Key Facts

• The cryptocurrency industry has lost approximately $16.69 billion to hacks, with about 40% of these losses, or around $6.676 billion, tied to stolen private keys rather than flaws in blockchains or smart contracts.
• Security experts, including CertiK, a leading blockchain and Web3 security firm, have noted that most losses stem from key-management and operational failures in systems, people, and third-party tools, rather than from broken cryptography.
• Private key hacks fall into two categories: brute-force attacks, where attackers guess or brute-force their way to a user's private key, and unknown methods, where the private key is leaked, but the exact method is unclear.
• The industry is moving towards fixing the private key vulnerability issue through the implementation of multi-party computation (MPC) wallets, account abstraction with social recovery, passkey-based login, hardware wallet enforcement, and proper key management SOPs.
• Wish Wu, co-founder and CEO of Pharos, notes that most blockchain infrastructure was originally built for a single-user, single-key model, which goes against basic security principles that traditional finance has relied on for decades, such as multiple layers of defense and separation of duties.