Home / Education / Crypto / Security / Crypto Hacks 2024: Full List Of Scams, Exploits And Vulnerabilities Including Bittensor Blockchain & Kraken
Security
14 min read
easy

Crypto Hacks 2024: Full List Of Scams, Exploits And Vulnerabilities Including Bittensor Blockchain & Kraken

Last Updated July 3, 2024 2:05 PM
Andrew Kamsky
Last Updated July 3, 2024 2:05 PM

Key Takeaways

  • Wallets and contracts risk exposure from user mistakes and flaws; enhancing security through updates and audits is crucial.
  • Due to their extensive holdings, exchanges and DeFi platforms are prime targets for hackers; select reputable ones carefully.
  • Beware of scammers mimicking real social media profiles; avoid phishing traps, especially from suspicious giveaways.
  • Weak cyber defenses increase loss risks; use strong passwords and trusted security tools, and stay alert to threats.

The cryptocurrency space in 2024 is expected to grow and develop as an asset class, with the developments of spot ETFs in the first quarter of the year. Despite advancements in blockchain technology and increased security protocols, the crypto world is still a battleground for sophisticated cyber threats and exploits. 

This article will provide a detailed and chronological list of all major security breaches and hacks in the cryptocurrency space in 2024. 

2024’s Crypto Chronicles: A Turbulent Start With High-Stakes Hacks Unfolding

As 2024 kicks off, the crypto space witnesses a tumultuous start marred by significant hacks targeting major platforms. The shocking breach at Orbit Chain on January 2nd followed by Radiant Capital’s compromise on January 3rd set a concerning tone for the year ahead, highlighting the persistent vulnerabilities within the crypto sphere.

The cryptocurrency world had several terrifying security breaches in 2023, each with enormous financial repercussions. A number of notable breaches occurred in the past year, including the $200 million breach at Mixim in September, the $197 million loss at Euler Finance in March, and the $126 million loss at Multichain in July. The cumulative effect of these hacks highlighted the ongoing difficulties with cybersecurity in the cryptocurrency space.

The string of security breaches throughout 2023 and the initial months of 2024 underscore the critical necessity for heightened security measures and amplified awareness within the dynamic and evolving cryptocurrency industry.

Organization Status Hack/Scam Date Financial Damages
Bittensor Blockchain Vitim July 3rd, 2024 $ 8 Million TAO Tokens
Kraken Victim June 19, 2024 $3 Million
Uwu Lend Victim June 10, 2024, June 13, 2024 $19.3 Million, $3.5 Million
Based Doge (BOGE) Victim May 27, 2024 $16,926 (91.4 M BOGE)
NORMIE Victim May 26, 2024 $881,686
Pump.fun Victim May 17,2024 $1.9 Million
BlockTower Capital Victim May 15, 2024 Undisclosed
Gnus.AI Discord Hack Victim May 5, 2024 $1.27 Million
Prism Finance Victim March 28, 2024 $10 Million
Mozaic Finance Victim March 15, 2024 $2.5 Million
BitForex Scammer February 23, 2024 $57 Million
PlayDapp Victim February 09, 2024 and February 12, 2024 $290 Million
Abracadabra Finance Victim January 30, 2024 $6.5 Million
Concentric.fi Victim January 22, 2024 1.8 Million
Socket.Tech Victim January 16, 2024 $3.3 Million
Gamma Strategies Victim January 08,2024 $3.4 Million
CoinsPaid Victim January 08, 2024 $7.5 Million
Radiant Capital Victim January 03, 2024 $4.5 Million
Orbit Chain Victim January 02, 2024 $80 Million

Bittensor Blockchain ($8 Million TAO Tokens)

On July 3rd, Bittensor blockchain experienced a security breach, resulting in the theft of $8 million worth of TAO tokens from user wallets. The breach, suspected to be due to leaked private keys, led to a 15% decline in the TAO token price. In response, the decentralized AI project TAO of Bittensor has paused its blockchain operations. 

On-chain analyst ZachXBT highlighted that approximately 32,000 TAO tokens were stolen, causing the token’s price to drop from $281 to $234. The final block on Bittensor’s Explorer was recorded about three hours before the network was shut down.

Kraken ($3 Million)

Kraken’s security was compromised when a self-proclaimed security researcher exploited a zero-day vulnerability, absconding with $3 million worth of cryptocurrency and refusing to return the funds. Chief Security Officer Nick Percoco disclosed the incident on June 9, revealing the discovery of a critical bug that allowed unauthorized inflation of account balances. 

The vulnerability stemmed from a recent user interface update, enabling transactions to proceed before assets were fully cleared. Despite Kraken’s prompt investigation and mitigation efforts, the exploit occurred, prompting the exchange to accuse the individuals involved of extortion rather than legitimate security research.

Uwu Lend ($19.3 Million, $3.5 Million)

UwU Lend, a lending and liquidity protocol, experienced an exploit totaling $19.3 million, confirmed by blockchain security firms such as Arkham. On-chain data revealed that a single wallet managed to siphon various tokens, including wrapped ether (WETH), wrapped bitcoin (WBTC), and stablecoins, subsequently trading the majority on Uniswap.

The initial exploit on June 10 was due to price manipulation, where flash loans were used to manipulate token prices, enabling the attacker to borrow and steal tokens, eventually converting them into ETH.

Following this, on June 13, UwU Lend suffered another exploit, compounding its losses. Details on the second attack were not fully disclosed, but it further underscored weaknesses in the protocol’s security. Blockchain security firms like Arkham confirmed the extent of the losses, highlighting the ongoing challenges faced by decentralized finance platforms in maintaining robust security measures.

BOGE ($16,926)

On May 27, memecoin protocol Based Doge (BOGE) on the Base network was exploited, mirroring the previous day’s Normie attack. The BOGE team announced the hack on X, confirming the exploitation of a similar vulnerability. The attack method involved exploiting a smart contract vulnerability to mint new tokens.

Following the breach, the team plans to take a snapshot of current token balances and relaunch the project to compensate victims. The hacker transferred approximately 91.4 million BOGE into their account and exchanged  them for around 4.47 ETH, significantly devaluing BOGE from $0.002983 to $0.000072, causing a market cap loss of over $2.8 million. 

NORMIE ($881,686)

The Base memecoin Normie (NORMIE) experienced a $41.7 million market cap drop in under three hours due to a smart contract exploit . The hacker offered to return 90% of the stolen funds if Normie launched a new token to reimburse holders, using both the recovered and their $2.3 million dev wallet funds. 

Despite accepting the deal, Normie’s token value plummeted by 96%. The hacker insisted on a re-launch before returning the funds. The Normie team’s main communication channels faced suspensions, delaying further updates. The breach affected 72,000 holders, leading to significant market fluctuations.

Pump.fun ($1.9 Million) 

Pump.fun, a Solana-based memecoin launchpad, experienced an exploit that led to the misappropriation of approximately $1.9 million worth of SOL on Thursday. The breach was perpetrated by a former employee who gained unauthorized access to Pump.fun’s admin privileges. The attacker used flash loans on a Solana lending protocol to buy out memecoins, affecting $1.9 million out of $45 million in liquidity within the bonding curve contracts.

The platform promptly paused trading and upgraded its contracts to prevent further damage. To compensate affected users, Pump.fun announced plans to replenish the liquidity pools with an equal or greater amount of SOL and set trading fees to 0% for the next seven days.

The exploiter, identified as “Stacc” on X, admitted to the act and criticized Pump.fun’s management. 

BlockTower Capital (Undisclosed) 

BlockTower Capital, a prominent crypto investment firm, experienced a significant security breach, leading to the partial draining of its main hedge fund, as reported by Bloomberg. The exact amount of the stolen funds remains undisclosed and the attacker has not been apprehended.

The firm has engaged blockchain forensics experts to investigate the incident. BlockTower did not provide further comments on the situation. This incident follows a previous loss of $1.55 million in TrueFi tokens in February 2023 due to an exploit.

Founded in 2017, BlockTower has invested in notable crypto and web3 firms such as Dapper Labs, Sky Mavis, and Aptos Labs. Despite the breach, the firm continues to be a significant player in the crypto investment landscape.

Gnus.AI Discord Hack ($1.27 Million)

The Gnus.AI AI network faced a significant setback, losing around $1.27 million due to a token-minting exploit on May 5. To address this, the team plans to issue a new version of the Genius (GNUS) token, advising users against purchasing the old one. 

CertiK revealed that the attacker obtained the team’s private key starting with 0x18, then exploited Ethereum’s salt data to create fake GNUS tokens on the Fantom network, which were later sold. SuperGenius aims to partially compensate for losses by injecting $1 million, covering 80% of the estimated $1.25 million loss.

Prism finance ($10 Million)

Prisma Finance, a decentralized finance (DeFi) protocol, fell victim to an exploit, resulting in approximately $10 million worth of cryptocurrencies being siphoned off on March 28. The security breach was first identified by on-chain security alert provider Cyvers, which detected multiple suspicious transactions associated with Prisma Finance. 

As the attack unfolded, Cyvers flagged around $9 million in losses, with an additional $1 million in fraudulent transactions swiftly following. Prisma Finance promptly announced a pause in its protocol operations to conduct a thorough investigation. 

The incident underscores the ongoing vulnerability of DeFi platforms to security threats, with crypto hacks totaling over $200 million in losses in 2024 alone, according to blockchain security firm Immunefi.

Mozaic Finance ($2.5 Million)

On March 15, 2024, Mozaic Finance, a DeFi platform, faced a security breach resulting in a $2.4 million loss. The incident targeted the Arbitrum chain on Mozaic, a layer 2 scaling solution for Ethereum, via a compromised private key. The breach, identified by CertiK, involved unauthorized transactions exploiting the “bridgeViaLifi” contract. 

Analysis traced the activity to an account initiating significant token transfers, leading to over $2 million in losses. Mozaic Finance promptly addressed the breach, transferring stolen funds to MEXC for potential recovery. Their proactive response underscores the importance of swift action and transparency in DeFi security incidents, setting a precedent for the industry.

BitForex ($57 Million)

BitForex, an online cryptocurrency exchange, vanished after withdrawing nearly $57 million from its hot wallets on February 23, 2024. Users were subsequently blocked from accessing their accounts, highlighting Hong Kong’s ongoing struggle with suspicious crypto entities.

Despite regulatory efforts, BitForex wasn’t listed among the 14 flagged platforms by the Securities & Futures Commission. The company, registered in Hong Kong since 2018, claims to be headquartered there while also registered in the Seychelles, with operational teams in several countries including Germany, Estonia, Singapore, Malaysia, and the Philippines.

PlayDapp ($290 Million)

On February 9 and February 12, the crypto gaming and NFT platform PlayDapp experienced exploits, resulting in the minting of 1.79 billion PLA tokens valued at over $290 million. According to blockchain analytics firm Elliptic, the hacker began laundering the funds following the exploits.

In response, PlayDapp attempted to negotiate with the hacker through an on-chain transaction, offering a $1 million white hat reward for the return of the stolen funds by February 13. However, negotiations were unsuccessful as the hacker showed no willingness to cooperate. Consequently, PlayDapp announced  the pausing of the PLA smart contract on February 13.

Abracadabra Finance ($6.5 Million)

Abracadabra Finance, the platform responsible for the stablecoin Magic Internet Money (MIM), fell victim to a hack on January 30, 2024, resulting in a loss of approximately $6.5 million. Consequently, MIM experienced a deviation from its intended value.

CoinMarketCap data reveals that the stablecoin’s market capitalization, initially standing at $100 million, briefly plummeted to $0.76. However, swift actions by the project’s team helped restore the token’s price, leading to a rebound.

Blocksec, a security firm, disclosed that the attackers exploited a vulnerability in the project’s smart contract, exploiting a rounding issue that caused a “precision loss.” The firm’s analysis indicated that about $29 million in assets were still present in the affected contract as of January 30, 2024.

Concentric.fi  ($1.8 Million)

Concentric.fi has experienced a “serious” security breach through a targeted social engineering attack. The attacker compromised a deployer wallet, which allowed them to exploit the protocol. Despite having audited vaults, the upgradability of these vaults made the protocol vulnerable. A thorough investigation, in collaboration with security researchers, to release a post-mortem report has begun. 

A report from CertiK, a blockchain security platform, reveals that the attack has resulted in losses exceeding $1.8 million. CertiK notes that the wallet involved in the attack is associated with the wallet responsible for the exploit on the OKX decentralized exchange that occurred on December 13. This suggests a potential connection between the two incidents, indicating the possibility of the same individual or group behind both attacks.

The team stated on X that it plans to resolve the issue, mitigate losses and safeguard the community’s interests, apologizing for any inconvenience caused.

Socket.Tech ($3.3 Million)

Socket.Tech, was exploited on Jan. 16, impacting several Web3 applications. The attack focused on Bungee Exchange, a component of Socket Protocol bridging Ethereum and 12 EVM chains, resulting in a $3.3 million loss. The hacker exploited a flaw in SocketGateway, allowing unauthorized fund transfers from users who granted it unlimited access. PeckShield reported the theft, confirmed shortly after by Socket Tech. 

Approximately 700 victims were affected, with the largest loss being $656,000 USDC. The attacker used privacy-focused exchange FixedFloat to exploit a system vulnerability in processing user data. 

Gamma Strategies ($3.4 Million)

Gamma Strategies, a DeFi protocol, suffered a $3.4 million loss due to a vulnerability in its accounting mechanism. The exploited vulnerability involved the attacker withdrawing more that 1500 ETH by exploiting a high price change threshold in LST and stablecoin vaults. The Security firm PeckShield has since confirmed the incident.

The protocol has disabled deposits to all public DeFi vaults, maintaining active withdrawals for users. The inconsistency in deposit and withdrawal accounting mechanisms was identified as the root cause. Gamma Strategies operates on Ethereum.

CoinsPaid ($7.5 Million)

CoinsPaid, an Estonia-based digital asset processor, experienced a $7.5 million hack, its second in six months. The breach involved unauthorized withdrawals of Tether, Ether, USD Coin, and CPD tokens. The hacker exchanged CPD tokens for Ethereum and transferred them to various exchanges, with a total loss including over $1 million in BNB Coin. 

The previous July hack, potentially linked to the Lazarus Group, involved sophisticated social engineering. Despite investigations and a police report, CoinsPaid has not commented on the recent breach. Security firm Cyvers has publicized the hacker’s digital address.

Radiant Capital ($4.5 Million)

Radiant Capital, a cross-chain lending platform, has suspended lending and borrowing on the Arbitrum network after its newly introduced USDC market suffered a flash loan attack. The attack, occurring seconds after the market’s launch, exploited the codebase, leading to a $4.5 million loss. 

Blockchain security firms PeckShield and Beosin identified the vulnerability and the manipulation of the ‘index parameter’ as the cause. Radiant acknowledged the breach, assuring that no existing funds were at risk, and has postponed any further action until a full review is completed and the Arbitrum markets are reopened.

Orbit Chain ($80 Million)

South Korea’s Orbit Chain lost over $80 million due to a hack linked to compromised multisig signers. The breach involved various cryptocurrencies, including stablecoins, wrapped Bitcoin (WBTC), and Ether (ETH), which were transferred through mixers. This incident is part of a pattern of security issues for Ozys’ projects, including previous hacks on KlaySwap and Belt Finance. 

The situation underscores the persistent risks in crypto security, particularly with multisig wallets and private key management, highlighting a need for improved safeguards and lessons from past breaches. As of yet, there is no information on whether the victims will receive stolen crypto.

Top Crypto Hacks & Scams Of 2023

The year 2023 has been marked by numerous high-profile cryptocurrency hacks, underscoring the ongoing vulnerabilities in the digital asset space. The below table highlights the most significant breaches during the year. Understanding these incidents is crucial for enhancing security measures and safeguarding assets in the evolving crypto landscape.

 

Victims Of Hack Date Of Hack Estimated Loss
Mixim Breach September 23, 2023 $200 Million
Euler Finance March 13, 2023 $197 Million
Multichain July 6, 2023 $126 Million
BonqDAO February 01, 2023 $120 Million
HECO Bridge and HTX hack November 23, 2023 $115 Million
Atomic Wallet June 03, 2023 $100 Million
CoinEx Hack September 12, 2023 $70 Million
Curve Finance July 30, 2023 $60 Million
Kyber Network November 22, 2023 $54.7 Million
Stake.com Hack September 04, 2023 $41 Million
CoinsPaid Phishing Scam July 22, 2023 $37 Million
Krosnos Research November 19, 2023 $26 Million
Bitrue Exchange April 14, 2023 $23 Million
Angle Protocol March 13, 2023 $17.6 Million
Platypus Finance October 12, 2023 $9.2 Million
Safemoon March 28, 2023 $9 Million
dYdX Hack November 17, 2023 $9 Million
LendHub January 12, 2023 $6 Million
Deus Finance May 05, 2023 $6 Million+
LastPass Hack October 25, 2023 $4.4 Million
Trust Wallet February 08, 2023 $4 Million
Stars Arena October 09, 2023 $3 Million
Telcoin December 26, 2023 $1.3 Million
Coins.ph October 23, 2023 $445K
Balancer September 19, 2023 $238K
Kucoin’s Twitter Scandal April 24, 2023 $23K USDT
MyAlgo February 27, 2023 Customer Information

FAQs

How are social media platforms used for crypto-related fraudulent activities?

Social media platforms are often exploited by scammers impersonating legitimate crypto entities or influencers to promote fraudulent schemes, phishing attacks, or misinformation, intending to deceive users into revealing sensitive information or transferring assets.

How can vulnerabilities in smart contracts lead to crypto hacks?

Smart contracts, if poorly coded or unaudited, may contain vulnerabilities or bugs that hackers can exploit to manipulate contract functionalities, leading to unauthorized access or alterations, potentially causing loss of funds stored within the contract.

What risks are associated with crypto exchanges about hacks and fraudulent activities?

Crypto exchanges can be targeted for hacks due to their vast amounts of assets, vulnerabilities, inadequate security measures, or internal malpractices that may lead to unauthorized withdrawals, data breaches, or other exploitations.

How can users protect their crypto wallets from fraudulent activities and hacks?

Users can secure crypto wallets by using hardware wallets for significant amounts, employing solid and unique passwords, enabling two-factor authentication, and being vigilant against phishing attempts and malicious software.

In what ways can DeFi platforms be susceptible to fraudulent behavior and hacks?

DeFi platforms can be susceptible to attacks like flash loan attacks, front-running, and exploits due to smart contract vulnerabilities, which can be orchestrated to drain funds or manipulate market conditions, highlighting the need for thorough platform assessment and cautious investment.

Was this Article helpful? Yes No