Key Takeaways
With each passing year of innovation and new milestones, the crypto industry also loses billions in hacks and exploits.
Thanks to increasing security measures and services, the number of hacks and the amount of stolen crypto have reduced over time.
However, despite security innovations, some hacking groups and individuals have also evolved to implement more sophisticated ways to breach a crypto platform or protocol.
In 2024, the crypto industry collectively lost $1.4 billion in 232 instances of crypto exploits. Let’s look back at the top five crypto hacks of 2024 and what caused them.
Tokyo-based DMM Bitcoin crypto exchange was exploited in May earlier this year, resulting in losses of assets worth $308 million.
After seven months of investigation, the Japanese authorities and the Federal Bureau of Investigation (FBI) concluded that the heist was carried out by the notorious North Korean hacking group Lazarus.
The FBI report noted that the hackers compromised one of the executives of the crypto exchange custody partner Ginco, who had access to wallet management systems.
After accessing the employees’ credentials, the hackers authorized millions of dollars in crypto transactions from the DMM exchange to a wallet of their choice. They got away with over $300 million in crypto assets.
The largest Indian crypto exchange by trading volume, WazirX, was hacked in June, just a month after the DMM exploit. The hackers behind the exploit stole $235 million in different crypto assets, all stored in one cold wallet.
The culprit? The same as the DMM exchange exploit—the Lazarus group.
While the investigation into the exchange hack is ongoing, early reports indicate that the manner of the exploit was similar to the DMM exchange. The hackers reportedly got access to the keys to the cold wallet and later moved to drain the wallet completely.
WazirX custody partner Laminal had denied any compromise on their end, while WazirX stressed that they were not compromised and that it was the custody partner.
Orbit Bridge Chain lost $100 million in an exploit in the final hours of Dec. 31, 2023, when a few countries were already celebrating New Year. The hacker stole ETH and DAI from the platform after exploiting a smart contact vulnerability.
This year’s largest decentralized finance exploits, and the hacker started to launder funds via tornado cash in June after five months of silence. The hacker moved $47.7 million worth of ETH in June, and the wallet still holds $67.3 million in ETH and DAI balance.
While it’s unclear who was behind the exploit, the fund transfer movement indicates it might be another job of North Korean hackers.
Munchables, a crypto-focused Web3 game, was exploited in March this year, losing $63 million in assets. What’s the common factor here? You guessed it right: The North Koreans again.
The platform fell prey to another elaborate social engineering method, where Munchables hired four developers believed to be the same person —and suspected to be from North Korea—to create its smart contracts.
As a result, the hacker who created the smart contract used an upgradeable proxy contract, which the deployer’s address could modify. The developer owned this deployer address, not the Munchables contract.
The deployer then assigned themselves a balance of 1 million ETH within the smart contract and got away with $62.8 million worth of ETH, once the smart contract received enough ETH deposits.
Turkish crypto exchange BtcTurk became another centralized exchange to be exploited in 2024. In a June hack, the attackers lost $55 million due to compromised private keys.
After getting access to enough private keys to bypass the multi-sig wallets, they exploited 10 hot wallets.
The attackers later dumped the stolen crypto asset from the exchange on the market. Thankfully, all the stolen assets belonged to the exchange, so its customers suffered no loss.
BtcTurk also received aid from Binance in investigating the incident, and Binance froze over $5.3 million on its exchange.
While the total value lost in the hacks in 2024 grew by over $40 million from the last year, the experts report a stagnation in hack volume.
Another notable shift is the focus on centralized exchanges over decentralized exchange platforms.
Until last year, DeFi protocols were the primary target of hackers over centralized exchanges, but that changed in 2024, with centralized exchanges accounting for the majority of the exploits.
Although DeFi still accounted for the largest share of stolen assets in the first quarter of 2024, centralized services were the most targeted in Q2 and Q3.
The increased target on centralized exchange highlights the growing sophistication of hacking methods, as more rigorous methods are required to compromise cold wallet keys than exploit the vulnerability of a protocol.