Home / Crypto Education / Security / Crypto Hacks 2024: Full List Of Scams, Exploits And Vulnerabilities Including PlayDapp And Radiant Capital
Security
7 min read
easy

Crypto Hacks 2024: Full List Of Scams, Exploits And Vulnerabilities Including PlayDapp And Radiant Capital

Last Updated 9 hours ago
Andrew Kamsky
Last Updated 9 hours ago

Key Takeaways

  • Wallets and contracts risk exposure from user mistakes and flaws; enhancing security through updates and audits is crucial.
  • Due to their extensive holdings, exchanges and DeFi platforms are prime targets for hackers; select reputable ones carefully.
  • Beware of scammers mimicking real social media profiles; avoid phishing traps, especially from suspicious giveaways.
  • Weak cyber defenses increase loss risks; use strong passwords and trusted security tools, and stay alert to threats.

The cryptocurrency space in 2024 is expected to grow and develop as an asset class, with the developments of spot ETFs in the first quarter of the year. Despite advancements in blockchain technology and increased security protocols, the crypto world is still a battleground for sophisticated cyber threats and exploits. 

This article will provide a detailed and chronological list of all major security breaches and hacks in the cryptocurrency space in 2024. 

2024’s Crypto Chronicles: A Turbulent Start With High-Stakes Hacks Unfolding

As 2024 kicks off, the crypto space witnesses a tumultuous start marred by significant hacks targeting major platforms. The shocking breach at Orbit Chain on January 2nd followed by Radiant Capital’s compromise on January 3rd set a concerning tone for the year ahead, highlighting the persistent vulnerabilities within the crypto sphere.

The cryptocurrency world had several terrifying security breaches in 2023, each with enormous financial repercussions. A number of notable breaches occurred in the past year, including the $200 million breach at Mixim in September, the $197 million loss at Euler Finance in March, and the $126 million loss at Multichain in July. The cumulative effect of these hacks highlighted the ongoing difficulties with cybersecurity in the cryptocurrency space.

The string of security breaches throughout 2023 and the initial months of 2024 underscore the critical necessity for heightened security measures and amplified awareness within the dynamic and evolving cryptocurrency industry.

Target Hack Date Estimated Loss
PlayDapp February 09 and 12, 2024  $290 Million
Abracadabra Finance January 30, 2024 $6.5 Million
Concentric.fi January 22, 2024 1.8 Million
Socket.Tech January 16, 2024 $3.3 Million
Gamma Strategies January 08,2024 $3.4 Million
CoinsPaid January 08, 2024 $7.5 Million
Radiant Capital January 03, 2024 $4.5 Million
Orbit Chain January 02, 2024 $80 Million

PlayDapp ($290 Million)

On February 9 and February 12, the crypto gaming and NFT platform PlayDapp experienced exploits, resulting in the minting of 1.79 billion PLA tokens valued at over $290 million. According to blockchain analytics firm Elliptic, the hacker began laundering the funds following the exploits.

In response, PlayDapp attempted to negotiate with the hacker through an on-chain transaction, offering a $1 million white hat reward for the return of the stolen funds by February 13. However, negotiations were unsuccessful as the hacker showed no willingness to cooperate. Consequently, PlayDapp announced  the pausing of the PLA smart contract on February 13.

Abracadabra Finance ($6.5 Million)

Abracadabra Finance, the platform responsible for the stablecoin Magic Internet Money (MIM), fell victim to a hack on January 30, 2024, resulting in a loss of approximately $6.5 million. Consequently, MIM experienced a deviation from its intended value.

CoinMarketCap data reveals that the stablecoin’s market capitalization, initially standing at $100 million, briefly plummeted to $0.76. However, swift actions by the project’s team helped restore the token’s price, leading to a rebound.

Blocksec, a security firm, disclosed that the attackers exploited a vulnerability in the project’s smart contract, exploiting a rounding issue that caused a “precision loss.” The firm’s analysis indicated that about $29 million in assets were still present in the affected contract as of January 30, 2024.

Concentric.fi  ($1.8 Million)

Concentric.fi has experienced a “serious” security breach through a targeted social engineering attack. The attacker compromised a deployer wallet, which allowed them to exploit the protocol. Despite having audited vaults, the upgradability of these vaults made the protocol vulnerable. A thorough investigation, in collaboration with security researchers, to release a post-mortem report has begun. 

A report from CertiK, a blockchain security platform, reveals that the attack has resulted in losses exceeding $1.8 million. CertiK notes that the wallet involved in the attack is associated with the wallet responsible for the exploit on the OKX decentralized exchange that occurred on December 13. This suggests a potential connection between the two incidents, indicating the possibility of the same individual or group behind both attacks.

The team stated on X that it plans to resolve the issue, mitigate losses and safeguard the community’s interests, apologizing for any inconvenience caused.

Socket.Tech ($3.3 Million)

Socket.Tech, was exploited on Jan. 16, impacting several Web3 applications. The attack focused on Bungee Exchange, a component of Socket Protocol bridging Ethereum and 12 EVM chains, resulting in a $3.3 million loss. The hacker exploited a flaw in SocketGateway, allowing unauthorized fund transfers from users who granted it unlimited access. PeckShield reported the theft, confirmed shortly after by Socket Tech. 

Approximately 700 victims were affected, with the largest loss being $656,000 USDC. The attacker used privacy-focused exchange FixedFloat to exploit a system vulnerability in processing user data. 

Gamma Strategies ($3.4 Million)

Gamma Strategies, a DeFi protocol, suffered a $3.4 million loss due to a vulnerability in its accounting mechanism. The exploited vulnerability involved the attacker withdrawing more that 1500 ETH by exploiting a high price change threshold in LST and stablecoin vaults. The Security firm PeckShield has since confirmed the incident.

The protocol has disabled deposits to all public DeFi vaults, maintaining active withdrawals for users. The inconsistency in deposit and withdrawal accounting mechanisms was identified as the root cause. Gamma Strategies operates on Ethereum.

CoinsPaid ($7.5 Million)

CoinsPaid, an Estonia-based digital asset processor, experienced a $7.5 million hack, its second in six months. The breach involved unauthorized withdrawals of Tether, Ether, USD Coin, and CPD tokens. The hacker exchanged CPD tokens for Ethereum and transferred them to various exchanges, with a total loss including over $1 million in BNB Coin. 

The previous July hack, potentially linked to the Lazarus Group, involved sophisticated social engineering. Despite investigations and a police report, CoinsPaid has not commented on the recent breach. Security firm Cyvers has publicized the hacker’s digital address.

Radiant Capital ($4.5 Million)

Radiant Capital, a cross-chain lending platform, has suspended lending and borrowing on the Arbitrum network after its newly introduced USDC market suffered a flash loan attack. The attack, occurring seconds after the market’s launch, exploited the codebase, leading to a $4.5 million loss. 

Blockchain security firms PeckShield and Beosin identified the vulnerability and the manipulation of the ‘index parameter’ as the cause. Radiant acknowledged the breach, assuring that no existing funds were at risk, and has postponed any further action until a full review is completed and the Arbitrum markets are reopened.

Orbit Chain ($80 Million)

South Korea’s Orbit Chain lost over $80 million due to a hack linked to compromised multisig signers. The breach involved various cryptocurrencies, including stablecoins, wrapped Bitcoin (WBTC), and Ether (ETH), which were transferred through mixers. This incident is part of a pattern of security issues for Ozys’ projects, including previous hacks on KlaySwap and Belt Finance. 

The situation underscores the persistent risks in crypto security, particularly with multisig wallets and private key management, highlighting a need for improved safeguards and lessons from past breaches. As of yet, there is no information on whether the victims will receive stolen crypto.

FAQs

How are social media platforms used for crypto-related fraudulent activities?

Social media platforms are often exploited by scammers impersonating legitimate crypto entities or influencers to promote fraudulent schemes, phishing attacks, or misinformation, intending to deceive users into revealing sensitive information or transferring assets.

How can vulnerabilities in smart contracts lead to crypto hacks?

Smart contracts, if poorly coded or unaudited, may contain vulnerabilities or bugs that hackers can exploit to manipulate contract functionalities, leading to unauthorized access or alterations, potentially causing loss of funds stored within the contract.

What risks are associated with crypto exchanges about hacks and fraudulent activities?

Crypto exchanges can be targeted for hacks due to their vast amounts of assets, vulnerabilities, inadequate security measures, or internal malpractices that may lead to unauthorized withdrawals, data breaches, or other exploitations.

How can users protect their crypto wallets from fraudulent activities and hacks?

Users can secure crypto wallets by using hardware wallets for significant amounts, employing solid and unique passwords, enabling two-factor authentication, and being vigilant against phishing attempts and malicious software.

In what ways can DeFi platforms be susceptible to fraudulent behavior and hacks?

DeFi platforms can be susceptible to attacks like flash loan attacks, front-running, and exploits due to smart contract vulnerabilities, which can be orchestrated to drain funds or manipulate market conditions, highlighting the need for thorough platform assessment and cautious investment.

Was this Article helpful? Yes No