As a seasoned cybersecurity professional with over two decades of experience in the field, I have witnessed the evolution of hacking techniques from simple script kiddies to highly sophisticated state-backed groups. The recent string of high-profile cryptocurrency hacks in 2024 has been nothing short of alarming.
Having started my career during the dot-com boom, I’ve seen firsthand how technology advances can be exploited by malicious actors. In the case of these crypto heists, it seems that the bad guys are always one step ahead, adapting to new security measures and even deploying quantum computing to steal money.
The fact that these attackers are not just lone wolves but backed by powerful entities with immense resources is particularly concerning. It’s like playing a never-ending game of cat and mouse, where the mouse keeps getting smarter and faster.
As we approach 2025, it’s essential for the crypto industry to introspect and strengthen its security measures. We need to ensure that users trust in the cryptocurrency space is maintained, and their assets are protected. After all, when you lose people’s hard-earned money, it’s not just a matter of data breaches or technical glitches – it’s about shattering trust and undermining the very foundation of this innovative industry.
And on a lighter note, I can’t help but think that if these hackers were as skilled at creating value as they are at stealing it, we might all be rich by now! But alas, crime doesn’t pay – unless you’re a cybercriminal, of course.
2024 stood out as a groundbreaking year for the cryptocurrency sector, with Bitcoin hitting over $100k, a market-wide bull run, and a global increase in crypto usage, which was significantly boosted by Donald Trump’s election win. However, this year also brought its share of turmoil, as high-profile hacking incidents took place across various major crypto exchanges/entities, causing widespread impact.
Based on Chainalysis’ report, a staggering $2.2 billion was stolen by hackers in 2024, an increase of 21.07% compared to the previous year. This increase was due to 303 reported hacking incidents, up from 282 incidents in the year before. In simpler terms, hackers made off with more money in 2024 than in 2023, and there were more individual hacking events in 2024 as well.
2024 marks the fifth straight year that a billion dollars or more in cryptocurrency has been stolen, following instances in 2018, 2021, 2022, and the previous year. Cybercrime activity saw a significant surge early in the year, with approximately $1.58 billion worth of crypto being taken by July, which includes the high-profile WazirX hack. This figure represents an increase of 84.4% compared to the same period in the preceding year (2023).
From 2021 to 2023, it was primarily DeFi platforms within the cryptocurrency realm that fell victim to hacking incidents, due to the rapid advancement and expansion taking place in this field.
As an analyst, I’ve observed that the Decentralized Finance (DeFi) sector held the highest proportion of stolen assets during the first quarter of 2024. However, interestingly, a shift in this pattern appears to have emerged in the second and third quarters of the year.
Hackers targeted centralized services in 2024
In 2024, various global hackers found centralized cryptocurrency exchanges and entities to be easy targets for exploitation. This year alone, prominent platforms like DMM Bitcoin and WazirX suffered significant hacks amounting to $305 million and $234.9 million respectively, sparking widespread concern about the security of these services.
This strategic change highlights a deep comprehension of how vulnerabilities are exploited, as 43.8% of all cryptocurrency thefts in the year were due to private key breaches. Hackers persistently utilize advanced strategies to conceal the path of the stolen assets. Frequently used laundering tactics involve decentralized exchange platforms (DEXs), blending services, and linking services.
In 2024 North Korean Hackers Dominated
The Chainalysis report indicates that North Korean cybercriminals are believed to have stolen approximately $1.34 billion in 47 separate incidents in the year 2024. This represents a significant jump from the $660.5 million stolen in 2023 through 20 attacks. These hackers are infamous for their frequent, large-scale cryptocurrency heists, which reportedly receive support from the North Korean government in terms of infrastructure and hardware resources.
As per the findings of the researchers, these cybercriminals have been enhancing their skills to orchestrate bigger heists, with an increasing frequency of attacks that surpass the $50-$100 million mark and are even targeting attacks valued over $100 million more often.
Furthermore, it has been observed that the Democratic People’s Republic of Korea (DPRK) has seen an increase in frequency over the past three years. Upon examination of their activities, researchers have determined that they are responsible for a significant number of large-scale cyberattacks over this period. Interestingly, not only are these large-scale attacks prevalent, but there is also a rising trend of smaller DPRK-linked hacks, typically valued at around $10,000 each.
Based on reports from United Nations investigators, North Korea’s administration is estimated to have amassed approximately $3 billion through cyberattacks targeting cryptocurrency platforms from 2017 to 2023.
Top 5 Hacks of 2024
The increase in effective cyber attacks has compelled the cryptocurrency sector to address critical concerns about safety measures, with a particular focus on private key management, real-time security monitoring, cross-platform data exchange, advanced tracking tools, and other related issues. In 2024, the digital currency market experienced significant breaches that offer valuable insights into the most notable hacks.
1. DMM Bitcoin $305 Million Hack
Back in May 2024, one of the most significant cyberattacks in the history of cryptocurrencies occurred on DMM Bitcoin, a well-known Japanese digital currency exchange. This attack led to the theft of approximately 4,502.9 Bitcoins, which were worth roughly $305 million at the time of the incident.
It’s believed that this cyber attack was orchestrated by hackers associated with North Korea, potentially part of the Lazarus Group – a notorious organization known for their complex cybercrimes. Following the theft, the acquired Bitcoin was cleaned through a CoinJoin service, a tool designed to hide the source of the funds by blending them with other transactions.
As a researcher delving into the aftermath of this cyber incident, it’s apparent that the perpetrators capitalized on weaknesses associated with key management, an essential aspect for safeguarding user assets. Preliminary findings indicate that the origin of the breach might be traced back to suboptimal security measures, possibly including insufficient encryption or negligent storage of private keys.
In response to the attack, the exchange temporarily halted its services and limited account activities. Unfortunately, these actions weren’t sufficient to prevent the exchange’s collapse, as the consequences of the hack were devastating. DMM Bitcoin fought hard to recover from the incident but eventually decided to cease operations in December 2024.
The company revealed intentions to move its resources and client records to SBI VC Trade, a division under the SBI Group, aiming to finish this process by March 2025.
2. WazirX $235 Million Breach
2024 saw the second largest crypto heist occur, with the incident taking place on WazirX, an Indian cryptocurrency exchange platform on July 18th. In this event, approximately $235 million worth of digital assets (equivalent to around 35,000 Ether and substantial quantities of other tokens) were stolen from a multi-signature wallet.
Hackers took advantage of a weakness found in WazirX’s multi-approval wallet system, where multiple authorizations were necessary for transactions. This wallet utilizes a Gnosis Safe multi-signature setup, requiring four out of six keys to approve any transaction.
In preparation for the cyber-attack, hackers introduced a harmful smart contract seven days prior, enabling them to modify the wallet settings and evade security measures. Following the incident, the platform temporarily halted its services and limited trading actions. WazirX now encounters criticism from creditors as they hold onto the remaining funds.
Back in November 2024, it was reported that a person from West Bengal was apprehended by law enforcement on suspicion of having passed on his WazirX account information to hackers. The inquiry is ongoing, with officials diligently attempting to track down the perpetrators and recover any assets that were stolen.
The cryptocurrency exchange has revealed that it plans to restart crypto withdrawals around mid-April 2025, with the announcement being made on December 2024.
3. PlayDapp $290 Million Exploit
On February 9th and 12th, a pair of significant security breaches occurred on the cryptocurrency gaming and NFT platform, PlayDapp. In these exploits, hackers managed to steal approximately 1.79 billion PLA tokens, valued at roughly $290 million. The intruders took advantage of weaknesses in smart contracts and unlawfully accessed private keys. This enabled the hacker to be recognized as an authorized minter within PlayDapp’s smart contract system.
Following the initial security breach, PlayDapp reached out to the hacker, proposing a “white hat” reward of $1 million for returning the stolen digital assets. However, these negotiations proved fruitless as the hacker refused to collaborate. Consequently, PlayDapp declared the temporary halt of their PLA smart contract on February 13th.
4. Orbit Chain Hack
In early 2024, the Orbit Chain, a South Korean blockchain platform specialized for cross-chain connectivity, experienced a cyber attack that cost between $82 million and $100 million in digital currencies.
Afterward, Orbit Chain disclosed they were collaborating with worldwide law enforcement bodies in their pursuit to track down and retrieve the swiped assets. They also proposed a generous reward, worth up to $8 million, for any helpful information that might lead to the apprehending of the perpetrators or the recovery of the misappropriated funds.
On June 8, 2024, it’s been reported that hackers transferred 12,932 ETH, equivalent to around $47.7 million, via Tornado Cash. The platform is working with South Korean police and international cybersecurity specialists to probe this security incident. There are suggestions that North Korean hacking gangs might be linked to this case due to the similar tactics used in past significant cryptocurrency heists.
5. Radiant Capital Exploit
In October 2024, a significant DeFi project named Radiant Capital suffered a breach, leading to a loss of $58 million. The culprits managed to obtain three of the platform’s private keys, using them to pilfer assets across multiple networks like Arbitrum, Binance Smart Chain, Base, and Ethereum.
As a security analyst, I discovered that the perpetrators utilized advanced malware to infiltrate the devices of three reliable software developers, giving them control over the transactional data presented within the Gnosis Safe wallet interface. This technique mirrors the method used during the wazirX hack.
Further probes attributed the assault to hackers from North Korea, more precisely a team referred to as Citrine Sleet (UNC4736). Afterwards, Radiant Capital has been working alongside cybersecurity professionals and law enforcement departments in an effort to retrieve stolen assets and strengthen their security measures.
Final Thoughts
2024 saw a stunning revelation in the cryptocurrency world, with data on hacks indicating a fifth straight year of financial losses surpassing $1.5 billion. As the crypto sector continues to advance and transform, so too do cybercriminals who are now adapting to stronger security measures and even employing quantum computing to pilfer funds.
As a crypto investor, I find it troubling that these cyberattacks aren’t being carried out by lone actors, but rather by entities with significant power and resources behind them. With 2025 approaching, it’s crucial for the crypto industry to take a hard look at our current security measures and consider implementing robust safeguards to protect user trust in the digital currency realm.
Read More
- 15 Charged for converting Drug Cartels’ Cash into Cryptocurrency in U.S.
- XRP Price Eyes $2 Support Level Amidst Market Correction
- OREO Unveils Six New Products for 2025
- PYTH PREDICTION. PYTH cryptocurrency
- ‘Fast and Furious’ Star Paul Walker Remembered 11 Years After His Death
- Russell T Davies Says He “Kind Of Hopes” The Streaming Bubble Will “Pop”
- Apple Lands Anya Taylor-Joy Led Drama ‘Lucky,’ Based on Bestseller
- Paul Atkins to Replace Gary Gensler as Next SEC Chair?
- Crypto VC funding roundup: Riot snags over $594m, BVNK raises $50m
- Google’s Willow Quantum Chip Sparks Bitcoin Security Debate
2024-12-30 11:51