The cryptocurrency space in 2024 is expected to grow and develop as an asset class, with the developments of spot ETFs in the first quarter of the year. Despite advancements in blockchain technology and increased security protocols, the crypto world is still a battleground for sophisticated cyber threats and exploits.
This article will provide a detailed and chronological list of all major security breaches and hacks in the cryptocurrency space in 2024.
As 2024 kicks off, the crypto space witnesses a tumultuous start marred by significant hacks targeting major platforms. The shocking breach at Orbit Chain on January 2nd followed by Radiant Capital’s compromise on January 3rd set a concerning tone for the year ahead, highlighting the persistent vulnerabilities within the crypto sphere.
The cryptocurrency world had several terrifying security breaches in 2023, each with enormous financial repercussions. A number of notable breaches occurred in the past year, including the $200 million breach at Mixim in September, the $197 million loss at Euler Finance in March, and the $126 million loss at Multichain in July. The cumulative effect of these hacks highlighted the ongoing difficulties with cybersecurity in the cryptocurrency space.
The string of security breaches throughout 2023 and the initial months of 2024 underscore the critical necessity for heightened security measures and amplified awareness within the dynamic and evolving cryptocurrency industry.
|February 09 and 12, 2024
|January 30, 2024
|January 22, 2024
|January 16, 2024
|January 08, 2024
|January 03, 2024
|January 02, 2024
Abracadabra Finance, the platform responsible for the stablecoin Magic Internet Money (MIM), fell victim to a hack on January 30, 2024, resulting in a loss of approximately $6.5 million. Consequently, MIM experienced a deviation from its intended value.
CoinMarketCap data reveals that the stablecoin’s market capitalization, initially standing at $100 million, briefly plummeted to $0.76. However, swift actions by the project’s team helped restore the token’s price, leading to a rebound.
Blocksec, a security firm, disclosed that the attackers exploited a vulnerability in the project’s smart contract, exploiting a rounding issue that caused a “precision loss.” The firm’s analysis indicated that about $29 million in assets were still present in the affected contract as of January 30, 2024.
Concentric.fi has experienced a “serious” security breach through a targeted social engineering attack. The attacker compromised a deployer wallet, which allowed them to exploit the protocol. Despite having audited vaults, the upgradability of these vaults made the protocol vulnerable. A thorough investigation, in collaboration with security researchers, to release a post-mortem report has begun.
A report from CertiK, a blockchain security platform, reveals that the attack has resulted in losses exceeding $1.8 million. CertiK notes that the wallet involved in the attack is associated with the wallet responsible for the exploit on the OKX decentralized exchange that occurred on December 13. This suggests a potential connection between the two incidents, indicating the possibility of the same individual or group behind both attacks.
The team stated on X that it plans to resolve the issue, mitigate losses and safeguard the community’s interests, apologizing for any inconvenience caused.
Socket.Tech, was exploited on Jan. 16, impacting several Web3 applications. The attack focused on Bungee Exchange, a component of Socket Protocol bridging Ethereum and 12 EVM chains, resulting in a $3.3 million loss. The hacker exploited a flaw in SocketGateway, allowing unauthorized fund transfers from users who granted it unlimited access. PeckShield reported the theft, confirmed shortly after by Socket Tech.
Approximately 700 victims were affected, with the largest loss being $656,000 USDC. The attacker used privacy-focused exchange FixedFloat to exploit a system vulnerability in processing user data.
Gamma Strategies, a DeFi protocol, suffered a $3.4 million loss due to a vulnerability in its accounting mechanism. The exploited vulnerability involved the attacker withdrawing more that 1500 ETH by exploiting a high price change threshold in LST and stablecoin vaults. The Security firm PeckShield has since confirmed the incident.
The protocol has disabled deposits to all public DeFi vaults, maintaining active withdrawals for users. The inconsistency in deposit and withdrawal accounting mechanisms was identified as the root cause. Gamma Strategies operates on Ethereum.
CoinsPaid, an Estonia-based digital asset processor, experienced a $7.5 million hack, its second in six months. The breach involved unauthorized withdrawals of Tether, Ether, USD Coin, and CPD tokens. The hacker exchanged CPD tokens for Ethereum and transferred them to various exchanges, with a total loss including over $1 million in BNB Coin.
The previous July hack, potentially linked to the Lazarus Group, involved sophisticated social engineering. Despite investigations and a police report, CoinsPaid has not commented on the recent breach. Security firm Cyvers has publicized the hacker’s digital address.
Radiant Capital, a cross-chain lending platform, has suspended lending and borrowing on the Arbitrum network after its newly introduced USDC market suffered a flash loan attack. The attack, occurring seconds after the market’s launch, exploited the codebase, leading to a $4.5 million loss.
Blockchain security firms PeckShield and Beosin identified the vulnerability and the manipulation of the ‘index parameter’ as the cause. Radiant acknowledged the breach, assuring that no existing funds were at risk, and has postponed any further action until a full review is completed and the Arbitrum markets are reopened.
South Korea’s Orbit Chain lost over $80 million due to a hack linked to compromised multisig signers. The breach involved various cryptocurrencies, including stablecoins, wrapped Bitcoin (WBTC), and Ether (ETH), which were transferred through mixers. This incident is part of a pattern of security issues for Ozys’ projects, including previous hacks on KlaySwap and Belt Finance.
The situation underscores the persistent risks in crypto security, particularly with multisig wallets and private key management, highlighting a need for improved safeguards and lessons from past breaches. As of yet, there is no information on whether the victims will receive stolen crypto.
Social media platforms are often exploited by scammers impersonating legitimate crypto entities or influencers to promote fraudulent schemes, phishing attacks, or misinformation, intending to deceive users into revealing sensitive information or transferring assets.
Smart contracts, if poorly coded or unaudited, may contain vulnerabilities or bugs that hackers can exploit to manipulate contract functionalities, leading to unauthorized access or alterations, potentially causing loss of funds stored within the contract.
Crypto exchanges can be targeted for hacks due to their vast amounts of assets, vulnerabilities, inadequate security measures, or internal malpractices that may lead to unauthorized withdrawals, data breaches, or other exploitations.
Users can secure crypto wallets by using hardware wallets for significant amounts, employing solid and unique passwords, enabling two-factor authentication, and being vigilant against phishing attempts and malicious software.
DeFi platforms can be susceptible to attacks like flash loan attacks, front-running, and exploits due to smart contract vulnerabilities, which can be orchestrated to drain funds or manipulate market conditions, highlighting the need for thorough platform assessment and cautious investment.