We are in 2024 and the crypto industry is still grappling with cyberattacks, hacks and frauds that have seen over $1.3 Billion dollars’ worth of digital assets stolen so far. And we still have another 3 months before the year ends. Considering the damage already done, we are in for a rough ride ahead as ill-intentioned people with sophisticated methods continue to lay siege across the crypto sector.
To put the magnitude of these attacks into perspective, in September alone, over $120 million was stolen in multiple attacks spanning more than 20 incidents. This wave of attacks continues to expose the vulnerability of crypto exchanges, DeFi protocols, and smart contracts, putting intense scrutiny on the safety of user funds across the sector.
Record-Breaking Crypto Hacks in 2024
The loss of $120 million in September alone offers a glimpse of a devastating year for the crypto sector. One of the biggest casualties was, BingX, a Singapore-based exchange, that suffered the worst blow, with hackers stealing $44 million from its hot wallets. Decentralized protocol Penpie, also suffered similar fate after it was exploited for $27 million, while Indonesian exchange Indodax lost $21 million.
These sustained attacks have not only caused huge financial damage but also led to a decline in trust in the security of crypto platforms among users.
When compared to the previous year, the extent of the losses in 2024 is astounding. The first half of 2024 saw an estimated $1.38 billion stolen across several events, according to blockchain security firm TRM Labs. This amount is more than double the $657 million lost in the same period of 2023. The growth in token prices and the wider acceptance of cryptocurrencies worldwide have been blamed for the spike in attacks, as they have created new vulnerabilities.
Over 70% of all losses have come from hackers targeting centralized exchanges, which have proven especially vulnerable. The biggest hack of 2024 occurred in July when WazirX, the biggest cryptocurrency exchange in India, suffered a disastrous breach that cost an astounding $235 million. WazirX initiated an internal investigation and stopped withdrawals after discovering the hack, but it hasn’t yet offered users who were impacted by it a clear remedy.
Another notable attack occurred in July, when cross-chain DeFi platform LIFI lost $10 million due to a vulnerability that allowed hackers to steal stablecoins and Ether. This incident mirrors similar breaches in decentralized protocols that have continued to face smart contract exploits.
Crypto hacks keep evolving
The methods that cybercriminals use have changed in line with the expansion of the cryptocurrency market. These days, hackers use advanced exploits to target certain weaknesses in decentralized apps (dApps) and smart contracts. For instance, Penpie’s $27 million loss was made possible via a smart contract hole that gave attackers access to the “registerPenpiePool” function, which allowed them to manipulate the system and siphon off money.
Phishing attacks and social engineering are also becoming increasingly rampant, targeting individual users and platforms alike. For instance, the spWETH phishing attack in September, which resulted in a $32.4 million theft, is a prime example of how scammers exploit weaknesses in wallet permissions and contract signatures. Such attacks reveal that even as blockchain technology improves, the human element—often the weakest link in the chain—remains a significant vulnerability.
Another method frequently used is flash loan attacks, in which hackers exploit temporary imbalances in liquidity pools to manipulate token prices. These attacks are particularly prevalent in DeFi protocols, where automated systems handle large volumes of assets without human oversight. Flash loans were used in June to drain nearly $19.3 million from the lending platform UwU Lend, which remains one of the most high-profile DeFi exploits of the year.
Crypto Industry Still Grappling with Security Issues
Despite numerous breaches, some platforms have managed to negotiate with hackers to recover a portion of stolen funds. In September, the decentralized lender Shezmu managed to retrieve part of the $5 million it lost by engaging with the attacker on-chain. Similarly, BananaGun, a Telegram bot that facilitates crypto trades, initiated refunds after a $3 million hack in the same month.
However, such recoveries are rare, and the general trend reveals an industry struggling to keep up with the growing threat landscape. According to Immunefi, a leading blockchain security firm, $412 million was lost to crypto hacks in Q3 2024 alone, with centralized finance platforms bearing the brunt of the damage. Out of these, Ethereum-based protocols were the most frequently attacked, with 15 breaches reported during the quarter.
This wave of attacks has prompted renewed calls for stricter security measures, particularly for centralized platforms. Experts in the field argue that regular code audits, advanced encryption, and two-factor authentication (2FA) should be mandatory for all exchanges. Additionally, multi-sig wallets, which require multiple private keys to authorize transactions, are seen as a critical line of defense against unauthorized access.
Want to know how to secure your digital assets >> Check out this Guide on choosing the best crypto wallet
The Road Ahead: Strengthening Defenses
The question of how to effectively safeguard cryptocurrency platforms remains at the forefront of industry discussions. Greg Johnson, CEO of Rubicon Digital Assets, stressed the need for better-preparedness, urging companies to invest in stronger security infrastructure, including regular updates to smart contract code and more rigorous auditing processes.
To boost user and investor confidence, the implementation of insurance policies to cover losses from hacks has also been suggested as a potential solution. Some platforms like Nexus Mutual have already started to offer decentralized insurance policies that cover attacks and protocol failures.
Governments and regulatory agencies are also paying more attention to the security methods used by the cryptocurrency industry as its use spreads throughout the world. Some jurisdictions, like the US and Hong Kong, have begun implementing legislative frameworks that incorporate minimal security requirements for exchanges and DeFi platforms in reaction to the exceptional losses seen in 2024. These steps are meant to improve user safety and make platforms responsible for security breaches.
Conclusion
The rising tide of crypto hacks in 2024 has laid bare the vulnerabilities that persist within the burgeoning cryptocurrency ecosystem. From BingX and WazirX to Penpie and UwU Lend, no platform has been entirely immune from the reach of cybercriminals. With losses exceeding $1.38 billion by mid-year, and with $120 million drained in September alone, the need for enhanced security protocols, regulatory oversight, and proactive user education has never been more apparent.
As the industry matures, it will be crucial for both centralized and decentralized platforms to adopt multi-layered defense strategies to mitigate the risks posed by increasingly sophisticated attacks. Only by doing so can the crypto space hope to regain the trust of its users and maintain its position as a revolutionary financial system.