Over the course of 2023, crypto users lost $1.8 billion in various hacks, exploits, scams and rug pulls, bug bounty platform Immunefi said in a report published on Thursday. While that's a 54% decrease from the $3.9 billion the industry lost in 2022, the number of single incidents increased 90% from 168 in 2022 to 319 in 2023.
The third quarter of the year proved to be the most disastrous, accounting for a third of all losses registered during the year. In terms of monthly numbers, the highest losses were seen in November ($343 million), September ($340 million) and July ($320 million).
A total of ​​$1.6 billion was lost as a result of hacks in 247 incidents mostly connected to decentralized finance platforms, while fraud accounted for $103 million lost in 110 incidents, according to the report.
Immunefi said that 13.5% of the stolen funds, or around $231.7 million, had been recovered in 19 cases.
Most attacked blockchains
BNB Chain and Ethereum are consistently the most attacked blockchains, accounting for more than half of the total losses. According to Immunefi, 131 incidents involved BNB Chain-based projects, and 91 incidents were seen on Ethereum. They were followed by Polygon with ten incidents, and Avalanche with six.
North Korea's Lazarus Group got away with $308.6 million of funds stolen from various projects in 2023, which is 17.4% of the total losses seen during the year. The group is believed to be behind the attacks on Atomic Wallet, CoinEx, Alphapo, Stake and CoinsPaid.
Other notable incidents in 2023 included attacks on Mixin Network ($200 million), Euler Finance ($197 million), Multichain ($126 million), Poloniex ($126 million), and BonqDAO ($120 million), Immunefi said.
#Scams #hacks

The year 2024 has been marked by unprecedented events that have reverberated across multiple sectors, particularly in the realms of #cryptocurrency , economics, and politics. As we navigate through this year, let’s take a look at some significant occurrences that have defined the landscape:
Major Events of 2024
Cryptocurrency Exchange Bankruptcies:Several high-profile cryptocurrency #exchanges , including some in India and Malaysia, have declared bankruptcy, leaving investors in the lurch.These collapses have led to a significant loss of trust in centralized exchanges.#hacks and Security Breaches:Multiple exchanges have experienced hacks, resulting in millions of dollars being stolen from unsuspecting users.The aftermath of these incidents has raised concerns about security measures and the overall integrity of digital asset platforms.Burning of Old Digital Currencies:Many legacy cryptocurrencies are engaging in token burn mechanisms to reduce supply and stabilize prices.This trend has sparked debates on sustainability and the long-term viability of certain coins.

$XRP 's Resurgence:#XRP has emerged as a frontrunner in the crypto market, driven by legal victories and increased adoption.Its narrative has shifted from a legal battleground to a potential market leader, influencing investor sentiment.Global Economic Challenges:The world is grappling with economic downturns, inflation, and rising interest rates, affecting markets and consumer confidence.Countries are facing mounting pressures to find effective solutions to these financial woes.U.S. National Debt Crisis:The United States is navigating a staggering national debt of $33 trillion, prompting discussions about fiscal responsibility and potential reforms.Solutions are being debated in Congress, but consensus remains elusive.2024 U.S. Presidential Election:The political arena is heating up as Donald Trump and Kamala Harris position themselves as the leading candidates.Their contrasting visions for America are shaping campaign strategies and voter mobilization efforts.Elon Musk's Influence:Elon Musk continues to make headlines with his ventures, including advancements in AI and space exploration.His impact on technology and popular culture remains profound, influencing market trends and public discourse.
Major Events of 2024 by Month
January
FTX and Voyager's Bankruptcy Proceedings: Continued fallout from the 2022 collapses.Launch of CBDCs: Several countries, including China and the EU, expanded their Central Bank Digital Currency initiatives.Bitcoin Price Rally: Bitcoin saw a 15% increase, sparking renewed interest in crypto.
February
Crypto Exchange Hack in Malaysia: A major exchange suffered a breach, resulting in millions lost.SEC vs. Crypto Companies: The U.S. SEC increased scrutiny on various crypto platforms.Ethereum Upgrade: The transition to Ethereum 2.0 gained traction with successful testnets.
March
Market Correction: A significant pullback in crypto prices led to panic selling.XRP Legal Victory: Ripple won a court case, boosting XRP's market position.Coinbase Layoffs: Coinbase announced layoffs amid declining trading volumes.
April
New Regulatory Frameworks: The EU proposed new regulations for cryptocurrency exchanges.Launch of NFT Marketplaces: Several platforms launched, aiming to capture the growing NFT market.Stablecoin Regulations: Discussions around stablecoin regulation intensified.
May
Hack of Indian Exchange: An Indian crypto exchange was hacked, causing significant investor losses.Bitcoin Mining Crackdown: China resumed its crackdown on Bitcoin mining operations.Elon Musk's Twitter Influence: Musk's tweets drove sudden price movements in Dogecoin.
June
Summer Market Slump: Crypto markets experienced a significant downturn.NFT Market Decline: Reports showed a sharp decline in NFT sales.Crypto Tax Guidelines: Various countries released updated tax guidelines for crypto traders.
July
Binance Regulatory Issues: Binance faced increased scrutiny from regulators in multiple countries.Introduction of Layer 2 Solutions: Several blockchain projects introduced Layer 2 scaling solutions.Launch of New Altcoins: Many new altcoins were launched amid a recovering market sentiment.
August
Return of Crypto Bull Run: Bitcoin and Ethereum prices began to rise again.Partnerships with Traditional Finance: Crypto platforms partnered with banks to facilitate fiat transactions.Major Hack on Global Exchange: A well-known global exchange experienced a breach, leading to heavy losses.
September
XRP Market Leadership: XRP continued to climb, solidifying its position in the top 5 cryptocurrencies.U.S. National Debt Concerns: Ongoing discussions about the implications of the $33 trillion national debt.Elon Musk's New Ventures: Announced plans for new space exploration projects.
October
Crypto Market Regulation Announcements: Major announcements from regulators about upcoming policies.Adoption of Blockchain Technology: Businesses began exploring blockchain for supply chain solutions.Market Volatility: Prices fluctuated significantly as traders reacted to regulatory news.
November
U.S. Elections and Market Impact: Market sentiment shifted based on election results.Adoption of Crypto by Retailers: More retailers began accepting cryptocurrencies as payment.Major Exchange Acquisitions: Acquisitions of smaller exchanges by larger players were announced.
December
Year-End Market Review: Analysts reported on the highs and lows of the crypto market in 2024.Forecast for 2025: Predictions for market trends and regulatory changes in the coming year.Final Crypto Hack of the Year: A last-minute hack on a prominent exchange highlighted ongoing security issues.
2024 Short Review:
The events of 2024 have shaped a turbulent landscape for the cryptocurrency market, reflecting a mix of regulatory developments, market volatility, and technological advancements. As the year concludes, the implications of these occurrences will likely influence strategies and policies in the years to come.
Analysis of the Current Landscape
The events of 2024 have highlighted the volatility and unpredictability of both financial and political spheres. The catastrophic failures of cryptocurrency exchanges serve as a stark reminder of the inherent risks involved in the digital asset space. As millions of dollars vanish due to hacks, investors are forced to reconsider their trust in these platforms and the future of cryptocurrency as a whole.
In parallel, the resurgence of XRP showcases how legal clarity can dramatically shift market dynamics. The coin’s journey from litigation to potential market dominance reflects broader trends in the crypto ecosystem, where regulatory clarity is increasingly sought by investors.
Meanwhile, global economic challenges are adding layers of complexity to the situation. Inflation and rising interest rates have placed pressure on consumer spending and investment, forcing countries to reevaluate their economic policies. In the U.S., the staggering national debt poses questions about fiscal sustainability and future growth.
The upcoming presidential election adds yet another layer of uncertainty. With candidates like Donald Trump and Kamala Harris vying for the highest office, their platforms will not only shape the political landscape but also have significant implications for economic policy and international relations.
As we observe the actions of influential figures like Elon Musk, it becomes clear that innovation and disruption will continue to play a crucial role in shaping the future. His endeavors in AI and space exploration signify a push towards a new technological era, even amidst economic turmoil.
In Nutshell
The events of 2024 encapsulate a pivotal moment in history, characterized by significant setbacks and transformative changes. The interplay between cryptocurrency turmoil, economic challenges, and political shifts will continue to influence global dynamics in the months to come. As we move forward, it is essential for investors, policymakers, and citizens to remain vigilant and adaptive in the face of these rapid changes.

Cryptographic systems underpin decentralized finance (DeFi) and blockchain ecosystems, offering users unparalleled control over digital assets. However, the sophistication of these systems also opens up a variety of attack vectors, from smart contracts to multisig wallets, and even hardware wallets. Developers, often focused on functionality, may overlook critical vulnerabilities, creating opportunities for sophisticated attacks like those seen in the Radiant Capital $50M hack. This article will explore the vulnerabilities within crypto systems and provide detailed insights into how they occur, drawing on the latest attack trends and often-overlooked developer mistakes.

1. Smart Contract Vulnerabilities
How They Occur:
Smart contracts are self-executing contracts with the terms of the agreement directly written into code. Their functionality is often complex, and errors or #vulnerabilities in the code can lead to catastrophic results. Hackers can exploit issues such as:
- Reentrancy Attacks: When a smart contract calls an external contract, attackers can use #reentrancy to exploit the sequence of code execution, draining funds.
- Example: In the 2016 DAO attack, reentrancy was used to repeatedly withdraw funds before the contract’s balance was updated, resulting in $60M of stolen $ETH .

- Unchecked Return Values: Developers often overlook checking the return values of low-level calls. This can lead to a contract assuming a call has succeeded when it has not, leaving the contract vulnerable to exploitation.
- Integer Overflow/Underflow: If a contract uses arithmetic operations without proper checks, overflow and underflow issues can occur. Attackers can #exploit these to create infinite tokens or drain funds.

- Exploiting Token Approvals: Many DeFi protocols require users to approve token transfers. Attackers can exploit ongoing approvals or smart contracts that fail to properly manage token allowances.
Mitigation Measures:
- Use Libraries: Utilize audited libraries like OpenZeppelin to avoid common pitfalls in solidity programming such as integer overflow.
- Reentrancy Guards: Include reentrancy guards to prevent recursive calls that could drain funds.
- Audit Smart Contracts: Regularly audit contracts to detect vulnerabilities before deployment.
- Limit Permissions: Encourage users to regularly review and revoke token approvals using tools like Etherscan’s token approval checker.

2. Multisig Wallet Vulnerabilities
How They Occur:
Multisig wallets (e.g., Gnosis Safe) require multiple private keys to authorize transactions, creating a barrier against single-point failures. However, if one or more signers are compromised, the system’s security can break down. Here’s how #Multisig wallets can be attacked:
- Endpoint Compromise: Attackers can install malware, such as a Trojan, on team members' computers. This malware can intercept and modify signing requests before they are sent to the multisig wallet. In the Radiant Capital hack, a Trojan altered transaction data, tricking the hardware wallet into signing a malicious transfer of ownership without detection.

- Hardware Wallet Interception: While hardware wallets are designed to securely sign transactions, they can still be manipulated if the device used to interact with the hardware wallet is compromised. If malware intercepts the transaction data before it reaches the hardware wallet, the user unknowingly approves a malicious transaction.
- Atomic Execution Exploits: Attackers bundle several malicious actions (e.g., ownership transfers, contract upgrades) into one atomic transaction, making it nearly impossible to stop or detect the malicious activity before the funds are stolen.
Mitigation Measures:
- Endpoint Security: Implement anti-malware solutions on devices used for signing transactions. Keep these devices isolated from internet access where possible to reduce the risk of malware infections.

- Cross-verification of Transactions: Ensure that all multisig signers review transaction data on different devices to detect any manipulation. If the same transaction appears differently on separate devices, it should trigger an immediate investigation.
- Timelocks and Governance: Introduce timelocks to delay critical operations such as ownership transfers or large fund movements. Use governance processes to require community or multi-layer multisig approval for contract upgrades or ownership changes.

3. Hardware Wallet Vulnerabilities
How They Occur:
Hardware wallets provide offline storage of private keys, adding a layer of security against #hacks . However, they can still be exploited through indirect means:
- Man-in-the-Middle Attacks: If a computer interacting with a hardware wallet is compromised, attackers can intercept and alter transaction requests before they are displayed on the hardware wallet screen. The user might sign a transaction believing it is legitimate, when in reality they are approving a malicious one.
- Physical Attacks: Supply chain attacks can compromise hardware wallets at the manufacturing level, where malware is introduced during the production process. If the hardware wallet is tampered with before it reaches the user, attackers can potentially access the private keys.
- Malware-Based Attacks: Like in the Radiant Capital hack, Trojans can replace legitimate transactions with malicious ones before they are sent to the hardware wallet, leading to unauthorized actions, such as contract upgrades or ownership transfers.
Mitigation Measures:
- Use Air-gapped Devices: Sign transactions using air-gapped devices that are not connected to the internet to reduce exposure to malware.

- Cross-check Transactions: Ensure users always check the transaction details on their hardware wallet’s screen before confirming, comparing them with the intended action.

- Regular Firmware Updates: Keep hardware wallets updated with the latest firmware to patch any potential vulnerabilities.

- Device Authentication: Use hardware wallets from reputable manufacturers that include device authentication mechanisms to prevent tampering during the supply chain process.

4. Multisig Best Practices and Signature Verification
Even though multisig wallets add layers of security, they are not foolproof. Weaknesses often arise from how multisig transactions are verified and executed, particularly in setups involving hardware wallets.
How Vulnerabilities Occur:
- Compromised Signers: If one or more signers in a multisig wallet are compromised, attackers can manipulate transaction requests, as seen in the Radiant Capital hack. The infection of team members' computers allowed for manipulation of multisig transactions before the hardware wallet even signed them.

- Weak Cross-Verification: Multisig signers may assume that because they are in a secure setup, they do not need to verify transactions across multiple devices. This assumption can be exploited by attackers who alter transaction requests at the endpoint.
Mitigation Measures:
- Distributed Signing: Multisig signers should verify transactions across multiple devices and display methods to detect potential discrepancies in the data.

- Anomaly Detection: Use anomaly detection systems to flag unusual transactions for review. Any inconsistencies between what is shown to different multisig signers should trigger a halt in the transaction.

5. Mitigation Lessons from Radiant Capital's Attack
The Radiant Capital hack is a reminder that even the most sophisticated systems are vulnerable to multi-layered attacks that blend malware, multisig exploitation, and hardware wallet manipulation. The attack showed that combining multiple vulnerabilities (Trojan malware, hardware wallet interception, and atomic execution) can create an exploit that bypasses many traditional defenses.
Key lessons:
- Always Assume Endpoints Can Be Compromised: Even with a secure hardware wallet, attackers can intercept and modify transactions at the computer level. Therefore, endpoint security must be a top priority.

- Atomic Execution Monitoring: Implement real-time monitoring of atomic transactions that can flag malicious activity before they are executed on-chain.

- Governance and Timelock Mechanisms: Timelocks should be mandatory for sensitive operations, and governance processes should be in place to delay or prevent suspicious actions.
By adopting a multi-layered approach to security, including smart contract audits, endpoint protections, and cross-verification of transactions, developers and users can better safeguard their assets from the increasingly sophisticated landscape of crypto exploits.