Seven Biggest Hacking Attempts of 2024 in Crypto

by

This text describes three separate hacking incidents that took place in the decentralized finance (DeFi) space during the first half of 2024. Each incident involved sophisticated attacks on smart contract vulnerabilities, resulting in significant financial losses for the affected platforms and their users.

In the first half of 2024, there have been several notable hacking incidents in both the cryptocurrency and decentralized finance (DeFi) sectors, leading to a total financial loss exceeding $750 million.

The significant hacks of ‘PlayDapp’, leading to a loss of $290 million, and the sophisticated attack on FixedFloat resulting in a gain of $26.1 million, underscore the importance of staying alert and enhancing security protocols within the Decentralized Finance (DeFi) and Crypto sectors.

Although the security of blockchains has improved significantly, and there’s greater recognition of potential risks, hackers persistently target vulnerabilities in smart contracts, key management systems, and platform security.

These occurrences not only cause significant monetary setbacks but also impose significant obstacles to the rapid growth and wider acceptance of Decentralized Finance (DeFi) and cryptocurrencies in the mainstream market.

Uncovering the Top 7 Crypto and DeFi Hacks of 2024: A Detailed Examination of Hackers’ Techniques, Impact, and Recovery Plans

1. PlayDapp Hack: Loss of $290 Million

The “PlayDapp hack” episode in February 2024 is noteworthy as one of the most prominent crypto breaches that occurred in 2024.

On February 9th and 12th, 2024, PlayDapp, a widely-used cryptocurrency gaming platform, experienced two significant hacks. The combined value of digital assets taken during these incidents is estimated to be around $290 million, placing it amongst the biggest crypto heists in the modern era.

What Happened?

The PlayDapp hack originated from a weakness in the access control of its smart contract. This weak point gave the intruder unauthorized rights to produce new PLA tokens, leading them to manufacture approximately 200 million tokens during their first assault on February 9th.

Through exploiting a weakness in access control, an attacker managed to produce an abnormally large amount of PLA tokens, bypassing standard security measures. The generated tokens amounted to 1.8 billion, far surpassing the initial supply of 577 million in circulation. This sudden surge of newly created tokens led to a decline in value for existing tokens and caused turmoil within the market.

Impact

The estimated financial repercussion of the PlayDapp hack reached approximately $290 million. This incident caused a significant decrease in token worth and market credibility, leading to substantial damage to the platform’s financial foundation and user faith.

An overflow of unwarranted PLA tokens into the market resulted in an excessive supply, subsequently causing a substantial decrease in token value due to oversaturation.

Response 

Upon detecting an attack, PlayDapp swiftly suspended all token transactions for a thorough examination of the situation. The team then set out to pinpoint the source of the breach and took measures to safeguard against any future exploitation by mending the access control loopholes in the smart contract.

PlayDapp unveiled plans to make things right for impacted users. Before the occurrence, they captured a picture of the blockchain status to distinguish genuine token owners and guarantee equitable reimbursement. Additionally, efforts were put in place to trace, immobilize, and retrieve stolen funds through partnerships with several exchanges and security allies.

2. DMM Bitcoin: Loss of $300 Million

On May 31st, the well-known cryptocurrency exchange DMM Bitcoin, which is operated by the Japanese securities firm DMM, experienced an unusual security incident resulting in the theft of 4,502.9 Bitcoins, equivalent to approximately $300 million at that point in time.

What Happened?

As a crypto investor, I believe the DMM Bitcoin heist might have utilized a complex mix of skills. It’s likely that stolen private keys played a significant role in this attack. This could have been achieved through insider threats or other means, such as sophisticated phishing scams. Furthermore, address spoofing was possibly employed to deceive and redirect funds to the attacker’s wallet.

Additionally, the application of a multi-signature 2-of-3 scheme reveals a high level of sophistication in the planning and execution of an attack, suggesting involvement from individuals with inside knowledge or elite hacking skills.

Here are the possible steps taken by the attackers:

1. Exposed Private Keys

The security breach required obtaining two out of the three private keys in a multisignature setup. This implies a significant level of complexity and potential access, which could have originated from insider threats or external hacking attempts.

2. Address Poisoning

In this hack scenario, the novelty of the hacker’s new address, devoid of past transactions, made it seem less plausible that address poisoning had occurred. Address poisoning is a tactic where malicious actors subtly manipulate transaction histories by introducing false addresses that resemble legitimate ones, ultimately misdirecting funds from unsuspecting users.

3. Address Spoofing

The hacker’s address is remarkably similar to one of the known Bitcoin wallet addresses belonging to DMM. These are the respective addresses:

  • DMM Bitcoin hot wallet: 1B6rJ6ZKfZmkqMyBGe5KR27oWkEbQdNM7P
  • Hacker’s Address: 1B6rJRfjTXwEy36SCs5zofGMmdv2kdZw7P

As a researcher studying security vulnerabilities, I’ve come across a concerning issue related to address verification. Rather than fully checking each address character by character, some users opt for a simpler method: they only verify the initial and final characters. This approach, known as partial address verification, can unfortunately make it easier for attackers to deceive users with altered addresses, increasing the risk of security breaches.

4. Insider Attack

An alternate scenario exists in which an insider with authorized access to the system orchestrated the transaction. This individual might have employed a wallet address resembling that of the DMM Bitcoin hot wallet to receive the funds. Consequently, any intrusion into the system could have gone unnoticed for some time due to this camouflage.

Analysis of the Attack Transaction

  • The attack transaction is recorded here: Attack Transaction.
  • Post-attack, other funds remained in the DMM address and were later transferred to other addresses belonging to DMM Bitcoin, indicating controlled movement of funds.

Response

In reaction to the hack, DMM Bitcoin announced that they will work towards restoring the lost Bitcoin using financial support from their parent company, DMM Group.

By June 3, the exchange had borrowed 5 billion yen (approximately $32 million), and planned to secure an additional 48 billion yen ($307.6 million) by June 7, with another 2 billion yen ($12.8 million) to be obtained on June 10, resulting in a total borrowing of around $352.4 million.

As a crypto investor, I understand that DMM Bitcoin is taking proactive measures to recover the stolen Bitcoins and conduct a thorough investigation into the matter. By doing so, they aim to minimize any potential disruption to the broader crypto market.

3. FixedFloat Breach: Loss of $26.1 Million

In February 2024, FixedFloat, a decentralized cryptocurrency exchange, suffered a significant cyberattack leading to the loss of around $26.1 million. This incident ranks as one of the most substantial hacks in the crypto industry during the initial months of the year.

What Happened?

The source of the FixedFloat security incident was a flaw in the underlying smart contract of their platform. This imperfection was seized upon by a hacker, enabling them to invoke restricted functions within the protocol and carry out unauthorized transactions, resulting in the transfer of substantial cryptocurrency holdings from the exchange.

The specifics of the assault strategy are still under investigation, yet it’s generally thought that the attacker employed a multi-faceted approach including phishing scams, social engineering tactics, and smart contract manipulation. Here is a probable sequence of events:

What Happened?

1. Phishing or Social Engineering 

An intruder could have employed deceitful methods such as phishing scams or social engineering at the outset to obtain essential login details or encryption keys unlawfully.

2. Smart Contract Exploitation 

Inside the system, an intruder discovered a weakness in the smart contract and utilized it to their advantage. This allowed them to circumvent security protocols and execute unwarranted transactions.

3. Fund Transfers 

A hacker successfully moved around $25.9 million in total between the FixedFloat platform and their personal wallets. This amount included 1,728 Ether (ETH) valued at roughly $4.85 million and 409 Bitcoins (BTC) worth approximately $21 million.

Impact

Approximately $26.1 million was the overall monetary consequence of the FixedFloat data breach. This substantial loss had repercussions on the platform’s liquidity and eroded the trust of its user base.

The data leak significantly diminished users’ faith and investors’ assurance in FixedFloat. The company was subjected to harsh criticism over its management of the security incident, specifically for its initial lack of openness and late updates to its user base regarding the breach.

4. Orbit Chain Hack: Loss of $80 Million

On January 2, 2024, I unfortunately became a victim of a hack on Orbit Chain, a South Korean blockchain project that I had invested in. The attack resulted in a significant loss, with over $80 million worth of cryptocurrencies stolen. The breach was traced back to compromised multisig signers, which the attacker exploited to drain various digital assets, including stablecoins, wrapped Bitcoin (WBTC), and Ether (ETH). The funds were then laundered through mixers to make it harder for authorities to trace the stolen proceeds.

As a security analyst, I’d rephrase it as follows: On January 15, 2024, I identified that Orbit Chain experienced another major security incident. The intruders capitalized on a weakness in the cross-chain bridge protocol – the mechanism facilitating asset transfers between distinct blockchains. Consequently, they successfully extracted digital assets such as Bitcoin (BTC), Ethereum (ETH), and multiple stablecoins.

What Happened?

1. Vulnerability Exploitation

The adversaries identified a severe weakness in the cross-chain bridge’s smart contract. Utilizing this flaw, they gained illicit entry to the assets being moved between blockchains.

2. Smart Contract Manipulation

Through leveraging the weakness, the cybercriminals deceitfully influenced the smart contract’s rules to generate phony transactions. These transactions appeared to move assets to genuine recipients, but in reality, the assets were covertly rerouted to the hackers’ own accounts.

3. Rapid Execution

Hackers quickly carried out their assault, making numerous transactions within a brief time frame to evade detection by the platform’s surveillance systems.

Impact 

When a security issue was identified, Orbit Chain quickly took action by halting all cross-chain transactions and temporarily shutting down the platform to minimize potential damages.

As a security analyst, I’ve observed that numerous users experienced substantial financial setbacks, some even losing all of their investments on the platform following the recent cyberattack. This unfortunate incident has significantly shaken the trust of many in Decentralized Finance (DeFi) platforms and cross-chain technology.

Following Orbit Chain’s announcement, the value of its native token, ORC, dropped by more than 60%. This decline was also seen in the larger cryptocurrency market, as investors grew cautious over possible weaknesses in other Decentralized Finance (DeFi) projects.

5. Shido Exploit : Loss of $50 Million

On March 5, 2024, Shido, a Layer-1 Proof-of-Stake (PoS) blockchain, suffered a major security breach leading to the theft of around $50 million in SHIDO tokens.

An intruder took advantage of a shift in the ownership of the contract, granting them the ability to secretly utilize a withdrawToken function for updating the staking contract. This covert action resulted in the loss of approximately 4.3 billion SHIDO tokens, triggering a significant price drop of around 94% within thirty minutes.

In March 2024, the Shido Decentralized Finance (DeFi) platform suffered a major breach, leading to the theft of around $50 million in cryptocurrencies.

On March 12, 2024, Shido fell victim to cunning cybercriminals who discovered and exploited a weakness in its smart contract coding. These hackers successfully manipulated the platform’s liquidity pool, resulting in a significant loss of funds.

What Happened?

1. Vulnerability Identification

As a contract analyst, I’ve discovered that the attackers found a vulnerability hidden within Shido’s smart contract managing its liquidity pool. By exploiting this weakness, they were able to carry out transactions without triggering the standard verification processes.

2. Flash Loan Attack

Using flash loans, the attackers obtained substantial cryptocurrencies without providing any collateral as security. Subsequently, they employed these acquired funds for manipulating the prices within Shido’s liquidity pools.

3. Price Manipulation

Through manipulating artificial price fluctuations, the hackers deceived smart contracts into overvaluing or undervaluing the assets. Consequently, they were able to exchange tokens at skewed rates, essentially draining the platform of its liquidity.

4. Funds Extraction

Following their price adjustments and exchange of assets, the perpetrators swiftly moved the stolen funds into multiple external digital wallets to conceal the origin of the transaction.

Impact

Individuals who had invested their funds in Shido’s liquidity pools suffered substantial losses. The price of Shido’s own token, SHD, dropped more than 70%, leading to a decrease in trust towards the platform.

6. Radiant Capital Hack: Loss of $4.5 Million

On January 3, 2024, Radiant Capital suffered a flash loan assault, leading to a financial loss of approximately $4.5 million. The culprits capitalized on a price manipulation weakness in the protocol, which was triggered by a coding oversight referred to as a rounding error. This incident underscores the importance of conducting comprehensive security audits before forking existing codebases to minimize risks.

What Happened?

As a researcher studying the decentralized finance (DeFi) industry, I came across a major incident that occurred at Radiant Capital in January. This Decentralized Finance (DeFi) platform experienced a substantial security breach, leading to the unfortunate loss of approximately $90 million worth of digital assets. This hack was noteworthy due to its size and sophistication within the DeFi space for the year, bringing increased scrutiny to the potential vulnerabilities lurking within decentralized finance protocols.

On the day of April 22, 2024, Radiant Capital fell victim to a sophisticated cyberattack. This attack successfully exploited several weaknesses in their smart contract design. The intruders skillfully bypassed security safeguards and emptied funds from various liquidity pools.

The intruders discovered a major weakness in Radiant Capital’s smart contract system. Exploiting this vulnerability, they were able to interfere with the verification of transactions, ultimately securing illicit entry to the platform’s financial resources.

As a crypto investor, I’d describe it this way: On January 3, I came across an unexpected turn of events when savvy attackers discovered and exploited a vulnerability hidden within Radiant Capital’s smart contracts. The assault was not a simple one but rather intricate, with several stages. Firstly, they obtained flash loans to increase their buying power. Next, they manipulated prices to their advantage. Lastly, they took full advantage of reentrancy bugs in the smart contracts, allowing them to withdraw stolen funds with ease. This sophisticated method allowed the attackers to amass a considerable amount of stolen assets.

Impact

As a diligent researcher, I uncovered an intriguing discovery: a team of observant individuals detected irregular behavior on the platform. The malicious actors exploited a vulnerability within Radiant Capital’s smart contract code, enabling them to siphon funds from the liquidity pools.

Sophisticated methods such as flash loans and contract manipulation were used by the attackers in this heist, resulting in the theft of around $90 million in assets from an estimated thousands of affected users.

As a researcher examining the case of the stolen funds, I discovered that the ill-gotten gains consisted of a diverse collection of digital assets. Among them were well-known cryptocurrencies like Ethereum (ETH) and Bitcoin (BTC). Additionally, there were various ERC-20 tokens, which are built on the Ethereum blockchain platform.

7. Concentric Finance Hack: Loss of $1.7 Million

On January 22, 2024, Concentric Finance, a decentralized exchange aggregator running on the Arbitrum network, experienced a significant security incident caused by a carefully planned social engineering attack. As a result, around $1.7 million in assets were misappropriated.

What Happened?

An intruder successfully manipulated a Concentric employee into revealing the access to a deployer wallet using cunning social engineering methods. Subsequently, they obtained the crucial private key associated with this wallet.

With the corrupted key, an intruder initiated the `adminMint` operation on Concentric’s contracts, generating new LP tokens. Subsequently, these newly created tokens were destroyed to recover funds from the platform’s reserves. This method was employed repeatedly to obtain diverse ERC-20 tokens which were eventually transformed into Ethereum and transferred to three separate wallets.

Impact

Approximately $1.7 million worth of assets were taken in the attack, with a substantial portion being Ethereum.

Conclusion

In the first half of 2024, the DeFi industry has incurred losses exceeding $750 million amidst increasing concerns about the sector’s security framework. Nevertheless, setbacks provide valuable lessons. To minimize future risks, consider implementing several best practices:

Read More

2024-06-28 12:06