Crypto Hacks 2024: Full List Of Scams, Exploits And Vulnerabilities Including Prism Finance & Mozaic Finance
Crypto Hacks 2024: Full List Of Scams, Exploits And Vulnerabilities
Key Takeaways
- Wallets and contracts risk exposure from user mistakes and flaws; enhancing security through updates and audits is crucial.
- Due to their extensive holdings, exchanges and DeFi platforms are prime targets for hackers; select reputable ones carefully.
- Beware of scammers mimicking real social media profiles; avoid phishing traps, especially from suspicious giveaways.
- Weak cyber defenses increase loss risks; use strong passwords and trusted security tools, and stay alert to threats.
The cryptocurrency space in 2024 is expected to grow and develop as an asset class, with the developments of spot ETFs in the first quarter of the year. Despite advancements in blockchain technology and increased security protocols, the crypto world is still a battleground for sophisticated cyber threats and exploits.
This article will provide a detailed and chronological list of all major security breaches and hacks in the cryptocurrency space in 2024.
2024’s Crypto Chronicles: A Turbulent Start With High-Stakes Hacks Unfolding
As 2024 kicks off, the crypto space witnesses a tumultuous start marred by significant hacks targeting major platforms. The shocking breach at Orbit Chain on January 2nd followed by Radiant Capital’s compromise on January 3rd set a concerning tone for the year ahead, highlighting the persistent vulnerabilities within the crypto sphere.
The cryptocurrency world had several terrifying security breaches in 2023, each with enormous financial repercussions. A number of notable breaches occurred in the past year, including the $200 million breach at Mixim in September, the $197 million loss at Euler Finance in March, and the $126 million loss at Multichain in July. The cumulative effect of these hacks highlighted the ongoing difficulties with cybersecurity in the cryptocurrency space.
The string of security breaches throughout 2023 and the initial months of 2024 underscore the critical necessity for heightened security measures and amplified awareness within the dynamic and evolving cryptocurrency industry.
| Organization | Status | Hack/Scam Date | Financial Damages |
|---|---|---|---|
| Prism Finance | Victim | March 28, 2024 | $10 Million |
| Mozaic Finance | Victim | March 15, 2024 | $2.5 Million |
| BitForex | Scammer | February 23, 2024 | $57 Million |
| PlayDapp | Victim | February 09, 2024 and February 12, 2024 | $290 Million |
| Abracadabra Finance | Victim | January 30, 2024 | $6.5 Million |
| Concentric.fi | Victim | January 22, 2024 | 1.8 Million |
| Socket.Tech | Victim | January 16, 2024 | $3.3 Million |
| Gamma Strategies | Victim | January 08,2024 | $3.4 Million |
| CoinsPaid | Victim | January 08, 2024 | $7.5 Million |
| Radiant Capital | Victim | January 03, 2024 | $4.5 Million |
| Orbit Chain | Victim | January 02, 2024 | $80 Million |
Prism finance ($10 Million)
Prisma Finance, a decentralized finance (DeFi) protocol, fell victim to an exploit, resulting in approximately $10 million worth of cryptocurrencies being siphoned off on March 28. The security breach was first identified by on-chain security alert provider Cyvers, which detected multiple suspicious transactions associated with Prisma Finance.
As the attack unfolded, Cyvers flagged around $9 million in losses, with an additional $1 million in fraudulent transactions swiftly following. Prisma Finance promptly announced a pause in its protocol operations to conduct a thorough investigation.
The incident underscores the ongoing vulnerability of DeFi platforms to security threats, with crypto hacks totaling over $200 million in losses in 2024 alone, according to blockchain security firm Immunefi.
Mozaic Finance ($2.5 Million)
On March 15, 2024, Mozaic Finance, a DeFi platform, faced a security breach resulting in a $2.4 million loss. The incident targeted the Arbitrum chain on Mozaic, a layer 2 scaling solution for Ethereum, via a compromised private key. The breach, identified by CertiK, involved unauthorized transactions exploiting the “bridgeViaLifi” contract.
Analysis traced the activity to an account initiating significant token transfers, leading to over $2 million in losses. Mozaic Finance promptly addressed the breach, transferring stolen funds to MEXC for potential recovery. Their proactive response underscores the importance of swift action and transparency in DeFi security incidents, setting a precedent for the industry.
BitForex ($57 Million)
BitForex, an online cryptocurrency exchange, vanished after withdrawing nearly $57 million from its hot wallets on February 23, 2024. Users were subsequently blocked from accessing their accounts, highlighting Hong Kong’s ongoing struggle with suspicious crypto entities.
Despite regulatory efforts, BitForex wasn’t listed among the 14 flagged platforms by the Securities & Futures Commission. The company, registered in Hong Kong since 2018, claims to be headquartered there while also registered in the Seychelles, with operational teams in several countries including Germany, Estonia, Singapore, Malaysia, and the Philippines.
PlayDapp ($290 Million)
Abracadabra Finance ($6.5 Million)
Abracadabra Finance, the platform responsible for the stablecoin Magic Internet Money (MIM), fell victim to a hack on January 30, 2024, resulting in a loss of approximately $6.5 million. Consequently, MIM experienced a deviation from its intended value.
CoinMarketCap data reveals that the stablecoin’s market capitalization, initially standing at $100 million, briefly plummeted to $0.76. However, swift actions by the project’s team helped restore the token’s price, leading to a rebound.
Blocksec, a security firm, disclosed that the attackers exploited a vulnerability in the project’s smart contract, exploiting a rounding issue that caused a “precision loss.” The firm’s analysis indicated that about $29 million in assets were still present in the affected contract as of January 30, 2024.
Concentric.fi ($1.8 Million)
Concentric.fi has experienced a “serious” security breach through a targeted social engineering attack. The attacker compromised a deployer wallet, which allowed them to exploit the protocol. Despite having audited vaults, the upgradability of these vaults made the protocol vulnerable. A thorough investigation, in collaboration with security researchers, to release a post-mortem report has begun.
A report from CertiK, a blockchain security platform, reveals that the attack has resulted in losses exceeding $1.8 million. CertiK notes that the wallet involved in the attack is associated with the wallet responsible for the exploit on the OKX decentralized exchange that occurred on December 13. This suggests a potential connection between the two incidents, indicating the possibility of the same individual or group behind both attacks.
The team stated on X that it plans to resolve the issue, mitigate losses and safeguard the community’s interests, apologizing for any inconvenience caused.
Socket.Tech ($3.3 Million)
Socket.Tech, was exploited on Jan. 16, impacting several Web3 applications. The attack focused on Bungee Exchange, a component of Socket Protocol bridging Ethereum and 12 EVM chains, resulting in a $3.3 million loss. The hacker exploited a flaw in SocketGateway, allowing unauthorized fund transfers from users who granted it unlimited access. PeckShield reported the theft, confirmed shortly after by Socket Tech.
Approximately 700 victims were affected, with the largest loss being $656,000 USDC. The attacker used privacy-focused exchange FixedFloat to exploit a system vulnerability in processing user data.
Gamma Strategies ($3.4 Million)
Gamma Strategies, a DeFi protocol, suffered a $3.4 million loss due to a vulnerability in its accounting mechanism. The exploited vulnerability involved the attacker withdrawing more that 1500 ETH by exploiting a high price change threshold in LST and stablecoin vaults. The Security firm PeckShield has since confirmed the incident.
The protocol has disabled deposits to all public DeFi vaults, maintaining active withdrawals for users. The inconsistency in deposit and withdrawal accounting mechanisms was identified as the root cause. Gamma Strategies operates on Ethereum.
CoinsPaid ($7.5 Million)
CoinsPaid, an Estonia-based digital asset processor, experienced a $7.5 million hack, its second in six months. The breach involved unauthorized withdrawals of Tether, Ether, USD Coin, and CPD tokens. The hacker exchanged CPD tokens for Ethereum and transferred them to various exchanges, with a total loss including over $1 million in BNB Coin.
The previous July hack, potentially linked to the Lazarus Group, involved sophisticated social engineering. Despite investigations and a police report, CoinsPaid has not commented on the recent breach. Security firm Cyvers has publicized the hacker’s digital address.
Radiant Capital ($4.5 Million)
Radiant Capital, a cross-chain lending platform, has suspended lending and borrowing on the Arbitrum network after its newly introduced USDC market suffered a flash loan attack. The attack, occurring seconds after the market’s launch, exploited the codebase, leading to a $4.5 million loss.
Blockchain security firms PeckShield and Beosin identified the vulnerability and the manipulation of the ‘index parameter’ as the cause. Radiant acknowledged the breach, assuring that no existing funds were at risk, and has postponed any further action until a full review is completed and the Arbitrum markets are reopened.
Orbit Chain ($80 Million)
South Korea’s Orbit Chain lost over $80 million due to a hack linked to compromised multisig signers. The breach involved various cryptocurrencies, including stablecoins, wrapped Bitcoin (WBTC), and Ether (ETH), which were transferred through mixers. This incident is part of a pattern of security issues for Ozys’ projects, including previous hacks on KlaySwap and Belt Finance.
The situation underscores the persistent risks in crypto security, particularly with multisig wallets and private key management, highlighting a need for improved safeguards and lessons from past breaches. As of yet, there is no information on whether the victims will receive stolen crypto.
FAQs
How can vulnerabilities in smart contracts lead to crypto hacks?
Smart contracts, if poorly coded or unaudited, may contain vulnerabilities or bugs that hackers can exploit to manipulate contract functionalities, leading to unauthorized access or alterations, potentially causing loss of funds stored within the contract.
What risks are associated with crypto exchanges about hacks and fraudulent activities?
Crypto exchanges can be targeted for hacks due to their vast amounts of assets, vulnerabilities, inadequate security measures, or internal malpractices that may lead to unauthorized withdrawals, data breaches, or other exploitations.
How can users protect their crypto wallets from fraudulent activities and hacks?
Users can secure crypto wallets by using hardware wallets for significant amounts, employing solid and unique passwords, enabling two-factor authentication, and being vigilant against phishing attempts and malicious software.
In what ways can DeFi platforms be susceptible to fraudulent behavior and hacks?
DeFi platforms can be susceptible to attacks like flash loan attacks, front-running, and exploits due to smart contract vulnerabilities, which can be orchestrated to drain funds or manipulate market conditions, highlighting the need for thorough platform assessment and cautious investment.
