Top 10 Crypto Hacks in 2024

On May 31, 2024, DMM Bitcoin, one of Japan’s prominent cryptocurrency exchanges, experienced a devastating security breach, losing $304.5 million, including approximately 4502.9 BTC. The attack was executed through the unauthorized exposure of DMM’s private key, which enabled the hacker to create a wallet address almost identical to DMM’s official management address.

By altering just a few characters at the start and end, the attacker’s wallet address visually mimicked the legitimate one. When DMM’s internal system conducted routine checks, operators mistook the malicious wallet for the official one, approving large transfers without detecting the slight discrepancy.

The breach exposed the critical risks associated with single-key reliance, highlighting how even minor lapses in wallet address verification can lead to colossal losses.

Source

How to Mitigate?

Post-hack, DMM Bitcoin raised over $320 million to compensate affected users and rebuild trust. To prevent similar incidents, DMM has since implemented stringent multi-signature (multisig) protocols, reducing dependency on any single private key for fund authorization.

Additionally, they’ve incorporated layered transaction authorization processes, where high-value transactions now undergo multiple checks across different signatories, ensuring any anomalous requests trigger verification protocols before approvals are finalized.

On July 18, 2024, WazirX, a well-known cryptocurrency exchange, experienced one of the most elaborate security breaches to date, resulting in a $231 million loss. The attackers gained control of WazirX’s multisig wallet by compromising the signatory verification system.

The breach involved three signatories from WazirX and one from Liminal, the exchange’s custody partner. Using a combination of phishing and sophisticated social engineering, the hackers tricked the signatories into entering approvals on a cloned interface that appeared identical to Liminal’s actual UI.

With these approvals, the attackers were able to upgrade the wallet’s smart contract to a malicious version that gave them unrestricted control. This malicious upgrade allowed the attackers to authorize withdrawals undetected, gradually siphoning funds from WazirX’s holdings until the loss was too substantial to ignore.

Source

How To Mitigate?

In response, WazirX has emphasized increased transparency in its recovery efforts, while Liminal clarified that their core infrastructure remained uncompromised. This attack underscores the need for regular multisig monitoring and anti-phishing training to strengthen employee awareness.

Security audits by firms like QuillAudits can also preemptively analyze multisig setups for vulnerabilities and offer reinforced protection against phishing and impersonation techniques, vital for securing high-value assets.

In early January 2024, Ripple co-founder Chris Larsen reported that his personal wallet had been hacked, resulting in the theft of $112.5 million in XRP.

Blockchain analysis led by security researcher ZachXBT traced the stolen assets across multiple exchanges, including MEXC, Gate.io, Binance, Kraken, and OKX, suggesting a sophisticated laundering operation by the attackers. Given the scale and method, it’s speculated that the hack was facilitated by either social engineering tactics or malware that accessed Larsen’s private keys.

This breach serves as a reminder of the risks high-profile individuals face and the specific targeting strategies hackers employ. Attackers might have utilized phishing schemes, spyware, or other malware specifically designed to identify and access wallet credentials.

Source

How To Mitigate?

To prevent similar incidents, individuals with substantial holdings are advised to store assets in cold (offline) hardware wallets, making unauthorized remote access nearly impossible.

Multi-factor authentication (MFA) on all critical accounts and regular private key security audits, perhaps conducted by firms like QuillAudits, are essential in preempting vulnerabilities.

Education on detecting social engineering and spear-phishing tactics should be emphasized, particularly for high-net-worth individuals.

In March 2024, the Blast Layer-2-based project Munchables suffered a $62.8 million exploit, allegedly orchestrated by a rogue developer with ties to North Korea’s Lazarus Group.

The developer, who had coded in backdoors during the contract development, manipulated these hidden vulnerabilities to grant themselves unauthorized access. By exploiting the backdoor, the developer issued themselves a staggering balance of 1 million ETH, allowing them to drain project funds with ease.

This incident highlights the risks that come from relying on unchecked developer access, especially in projects where code undergoes limited or superficial review. When a developer can introduce and conceal unauthorized functions or backdoors, the project’s security is at grave risk, underscoring the importance of thorough, third-party auditing practices.

How To Mitigate?

To counter such insider threats, projects should implement exhaustive background checks on developers and enforce strict role-based access restrictions.

Additionally, independent audits by security firms like QuillAudits are vital, ensuring that smart contracts are carefully examined for concealed functions or backdoors.

Projects can also incorporate multisig systems, requiring multiple approvals for significant code changes, thereby reducing the risk posed by a single developer’s unauthorized actions.

Radiant Capital, a prominent DeFi project, experienced a $58 million security breach across both the Arbitrum and Binance Smart Chain networks. The attack was executed by gaining control over 3 of 11 multisig signers—enough to enable the attacker to upgrade the protocol’s contract and drain funds from the treasury.

The attacker strategically compromised three multisig signers, leveraging this majority to transfer ownership and upgrade Radiant’s smart contract. With the upgraded contract in place, they siphoned funds from Radiant Capital’s treasury without setting off immediate security alarms.

This incident underscores both the vulnerabilities of multisig setups and the complex risks associated with cross-chain projects.

How To Mitigate?

Radiant Capital quickly revoked the attackers' access and is implementing stricter multisig requirements and third-party monitoring tools to detect unauthorized activity early.

Long-term preventive measures include adopting cross-chain security audits and increasing the threshold for multisig approvals in high-value transactions.

In February 2024, Hong Kong-based crypto exchange BitForex allegedly conducted an exit scam, withdrawing $56.5 million in crypto assets from its wallets before going offline.

BitForex was already facing scrutiny for operating without a license in Japan and was accused of artificially inflating trading volumes. As regulatory pressure mounted, CEO Jason Luo departed in January 2024. Shortly after, on-chain analysts like ZachXBT noticed significant outflows from the exchange, triggering alarms. By February 21, BitForex’s social media went silent, and the platform became inaccessible, showing only a Cloudflare DDoS protection message.

How To Mitigate?

This incident highlights the need for transparency and independent custodial audits for exchanges to prevent potential exit scams.

For users, keeping assets on exchanges with strong regulatory and audit practices can reduce risks, and community awareness of these warning signs is crucial.

In June 2024, Turkish crypto exchange BtcTurk suffered a breach, resulting in a $55 million loss. The attack targeted the exchange’s hot wallets while leaving cold wallets untouched.

Ten hot wallets were compromised, potentially due to private key leakage, allowing attackers to drain cryptocurrency assets. The incident caused volatility, particularly affecting Luna Classic’s price when attackers sold a large volume on open markets.

After the breach, BtcTurk froze deposits and withdrawals temporarily to assess the damage, and Binance froze around 10% of the stolen assets.

How To Mitigate?

BtcTurk has tightened hot wallet protocols, implementing enhanced key management and isolating hot wallets with lower value limits.

Partnering with Binance for investigation emphasizes the value of exchange collaboration in fund recovery.

On September 19, 2024, BingX, a global centralized exchange, suffered a significant hack, losing $48.4 million from its hot wallets. Attackers skillfully moved stolen funds across chains to hinder tracing efforts.

The breach started when BingX detected unusual access to its network early in the morning. Hackers accessed multiple BingX wallets and rapidly transferred funds across Ethereum, BNB Chain, and Polygon, converting assets into ETH and BNB for easy liquidation.

Hot wallet vulnerability allowed attackers to gain unauthorized access, a common risk for internet-connected wallets. Despite BingX’s majority cold wallet storage, this breach highlights the need for robust hot wallet protection and enhanced monitoring of cross-chain activities.

How To Mitigate?

Enhancing hot wallet security by reducing holdings and implementing continuous monitoring is one way.

They are now prioritizing layered security measures and preparing contingency protocols to prevent future breaches.

In April 2024, DeFi project Hedgey Finance suffered a $44.7 million exploit involving a flash loan. The attacker used a vulnerability in the createLockedCampaign function within Hedgey’s smart contracts on both Ethereum and Arbitrum.

The exploit leveraged improper input validation in a key function, createLockedCampaign, which did not properly validate the claimLockup parameter. The attacker used flash loans to create an invalid lockup campaign, then canceled it to release the locked funds, extracting them with unauthorized approvals. This manipulation allowed for draining tokens like USDC and NOBL.

How To Mitigate?

Hedgey Finance responded by conducting a post-mortem audit and implementing stricter input validation in their contract functions. They also plan to collaborate with audit firms to review all contract code rigorously.

In mid-2024, ZKasino faced a $33 million loss through a multi-chain vulnerability exploit. Attackers exploited a bug within a cross-chain bridge, which allowed them to mint duplicate assets across multiple blockchains.

Repeating transactions inflated their asset holdings, enabling them to withdraw significant excess funds.

How To Mitigate?

Cross-chain bridges are particularly vulnerable and require robust security implementations, including verification methods that prevent asset duplication across chains.

Routine audits by security specialists like QuillAudits are vital for identifying multi-chain vulnerabilities, safeguarding platform assets from similar exploits.

The crypto space in 2024 has been a stark reminder of both the potential and the perils of digital finance. This year’s hacks, from centralized exchanges to high-profile wallets and rogue developers, underscore a crucial reality: no asset or platform is immune to threats. While the losses have been staggering, each incident offers valuable insights for strengthening security.

For users, it’s essential to adopt best practices, such as cold wallet storage, multi-factor authentication, and conducting transactions on reputable, well-audited platforms. For platforms, reinforcing multisig protocols, monitoring transaction anomalies, and conducting regular audits can serve as strong preventive measures.

Security isn’t a one-time action but an ongoing process that requires vigilance, adaptability, and a commitment to protecting user assets. Only with these safeguards can we hope to foster a more secure and resilient ecosystem for the future of decentralized finance.