It’s been a dark month for the crypto world.
In September 2024, PeckShield Alert documented over 20 attacks targeting cryptocurrencies, resulting in an estimated loss of $120,230,000. This staggering figure does not account for an additional $32.4 million stolen in a phishing attack aimed at accessing spWETH through a Permit signature.
Want to know which projects were hit the hardest? And what tactics the hackers employed to carry out these attacks? Keep reading to find out.
The biggest victim was BingX, the large cryptocurrency exchange which recorded a loss of $44 million. The hackers leveraged a severe risk relating to its smart contracts. Investigations are still underway but to the best of the team’s knowledge, recovery has yet to be made as the funds were transferred immediately to other wallets.
The DeFi sector faced another setback as Penpie fell victim to a $27 million hack. Attackers exploited a smart contract vulnerability, manipulating Penpie’s mechanism that required calls to external SY contracts to claim rewards. They used flash loans to inject significant liquidity into the market, artificially inflating rewards and profiting from the scheme.
Indodax, another Indonesian cryptocurrency exchange, experienced a cyberattack resulting in a loss of approximately $21 million. Cybercriminals breached hot wallets, reportedly taking advantage of weak multi-factor authentication measures to siphon cryptocurrency into unknown wallets.
Lending protocol DeltaPrime was compromised, leading to a loss of $5.98 million. The attackers capitalized on a flash loan vulnerability that allowed them to manipulate liquidity pools and steal funds from the protocol.
Decentralized project Truflation faced an attack in which several treasury wallets across various chains were impacted. This is still unraveled and attempts to recover the stolen amount of $5.6 million are still in progress.
Shezmu reported a loss of $4.9 million, but a portion of the funds was recovered thanks to the efforts of a white-hat hacker. The attack involved a misconfigured oracle that allowed attackers to manipulate price feeds.
This flash loan attack was possible because of a precision bug in ONYX’s Compound V2 code that let the attackers drain $3.8 million. The funds were withdrawn through self-liquidation rewards using a vulnerability in the NFTLiquidation contract.
In a hack of the BananaGun, the hackers were able to gain access to several user wallets associated with Banana Gun; this led to the theft of 563 ETH equalling $1. 4 million and later $3 million.
Liquidity re-staking service Bedrock admitted $1.75 million loss after a hacker exploited a smart contract bug that allowed them to freely create uniBTC tokens at an incorrect rate and exchange them for better assets.
CUT was a victim of a phishing attack that saw it lose $1.4 million. The attacker decided to employ social engineering to acquire the administrative keys that allowed them to siphon funds from the protocol’s treasury.
As of now, most stolen assets remain unaccounted for. The only recovery reported came from the Shezmu team, which reclaimed some lost funds through ethical hacking, a practice often referred to as white-hat hacking.
September 2024 has seen an unprecedented level of sophistication in cryptocurrency attacks, highlighting the need for enhanced security measures and increased user education on cybersecurity.
Is the future of crypto in jeopardy due to these persistent hacks? It does seem so. Maybe change is around the corner?
While much of crypto Twitter has gone silent on hyped-up meme coins and trendy Layer-2…
Bitcoin is once again making headlines, climbing over 3% in the past 24 hours and…
On May 7, the U.S. Office of the Comptroller of the Currency (OCC) confirmed that…
Ripple’s long legal battle with the U.S. Securities and Exchange Commission (SEC) may have wrapped…
The Pi Network community is currently excited after some interesting activity was spotted on Binance’s…
Arizona has made history by becoming the second U.S. state to officially create a Strategic…
