Crypto September 2024 Hacks: Over $120M Lost, BingX Hit Hardest!

It’s been a dark month for the crypto world.

In September 2024, PeckShield Alert documented over 20 attacks targeting cryptocurrencies, resulting in an estimated loss of $120,230,000. This staggering figure does not account for an additional $32.4 million stolen in a phishing attack aimed at accessing spWETH through a Permit signature.

Want to know which projects were hit the hardest? And what tactics the hackers employed to carry out these attacks? Keep reading to find out.

Top 10 Crypto Hacks in September 2024:

BingX- $44 million loss

The biggest victim was BingX, the large cryptocurrency exchange which recorded a loss of $44 million. The hackers leveraged a severe risk relating to its smart contracts. Investigations are still underway but to the best of the team’s knowledge, recovery has yet to be made as the funds were transferred immediately to other wallets.

Penpie -$27 million loss

The DeFi sector faced another setback as Penpie fell victim to a $27 million hack. Attackers exploited a smart contract vulnerability, manipulating Penpie’s mechanism that required calls to external SY contracts to claim rewards. They used flash loans to inject significant liquidity into the market, artificially inflating rewards and profiting from the scheme.

Indodax- $ 21 million loss

Indodax, another Indonesian cryptocurrency exchange, experienced a cyberattack resulting in a loss of approximately $21 million. Cybercriminals breached hot wallets, reportedly taking advantage of weak multi-factor authentication measures to siphon cryptocurrency into unknown wallets.

DeltaPrime – $5.98 million loss  

Lending protocol DeltaPrime was compromised, leading to a loss of $5.98 million. The attackers capitalized on a flash loan vulnerability that allowed them to manipulate liquidity pools and steal funds from the protocol.

Truflation -$5.6 million loss 

Decentralized project Truflation faced an attack in which several treasury wallets across various chains were impacted. This is still unraveled and attempts to recover the stolen amount of $5.6 million are still in progress.

Shezmu-$4.9 million loss, partly compensated  

Shezmu reported a loss of $4.9 million, but a portion of the funds was recovered thanks to the efforts of a white-hat hacker. The attack involved a misconfigured oracle that allowed attackers to manipulate price feeds.

Onyx- $3.8 million loss 

This flash loan attack was possible because of a precision bug in ONYX’s Compound V2 code that let the attackers drain $3.8 million. The funds were withdrawn through self-liquidation rewards using a vulnerability in the NFTLiquidation contract.

BananaGun lost $3 million 

In a hack of the BananaGun,  the hackers were able to gain access to several user wallets associated with Banana Gun; this led to the theft of 563 ETH equalling $1. 4 million and later $3 million.

Bedrock-  $1.75 million loss

Liquidity re-staking service Bedrock admitted $1.75 million loss after a hacker exploited a smart contract bug that allowed them to freely create uniBTC tokens at an incorrect rate and exchange them for better assets.

CUT -$1.4 million loss 

CUT was a victim of a phishing attack that saw it lose $1.4 million. The attacker decided to employ social engineering to acquire the administrative keys that allowed them to siphon funds from the protocol’s treasury.

It’s a Scary World Out There!

As of now, most stolen assets remain unaccounted for. The only recovery reported came from the Shezmu team, which reclaimed some lost funds through ethical hacking, a practice often referred to as white-hat hacking.

September 2024 has seen an unprecedented level of sophistication in cryptocurrency attacks, highlighting the need for enhanced security measures and increased user education on cybersecurity.

Is the future of crypto in jeopardy due to these persistent hacks? It does seem so. Maybe change is around the corner?