were illegally breached and assets worth $1.81 million were stolen. This breach concerned the compromised deployer’s private key which allowed an attacker to divert balances of contract tokens.
- Remilia: On March 16, the wallets of Remilia, the founder Reported a phishing attack. The attacker gained access to many wallets by hijacking the BitWarden account. 300 ETH and several assets worth a further 544 ETH, which included REMIO and MILADY NFTs, were stolen from multiple wallets.
Understanding Private Key Theft
The private keys, which are the cryptographic keys, can be used to access the digital assets located on the blockchain networks. They are imperative for transaction approval and management of cryptocurrency holdings.
Private keys can be stolen through phishing attacks, malware, social engineering, etc. or software and hardware wallets vulnerabilities. Phishing attacks usually consist of fake emails or powered websites aimed at stealing user’s keys or access to their digital wallets. The major goal of social engineering attacks is to persuade an individual to reveal some vital information, e.g., a password or private key.
Will PKT keep on rising in 2024??
If the same trends continue, we will likely see a higher number of private key incidents compared to 2023. This will continue to be a major driver for losses in the ecosystem. Hence the security of private keys should be a top priority for private or public entities in the rapidly growing digital assets arena.
