“We are observing that operational security incidents are rising while smart contract exploits are declining, reflecting that attackers typically target the weakest points. As projects have focused their security investments on smart contracts, other critical areas have been left exposed,” CertiK, one of the leading blockchain and Web3 security firms, told CoinDesk.
How the hacks happen
Every crypto wallet has two key numbers. One is public, like a bank account number, which users share to receive money. The other is private, a string of characters like a user’s bank password, that proves ownership of funds in their wallet and lets them spend them.
But here is where it gets more complicated. If a user loses this private key, there is no bank-like option to reset it, no private banker to help access funds, and no fraud department to file a claim. Whoever holds that key holds the funds, regardless of the tech or code behind that protocol.
Private key hacks fall into two categories: brute-force attacks, where attackers guess or brute-force their way to a user’s private key. The second is the unknown method, in which the private key is leaked, but nobody is entirely sure how it happened.
These two methods account for roughly 40% of all crypto hack losses to date, underscoring that the majority of these exploits are not due to blockchain infrastructure but to vulnerabilities outside it.
Leave a Reply