Every year millions of dollars’ worth of crypto assets are stolen by nefarious actors in all kinds of manner. In 2024, the cryptocurrency world has faced a staggering rise in high-profile security breaches, shedding light on the vulnerabilities that still loom over even the most sophisticated blockchain systems. With billions in digital assets at stake, hackers have become more relentless and resourceful, exploiting both technical flaws and human errors. These incidents underscore the need for heightened security measures and bring an urgent reminder of the risks that investors and platforms face in an increasingly digital financial landscape. As cyberattacks continue to evolve in scale and frequency, the spotlight remains firmly on the ever-pressing need for improved resilience and vigilance across the crypto ecosystem.

The dangers of crypto hacks have been around since the early days of the industry and they’re only getting more elaborate, more sophisticated with time. Last year, in 2023, the cryptocurrency sector faced numerous alarming security breaches, each leading to significant financial losses. Among the most notable incidents were the $200 million breach at Mixim in September, a $197 million loss at Euler Finance in March, and a $126 million breach at Multichain in July.
Losing cryptocurrency is alarmingly easy, especially with the increasing sophistication of hacks targeting wallets and exchanges. A single phishing link, compromised password, or an insecure device can open the door to devastating losses in minutes. For these reasons, I strongly recommend storing crypto in a hardware wallet, which keeps private keys offline and out of reach from online threats. In my blog, I review several hardware wallets that provide top-tier security for your assets, helping protect against hacks, phishing attempts, and unauthorized access. For anyone serious about safeguarding their crypto, a reliable hardware wallet is an essential line of defence.

Certik’s H1 2024 report on blockchain security incidents highlights the dangers and risks we all face when working with digital assets nowadays. It’s interesting that phishing attacks come on top of the list as a leading cause of financial loss, with almost $498 million stolen across 150 incidents. Phishing attacks exploit human vulnerabilities, often deceiving users into revealing private keys or other sensitive information. But many other exploits and hacks are causing millions of dollars’ worth of crypto to go missing every week.
By exploiting human psychology and leveraging sophisticated social engineering tactics, malicious actors deceive unsuspecting users into compromising their digital assets. As blockchain technology continues to gain traction, it is imperative for individuals and organizations alike to remain vigilant against these insidious attacks and adopt robust security measures to safeguard their digital wealth.

Here are the most explosive hacks in the cryptoverse in 2024. While many of these are on massive scale targeting big corporations or exchange platforms, increasingly we are noticing individual attacks targeting investors and small businesses directly.

JANUARY

Orbit Chain ($80M)

On December 31, 2023, an unidentified attacker exploited a vulnerability in Orbit Bridge, a decentralized cross-chain protocol, stealing approximately $84.5 million worth of cryptocurrency. Orbit Chain is actively working with law enforcement and security experts to investigate the incident and recover the stolen funds.

Radiant Capital ($4.5M)

On January 3, 2024, Radiant Capital, a decentralized lending protocol, suffered a major cyberattack, resulting in the loss of over $4.5 million in cryptocurrency. The attack exploited vulnerabilities within the protocol’s smart contracts, allowing the attacker to drain funds from user accounts. While Radiant Capital is working to address the security breach, the stolen funds remain unclaimed as of January 4, 2024.

Mango Farm ($2M)

MangoFarm, a farming protocol on Solana, which promised unprecedented yield in the SOL space to its investors, stole away ~$2Million of its investors’ wealth on Jan 7, 2024, in a well-orchestrated exit scam.
It had announced its MANGO token airdrop on Jan. 10, and to participate in the airdrop, users had to deposit their Solana SOL tokens in the protocol. This is a typical example of pre-orchestrated rug-pulls (another term for crypto scams that occur all the time). The developers of this project had the intention to do a quick money grab and this is exactly how it played out.
“Foobar,” a pseudonymous developer recently appointed as MangoFarmSOL’s security auditor, had warned users about MangoFarmSOL’s compromised front end on Jan 6 through a post on X. He also predicted that the protocol might be a potential rug pull.

CoinsPaid ($7.5M)

On January 6, 2024, a cyberattack targeted CoinsPaid, a crypto payment processor, resulting in the theft of approximately $7.5 million in digital assets. The attack exploited vulnerabilities in the platform’s security systems, allowing the attacker to withdraw funds from user accounts.

Gamma Strategies ($3.4M)

On January 8, 2024, Gamma Strategies, a quantitative trading firm, suffered a significant cyberattack, resulting in the loss of approximately $3.4 million in digital assets.
The attack exploited vulnerabilities in the firm’s security systems, allowing the attacker to steal funds from user accounts. While Gamma Strategies is investigating the incident and working to recover the stolen funds, the details of the specific vulnerability exploited remain undisclosed.

Socket Tech ($3.3M)

Socket.Tech was exploited on January 16, 2024 for around $3.3 million.
The attacker took advantage of a flaw in a newly deployed contract’s user input validation. Users who approved this vulnerable contract lost funds. The attack targeted USDC holdings and affected over 230 wallets, with the largest loss being $656,000. The stolen funds were converted to ETH and haven’t been recovered as of reports in late January 2024.

Unnamed Individual ($4.2M)

On Jan 21, 2024, a phishing attack on Ethereum cost a victim ~$4.2Million worth of aEthWETH and aEthUNI. The loss happened due to the victim’s signing of multiple ERC20 Permit signatures. (Source)
Attack Txn: https://etherscan.io/tx/0x93a0ce0711edaf7664c26b3654095f1052010bb7da62c135b6ef0c425c0c2f09

The addresses created to transfer these tokens are the temp addresses pre-computed by CREATE2 which is now increasingly being used by scammers to carry out phishing attacks.

Concentric.fi ($1.8M)

Concentric.fi fell victim to a social engineering attack on January 22, 2024, leading to losses exceeding $1.85 million. Attackers compromised an admin wallet and used it to deploy a malicious upgrade to the Concentric vault contracts. This upgrade drained liquidity from pools and user funds that had interacted with Concentric contracts. The attack highlights the dangers of social engineering and the importance of robust security protocols.

Abracadabra Finance ($6.5M)

On January 30, 2024, Abracadabra Finance, a decentralized finance (DeFi) protocol, suffered a significant hack resulting in the loss of approximately $6.5 million. The attack exploited vulnerabilities in the protocol’s smart contracts, allowing the attacker to drain funds from user accounts. While Abracadabra Finance is working to address the security breach, the stolen funds remain unclaimed.

FEBRUARY

PlayDapp ($290M)

Between February 9 and 12, 2024, PlayDapp, a prominent South Korean crypto gaming and NFT platform operating on Ethereum, was exploited twice. The attacker, who gained access through a private key breach, minted over 1.79 billion PLA tokens, resulting in a total loss of approximately $290 million. Despite PlayDapp offering a $1 million reward for the return of the stolen funds, the attacker has refused and continues to launder the stolen tokens.

Last Pass ($6M)

On February 19th and 20th, 2024, a significant number of LastPass users were targeted in a series of hacks. The attackers exploited a vulnerability in the platform to gain access to users’ encrypted vaults. While the exact number of affected users and the total amount of stolen funds is still being investigated, it’s estimated that over $6 million in digital assets were stolen from numerous victims. This incident highlights the importance of strong security practices, including using strong, unique passwords and enabling two-factor authentication.”

BitForex ($57M)

On February 23, 2024, BitForex, a cryptocurrency exchange, abruptly halted operations after approximately $57 million was withdrawn from its hot wallets. The incident raised suspicions of an exit scam, as the exchange’s team became unresponsive to user inquiries. The stolen funds remain unclaimed, and the future of BitForex remains uncertain.

MARCH

WOOFi WooPPV2 contract on Woo Network ($10M)

On March 5, 2024, the WOOFi WooPPV2 contract on the Woo Network was exploited in a significant hack. The attack resulted in the loss of approximately $10 million worth of cryptocurrency. The vulnerability exploited in the attack was a reentrancy attack, which allowed the attacker to repeatedly call a function and manipulate the protocol’s logic to drain funds. This incident highlighted the importance of rigorous security audits and testing for DeFi protocols, as well as the need for users to be cautious and conduct thorough research before interacting with any platform.”

Mozaic Finance ($2.5M)

On March 15, 2024, Mozaic Finance, a decentralized finance (DeFi) platform, suffered a security breach. The attack involved a compromise of the platform’s private key infrastructure, allowing the attacker to drain funds from the Mozaic vaults. Approximately $2.1 million was stolen and transferred to other exchanges. However, Mozaic Finance was able to recover a significant portion of the stolen funds due to prompt reporting to relevant exchanges.

ParaSwap ($864K)

On March 20, 2024, ParaSwap, a decentralized exchange aggregator, experienced a security breach. The attack exploited a vulnerability in the Augustus V6 contract, allowing the attacker to steal approximately $864,000 worth of cryptocurrency.
However, it’s important to note that ParaSwap quickly responded to the incident by pausing the vulnerable contract and taking steps to mitigate further damage. The platform also allocated funds to compensate affected users.

Curio ($16M)

On March 23, 2024, the Curio DeFi project was exploited in a significant hack. The attack resulted in the loss of roughly $16 million worth of cryptocurrency.
The primary reason for the exploit is a permission access logic vulnerability in the smart contract based on. MakerDAO, which the attacker exploited to mint an additional 1B CGT.
The vulnerability exploited in the attack was a reentrancy attack, which allowed the attacker to repeatedly call a function and manipulate the protocol’s logic to drain funds. This incident highlighted the importance of rigorous security audits and testing for DeFi protocols, as well as the need for users to be cautious and conduct thorough research before interacting with any platform.

Prism Finance ($10M)

On March 28, 2024, Prism Finance, a decentralized lending protocol, suffered a significant hack resulting in the loss of approximately $10 million. The attack exploited vulnerabilities in the protocol’s smart contracts, allowing the attacker to drain funds from user accounts. While Prism Finance is working to address the security breach, the stolen funds remain unclaimed.

APRIL

Hedgey Finance Exploit ($44M)

On April 19, 2024, Hedgey Finance was exploited. The attacker took advantage of a vulnerability in the project’s ClaimCampaigns contract, which allowed them to transfer tokens from the contract to themselves. Over $42.8 million worth of ARB tokens were successfully taken over by an attacker on the Arbitrum network. This incident highlights the importance of rigorous code audits and security practices in the DeFi space.

Xbridge SaitaChainCoin ($1.8M)

The XBridge_ platform, associated with SaitaChainCoin, was exploited on April 24, 2024, resulting in a loss of approximately $1.8 million in cryptocurrency.
The vulnerability exploited in the attack was a smart contract flaw that allowed the attacker to manipulate the contract’s logic and drain funds.

Rain Exchange ($14.8M)

On April 29, 2024, the cryptocurrency exchange Rain was exploited, resulting in a loss of approximately $14.8 million. The exact details of the vulnerability exploited in the attack have not been publicly disclosed.

MAY

Gnus.AI Discord Hack ($1.27M)

The Gnus.AI artificial intelligence network lost approximately $1.27 million through a token-minting exploit on May 5, 2024. The team announced plans to release a new version of the Genius (GNUS) token and that users should no longer buy the old version. 100 million fake GNUS tokens were minted, bridged to Ethereum and sold into the market. The resulting price crash transferred the wealth of existing tokenholders to the attacker, as the attacker received real assets in exchange for tokens that were created out of thin air.

Sonne Finance on Optimism chain ($20M)

Sonne Finance, a decentralized finance (DeFi) protocol on the Optimism network, was exploited in a flash loan attack on May 14, 2024. The attack resulted in a loss of approximately $20 million. The vulnerability exploited in the attack was a precision error in the protocol’s smart contracts. This allowed the attacker to manipulate the protocol’s token prices and drain funds.

BlockTower Capital Undisclosed

On May 15, 2024, BlockTower Capital, a prominent crypto hedge fund, reported a security breach. While the exact amount of losses remains undisclosed, the incident involved the compromise of a private key, leading to the unauthorized transfer of funds. BlockTower Capital is actively investigating the matter and taking steps to enhance its security measures to prevent future incidents.

Pump.fun ($1.9M)

On May 16, 2024, Pump.fun, a Solana-based memecoin launchpad, suffered a significant security breach. A former employee, identified as Jarrett (also known as STACCOverflow), exploited their “privileged position” to drain approximately $1.9 million from the platform’s bonding curve contracts.

Gala Games ($212M)

On May 20, 2024, Gala Games experienced a significant security breach. The hacker exploited a vulnerability in the platform’s smart contract – a hack that resulted from a private key (with administrator privileges) compromise. Using this unauthorized access, the attacker minted ~5B GALA tokens worth ~$212 million at the time of the hacks. However, the hacker was unable to fully capitalize on this exploit as Gala Games’ team quickly responded by freezing the hacker’s wallet and recovering a significant portion of the stolen funds.

NORMIE ($881K)

On May 26, 2024, the NORMIE protocol experienced a security breach, resulting in the loss of approximately $881,686 in cryptocurrency. The attack exploited vulnerabilities within the protocol’s smart contracts, allowing the attacker to drain funds from user accounts.

DMM Bitcoin Private Key Hack ($305M) 4,502.9 BTC

On May 31, 2024, DMM Bitcoin, a Japanese cryptocurrency exchange, suffered a significant security breach. The exchange lost approximately 4,502.9 Bitcoin, valued at around $305 million at the time. The incident was caused by an unauthorized leak of private keys, allowing the attacker to gain access to the stolen funds. The infamous Lazarus Group, a North Korean-linked hacking syndicate, is suspected of orchestrating the attack. The group reportedly began laundering the stolen funds, with over $35 million already processed through an online marketplace known as Huione Guarantee, a platform frequently associated with money laundering activities.

JUNE

Velocore ($10M)

On June 2, 2024, Velocore, a decentralized exchange (DEX) protocol operating on zkSync and Linea blockchains, was exploited. The attack resulted in the loss of approximately $7 million in ETH. The vulnerability exploited in the attack was a flaw in the Balancer-style CPMM pool contract, which allowed the attacker to manipulate the protocol and drain funds. This incident highlights the importance of rigorous security audits and testing for DeFi protocols.

Loopring ($5M)

On June 9, 2024, Loopring, a ZK-rollup based protocol built on Ethereum, experienced a security breach. The attack targeted the protocol’s two-factor authentication (2FA) based Guardian wallet recovery service. The hackers exploited a vulnerability in the 2FA service, allowing them to impersonate legitimate wallet owners and initiate unauthorized recoveries. This enabled them to gain access to private keys and drain funds from affected wallets. The total loss from the attack was estimated to be around $5 million.

Uwu Lend ($19.3M + $3.5M)

On June 10, 2024, UwU Lend, a decentralized finance (DeFi) protocol, suffered a significant hack resulting in the loss of approximately $19.3 million. The attacker exploited a vulnerability in the protocol’s pricing system, enabling them to manipulate token prices and drain funds from the platform. On June 13, 2024, UwU Lend was again targeted by the same attacker, who managed to steal an additional $3.5 million. This attack further highlighted the vulnerabilities in the protocol’s security measures.

Kraken ($3M)

On June 19, 2024, Kraken, a major cryptocurrency exchange, suffered a security breach. A security researcher exploited a critical zero-day vulnerability in the platform, allowing them to steal approximately $3 million in digital assets. The vulnerability enabled the attacker to initiate deposits and receive funds without fully completing the transaction. Kraken quickly addressed the issue within 47 minutes, but the stolen funds were not recovered.

BtcTurk Hot Wallet Hack ($55M)

On June 22, 2024, BtcTurk, a major Turkish cryptocurrency exchange, suffered a significant hack. The attackers compromised several hot wallets, stealing approximately $55 million worth of cryptocurrency. While the majority of BtcTurk’s assets were safely stored in cold wallets (which are offline and less susceptible to attacks), the hack affected ten different cryptocurrencies stored in hot wallets, which are more vulnerable due to their constant online connectivity.

JULY

Bittensor Blockchain ($8M) TAO Tokens

On July 3rd, 2024, Bittensor, a decentralized artificial intelligence network, experienced a significant security breach. The attackers exploited vulnerabilities in the network’s smart contracts, allowing them to drain approximately $8 million worth of TAO tokens. The breach caused significant disruption to the network’s operations and impacted numerous users. Bittensor’s team is actively working to address the security issues and prevent future attacks.

DoughFina ($1.8M)

On July 12, 2024, DoughFina, a decentralized finance (DeFi) protocol on the Ethereum blockchain, was exploited. The attack resulted in the loss of approximately $1.8 million worth of cryptocurrency. The vulnerability exploited in the attack was an access control issue in the ConnectorDeleverageParaswap contract, which allowed the attacker to manipulate the protocol and drain funds.

While DoughFina has acknowledged the hack and is investigating the incident, the stolen funds have not yet been recovered.”

Minterest ($1.4M)

On July 14, 2024, the cryptocurrency lending protocol Minterest on the #mantle chain was exploited for $1.4 million.

LIFI ($9.7M)

On July 16th, 2024, LIFI Finance, a cross-chain bridge protocol, suffered a significant hack that resulted in the loss of approximately $10 million. The attack exploited vulnerabilities in the protocol’s smart contracts, allowing the attacker to drain funds from the platform.

WazirX ($234.9M)

On July 18, 2024, WazirX, a major Indian cryptocurrency exchange, suffered a significant security breach. The attackers exploited a vulnerability in the exchange’s multi-signature wallet, allowing them to steal approximately $234.9 million worth of digital assets. The stolen funds were subsequently laundered through various decentralized exchanges. Following the breach, the exchange suspended all crypto and cash withdrawals to conduct an internal investigation.
After using the exploit, the attacker quickly spent all of the money in the compromised wallet and distributed it among several addresses. A fraction of the stolen assets were secured when some of the cash was sent to exchanges including Binance and ChangeNOW, who quickly stopped accepting further transactions. Even with these precautions, it would be difficult to collect the entire amount because the majority of the money has already been distributed and changed into other cryptocurrencies. Three months later, WazirX has yet to issue any remediation plans to compensate affected users.

MonoSwap ($1.3M)

“On July 24, 2024, the decentralized exchange and staking platform MonoSwap on the Blast chain was exploited, resulting in a significant loss of approximately $1.3 million. The Total Value Locked (TLV) for this protocol dropped significantly from approximately $1.5 million to $200,000 as a result of the exploit. Later all the bridged fund (371 $ETH) was transferred to the Tornado Cash.

AUGUST

NEXERA exchange ($1,5M)

On August 7, 2024, NEXERA, a South Korean cryptocurrency exchange, suffered a significant security breach. The attack, believed to be perpetrated by North Korean hackers, involved the deployment of malicious malware. This malware allowed the attackers to steal approximately $1.5 million worth of cryptocurrency from the exchange’s hot wallets.

SEPTEMBER

Penpie Breach ($27M)

On September 3, 2024, the Penpie decentralized finance (DeFi) protocol was exploited in a reentrancy attack, resulting in the loss of approximately $27,348,259 worth of Ethereum. The attack took advantage of a vulnerability in the protocol’s smart contracts, allowing the attacker to repeatedly call a function and manipulate the reward distribution mechanism to their benefit.

Indodax exchange ($22M)

On September 11, 2024, Indonesian cryptocurrency exchange Indodax suffered a major security breach, resulting in the loss of approximately $22 million in various cryptocurrencies. The attack targeted hot wallets and allowed the attackers to withdraw significant amounts of Bitcoin, Ethereum, Tron, and other tokens. Following the incident, Indodax temporarily suspended its operations to investigate the breach and implement necessary security measures.

BingX exchange ($43M)

On September 20, 2024, BingX, a major cryptocurrency exchange, suffered a significant security breach. The attackers exploited vulnerabilities in the exchange’s hot wallets, stealing approximately $43 million worth of cryptocurrency.

Onyx Protocol` ($3.8M)

On September 26, 2024, Onyx Protocol, a decentralized finance (DeFi) platform, suffered a significant hack resulting in the loss of approximately $3.8 million. The attack exploited vulnerabilities in the protocol’s smart contracts, allowing the attacker to drain funds from user accounts. While Onyx Protocol is working to address the security breach, the stolen funds remain unclaimed.

OCTOBER

Crypto Whale on a Blast Network ($35M)

On October 11, 2024, a crypto whale fell victim to a phishing attack on the Blast network, resulting in the loss of approximately $35 million worth of Few Wrapped Duo ETH (fwDETH) tokens. The attacker tricked the whale into signing a fraudulent permit signature, allowing them to drain funds from the victim’s wallet. This incident highlights the ongoing security challenges in the crypto space and the importance of staying vigilant against phishing attacks.

The Morpho PAXG/USDC Market ($230K)

On October 13, 2024, the Morpho PAXG/USDC Market was exploited, resulting in a loss of $230,000. The incident was caused by a vulnerability in the Morpho protocol, which allowed attackers to manipulate the market and profit from the price difference between PAXG and USDC. The Morpho team is currently investigating the incident and working on a fix to prevent future attacks.

Tapioca Foundation ($4.7M)

The DeFi protocol Tapioca was targeted on Oct. 18 after its pseudonymous co-founder “Rektora” fell victim to an alleged social engineering attack. Such attacks rely on tricking victims into revealing sensitive information or misleading them into downloading malicious software or clicking on phishing links. In total, the attacker made off with approximately $4.4 million, including $2.8 million in USDC and $1.57 million in ETH, drained from the USDO/USDC liquidity pool. The stolen funds were quickly swapped for ETH, then USDT, and eventually bridged from Arbitrum to the BNB Chain, where they currently remain.

US government-linked crypto wallet ($20M)

On October 24, 2024, a US government-linked crypto wallet was hacked, resulting in the loss of approximately $20 million in cryptocurrency. The stolen funds included various stablecoins and Ethereum. The malicious actor who drained the wallet returned $19.3 million to the government wallet less than 24 hours later. The circumstances surrounding the recovery remain unclear, but I suspect that the coins were stained. The wallet contained seized funds from the 2016 Bitfinex hack, so it is very likely that the coins were marked (stained), therefore any activity with these coins would have triggered AML alerts to various institutions and exchange platforms would detect and freeze them. This is just speculation on my part, as we don’t have any more details.

M2 Exchange ($13.7M)

On October 31, 2024, M2 a cryptocurrency exchange based in the United Arab Emirates, experienced a cybersecurity incident that resulted in the loss of approximately $13.7 million in customer assets. The incident was resolved within 16 minutes. M2 took full responsibility for the incident and reimbursed all affected customers. The exchange has also implemented additional security measures to prevent future incidents.

These are all the major hacks of 2024, I also have another post here on this blog, where I compiled all the major hacks in crypto’s entire history, so go check it out: All Major Crypto Hacks To Date (Updated List)

☝These are my opinions, not financial advice, always DYOR.

👉Token Metrics is the platform I use for uncovering unknown gems and to monitor my crypto watchlist. They have the most detailed statistics and analysis for all major cryptocurrencies and price predictions to help you find the right coins to trade and the right time to buy/sell – give it a try and get 10% discount: https://bit.ly/token_metrics

Learn Crypto eBook — “LEARN CRYPTO” – THE ULTIMATE BEGINNERS GUIDE TO INVESTING IN CRYPTOCURRENCIESsting In Cryptocurrencies

Want to know how to make money by investing in crypto?
Grab a copy of my best-selling eBook “Learn Crypto” to find out all about the cryptocurrency market, the different blockchains and the “Do”s and “Don’t”s of how to build a successful crypto portfolio. It’s now in its second edition.

Find out more: LearnCryptoNow.com

“Crypto Wallets” is a Free eBook to guide you in choosing the right wallet for you. All the popular Hot and Cold Wallets are reviewed in this useful guide, most of which I personally use, or have used in the past. Self-custodial and custodial services too.

Find out more at: https://www.ojjordan.com/crypto

⚠️ DISCLAIMER ⚠️

The information contained in this video is for informational purposes only. Nothing herein shall be construed to be financial or legal advice. The content of this post reflects solely my own opinions. Purchasing cryptocurrencies poses considerable risk of losses.