Enjoy Free Global Shipping on Orders Over $199. Shop Now!

CART

×

No products in the cart.

Crypto Hacks 2024: $200m Stolen In Q1 Exploits

Hackers and scammers are having a field day in 2024, with numerous exploits yielding over $200m in stolen assets from exchanges and DeFi protocols in Q1 so far.

Introduction

With the 2024 crypto bull season in full flow, it’s no surprise to see the usual motley crew of hackers and scammers return to the space to pillage the wallets of investors, DeFi protocols and centralized exchanges once again. 

Web3 is moving faster than ever and as shiny new layer-1 and layer-2 networks launch and degen traders dive headfirst into new trends like Crypto AIs, DePIN, Airdrop Season and uhmmm, full-blown memecoin mania (see Slerf this week), bad actors are rubbing their hands in glee as they relieve ill-prepared investors and protocols of hundreds of millions in crypto. 

In the first quarter of 2024 alone, we’ve seen over $200 million worth of digital assets stolen across 32 incidents, according to a report by blockchain security firm Immunefi. That’s a 15% increase compared to the same period in 2023.

With crypto crime surging again, using a top hardware wallet like CoolWallet is no longer a luxury, but a necessity. Our cold storage solutions have been protecting crypto assets like Bitcoin since 2014, and provide complete peace of mind in crypto. Read or scroll down to the end to find out why. 

Still not worried?
OK, then let’s take a closer look at the biggest crypto hacks of Q1 2024, break down the month-by-month incidents, and explore the lessons we can learn from these costly attacks. Remember, if you own crypto, you are a TARGET.

The Biggest Crypto Hacks of Q1 2024

Ethereum Takes the Hardest Hit

No prizes for guessing that Ethereum was the most targeted blockchain yet again, with 12 attacks accounting for over 85% of the total value lost in Q1. The Bitcoin network and Binance’s BNB Chain each suffered one major incident. Below is Immunefi’s list of hacks in February alone.

PlayDapp –  $32.3 million ($290 million lost)

The largest hack of the year so far targeted PlayDapp, a crypto gaming platform, on 9 and 12 February 2024, resulting in a loss of $32.3 million converted while $290 million were stolen. The exact details of the attack method have not been disclosed.

The attacker managed to mint 200 million PLA tokens (worth around $36.5 million) in the first attack on February 9th. The root cause of the exploit was an access control vulnerability in PlayDapp’s smart contract, which allowed the attacker to gain unauthorized minting privileges. By exploiting this vulnerability, the attacker could create new tokens out of thin air, effectively devaluing the existing tokens. 

The total number of PLA tokens minted by the attacker (1.8 billion) significantly exceeded the pre-exploit circulating supply of 577 million, making it challenging for the hacker to sell the tokens at their original market value.

FixedFloat – $26.1 million

Decentralized exchange FixedFloat suffered the second-largest theft according to Immunefi, losing $26.1 million. The hack was carried out by exploiting a vulnerability in the exchange’s smart contract.

The  cryptocurrency exchange, which does not require user registration or Know Your Customer (KYC) verifications,  initially attributed the massive outflow of funds to “minor technical problems” and switched to maintenance mode. 

However, the team later denied insider involvement and claimed that a third party had exploited vulnerabilities and security gaps in its infrastructure, allowing the attacker to access sensitive functionality within the protocol. 

FixedFloat’s handling of the incident has been criticized for its lack of timely and transparent communication with its users, leading to accusations of a potential exit scam.

Orbit Chain ($80 million)

On January 2, 2024, Orbit Chain, a South Korean blockchain project, fell victim to a hack that resulted in a loss of over $80 million. The breach was attributed to compromised multisig signers, allowing the attacker to drain various cryptocurrencies, including stablecoins, wrapped Bitcoin (WBTC), and Ether (ETH). The stolen funds were then transferred through mixers in an attempt to obfuscate the trail. 

This incident is part of a series of security issues plaguing Ozys’ projects, including previous hacks on KlaySwap and Belt Finance. The Orbit Chain hack highlights the persistent risks associated with crypto security, particularly in relation to multisig wallets and private key management, emphasizing the need for improved safeguards and lessons learned from past breaches.

Shido Hack ($35 million)

On March 5, 2024, Shido, a Layer-1 Proof-of-Stake (PoS) blockchain, experienced an exploit that resulted in the theft of approximately $35 million worth of SHIDO tokens. The attacker managed to drain around 4.3 billion SHIDO tokens, which constituted nearly half of the token’s circulating supply. The exploit was made possible by a change in the contract’s ownership to a new address, which then upgraded the staking contract using a hidden withdrawToken() function to steal the funds. 

This incident led to a steep 94% drop in SHIDO token prices within the first 30 minutes of the attack. In response, the Shido team replaced the compromised deployer address, temporarily closed liquidity provisioning on all DEXs, and contacted CEXs to disable deposits and freeze tokens linked to the hack,which helped to limit the damage.

Notable Crypto Hacks So Far in 2024 (Month by Month)

January 2024

ProjectDateValue StolenHacking MethodLessons Learned
Orbit ChainJan 2$80 millionCompromised multisig signersImprove multisig security and private key management
Radiant CapitalJan 3$4.5 millionPrice manipulation exploiting rounding errorCareful consideration when forking existing codebases
Gamma StrategiesJan 8$3.4 millionFlash loan attack manipulating price thresholdsSet conservative price change thresholds
CoinsPaidJan 8$7.5 millionUnauthorized withdrawals, method unknownOngoing investigations, no comment from CoinsPaid

February 2024

ProjectDateValue StolenHacking MethodLessons Learned
PlayDappFeb 9, 12$290 millionUnauthorized minting using compromised private keySecure private keys, monitor for suspicious activity
Abracadabra FinanceFeb 20$6.5 millionRounding error exploitationThorough testing and auditing of smart contracts
Blueberry ProtocolFeb 23$1.34 millionExploitation of upgradable contractsCarefully manage upgradable contracts and access control
FixedFloatFeb 16, 17$25.95 millionMethod under investigationOngoing investigation, website in maintenance mode
Miner (@minerercx)Feb 14$463,400Vulnerability in ERC-X token standardCareful consideration when using experimental token standards
NarwhalFeb 5, 6$1.5 millionCompromised signer key or exit scamOngoing investigation into true nature of incident

DELIVERED EVERY WEEK

Subscribe to our Top Crypto News weekly newsletter

  • This field is for validation purposes and should be left unchanged.

March 2024

ProjectDateValue StolenHacking MethodLessons Learned
Mozaic FinanceMar 15$2.5 millionCompromised private key on Arbitrum chainSwift action and transparency in addressing security incidents
GAMEE TokenMar 22$7 millionLack of access control, compromised deployerImplement robust access controls and secure development practices
ShidoMar 5$35 millionOwnership change and hidden withdraw functionRegularly audit and monitor smart contracts for vulnerabilities

7 Top Tips Stay Safe From Hacks in 2024

  1. Secure your keys: Many hacks stemmed from compromised private keys or multisig setups. Implementing robust key management practices is crucial. CoolWallet enables users to set up their recovery seed phrase completely offline if needed, and it’s strongly recommended to NEVER create or keep a digital copy of it. 
  2. Audit, test, and monitor: Regular audits, thorough testing, and continuous monitoring can help identify and mitigate vulnerabilities before they’re exploited.
  3. Be cautious with upgradable smart contracts and experimental standards: While useful, these features can introduce new attack vectors if not managed carefully.
  4. Swift action and transparency matter: Projects that quickly acknowledged incidents, took corrective measures, and communicated openly with their communities fared better in the aftermath of a hack.
  5. Diversify your holdings: by using different devices and wallets if you’re going to actively trade your crypto and interact with a number of decentralized applications. 
  6. Protect Your Privacy: Where possible, use a VPN to hide your IP address from hackers and scammers.
  7. Stay Safe From Stranger Danger: Do not click on any suspicious links on any site or email or approve any blind signing requests when transacting. 

CoolWallet- Cold Storage’s Smartest Choice Since 2014

CoolWallet 10th anniversary lucky bag

In an industry built on trustless technology, there are still some areas where trust matters above all else, namely which crypto wallet to keep your digital assets on.
CoolWallet is celebrating its 10th year in 2024, and still holds an undefeated safety record in the blockchain security businesses, unlike some of our more esteemed peers. 

Users can choose from two battle-tested models, the CoolWallet S ($99) for HODLers and newbies, as well as our flagship CoolWallet Pro model ($149) for more sophisticated investors who like a cold wallet that’s portable and ultra-secure. 

Elite safety features include an EAL6+ secure element, military-grade encrypted Bluetooth, a tamper proof and waterproof casing, biometric verification and our  anti-phishing Web3 transaction screener, SmartScan. And of course, open-source coding for full transparency. 

As the crypto space continues to evolve, so do the tactics of hackers and exploiters. By learning from these incidents and implementing best practices in security and smart contract development, projects can better protect themselves and their users from falling victim to the next big hack.

Stay safe out there, fellow crypto enthusiasts! And remember, when in doubt, always do your own research and never invest more than you can afford to lose.

Don’t trust your precious crypto on exchanges or unsecured software wallets. Not Your Keys, Not Your Crypto!

Go to previous article

[Announcement] Sunset of BEP2 Assets

Go to next article

Web3 Browser: Safely Explore the Web3 World Anytime, Anywhere

© 2024 - CoolWallet - All Rights Reserved.
Website by Innovext