The year 2024 has seen a string of significant crypto hacks, leading to billions of dollars lost from investors and exchanges. The list, as compiled by Phoenix Group, highlights some of the most devastating incidents that have shaken the crypto community. Here's a detailed breakdown of the top crypto hacks of 2024.
1. DMM Bitcoin - $305 Million Lost
Date: 31 May 2024
Technique: Private Key Compromised
DMM Bitcoin faced the largest hack of 2024 due to the compromise of its private keys. This incident exposed vulnerabilities in the platform's key management systems, leading to a massive financial loss and shaken investor confidence.
2. WazirX: India - $234.9 Million Lost
Date: 18 July 2024
Technique: Safe Multisig Wallet Phishing Exploit
WazirX, one of India's largest crypto exchanges, was exploited through a phishing attack targeting its multisig wallets. Sophisticated tactics fooled key custodians, leading to the misappropriation of funds. This hack raised concerns about wallet security in centralized exchanges.
3. Munchables - $62.5 Million Lost
Date: 26 March 2024
Technique: Storage Slot Exploit
A lesser-known but critical exploit targeted storage slots in Munchables' smart contracts. The attack allowed hackers to overwrite contract data, draining funds seamlessly without triggering alarms.
4. BtcTurk - $54 Million Lost
Date: 22 June 2024
Technique: Private Key Compromised
BtcTurk, a Turkish crypto exchange, also fell victim to private key exposure. This breach underscored the risks of centralized private key storage and the need for better encryption practices.
5. Radiant Capital - $53 Million Lost
Date: 16 October 2024
Technique: Access Control Exploit
Radiant Capital suffered due to misconfigured access controls, enabling hackers to gain administrative privileges and siphon funds. This incident highlighted flaws in access management protocols.
6. Hedgey - $44.7 Million Lost
Date: 16 April 2024
Technique: Claim Contract Flashloan Exploit
Flashloan attacks on Hedgey's claim contracts exploited unchecked vulnerabilities, enabling attackers to manipulate protocols and extract significant sums.
7. BingX - $43.3 Million Lost
Date: 20 September 2024
Technique: Hot Wallet Hack
A breach in BingX’s hot wallet storage led to the theft of $43.3 million. This incident reignited debates about the safety of storing large amounts in hot wallets without adequate safeguards.
8. Penpie - $27 Million Lost
Date: 3 September 2024
Technique: Reentrancy Attack
Penpie was exploited using a reentrancy attack, where hackers manipulated the contract to repeatedly withdraw funds during a single transaction, bypassing withdrawal limits.
9. FixedFloat - $26.1 Million Lost
Date: 18 February 2024
Technique: Private Key Compromised
FixedFloat also fell victim to private key compromise, similar to other exchanges this year. The incident highlighted systemic weaknesses in private key security across the industry.
10. Thala - $25.5 Million Lost
Date: 15 November 2024
Technique: Drained Liquidity Pool
Hackers drained Thala's liquidity pools using flashloan attacks and arbitrage exploits, leaving the platform's users and investors reeling from the sudden losses.
Key Takeaways from 2024’s Crypto Hacks
1. Recurring Techniques: Private key compromises, phishing, and flashloan exploits remain the most common attack vectors, emphasizing the need for better security measures.
2. Centralized vs Decentralized Risks: Both centralized and decentralized platforms were targeted, proving that no system is immune to attacks without robust security measures.
3. Investor Losses: These hacks led to billions lost, highlighting the urgent need for enhanced regulatory frameworks and user education.
4. Need for Innovation: The crypto industry must innovate to improve wallet security, access controls, and smart contract audits to prevent similar incidents
What’s Next?
The crypto world must prioritize security by adopting advanced tools like AI-driven threat detection, secure hardware wallets, and decentralized key management systems. Additionally, educating users about phishing and other attack tactics is vital to mitigate risks.
As 2025 approaches, the industry faces the dual challenge of restoring trust while building robust defenses against increasingly sophisticated hackers.
