The New Wave of Cryptocurrency Hacks, Shocking Cases of 2024
In Brief
From gaming platforms to decentralised finance protocols and cryptocurrency exchanges, multiple entities have fallen victim to sophisticated attacks, resulting in staggering losses exceeding $150 million.
As the first quarter of 2024 draws to a close, the crypto world grapples with a series of alarming security breaches and hacks, shaking investor confidence and raising questions about the robustness of blockchain platforms. From gaming platforms to decentralised finance protocols and cryptocurrency exchanges, multiple entities have fallen victim to sophisticated attacks, resulting in staggering losses exceeding $150 million. These incidents underscore the urgent need for enhanced security measures and heightened vigilance within the cryptocurrency ecosystem. Let’s delve into the hacks that have dominated headlines in the first months of 2024.
PlayDapp experienced a security breach following a $32 million PLA token theft
Blockchain gaming platform PlayDapp lost almost $32.5 million worth of tokens due to a security flaw that was uncovered on February 9. Leading blockchain security company PeckShield first spotted the assault, which has had a major negative impact on the network and PLA, the native token.
PeckShield’s research revealed that the attacker generated 200 million PLA tokens in two different transactions after gaining access to PlayDapp’s secret key. As a result, there were too many tokens in circulation, which caused PLA’s value to drop precipitously by over 10%. Even if PeckShield alerted PlayDapp to the issue right away, PlayDapp failed to recognise the attack or even start to investigate it. Investors and platform users are concerned about this lack of action, and worries have also been expressed over PlayDapp’s security protocols.
Investors are concerned since PLA’s value has decreased dramatically as a result of the exploit. In the first 24 hours, the token price dropped by 8.4%. Even though PlayDapp has now acknowledged the issue in public, the platform still has to move quickly to safeguard its systems and stop any more hacks. Strong security protocols are crucial in the blockchain space, especially for platforms managing substantial volumes of user assets, as this event serves as a reminder.
A $26 million cryptocurrency theft hits FixedFloat, stealing Bitcoin and Ether
An unidentified party breached Fixedfloat, a controlled, efficient cryptocurrency exchange, and took about $26 million worth of bitcoin with them. X user 0xJosh reported the details first, saying that the exchange was experiencing “minor technical problems” and had entered maintenance mode as a result of the attack.
The blockchain security and auditing company Peckshield subsequently discovered that 409 BTC, worth nearly $21 million, and 1,728 ETH, worth $4.85 million, had been stolen during this hack. The company further stated that the majority of the stolen Ether had already been moved to several blockchain exchanges.
White hat attack costs Super Sushi Samurai $4.6M; SSS token drops 99%
A security assault on the Layer 2 network Blast within the Telegram messaging service led to $4.6 million being stolen from the GameFi project Super Sushi Samurai (SSS). The incident involved using the smart contract’s minting feature, which happened shortly after the SSS coin launch.
Coffee, a smart contract developer at Yuga Labs, discovered an issue in the token contract that enabled users to transfer their whole wallet value to themselves in order to double their money. The attacker allegedly doubled their money and drained liquidity on decentralised exchanges by exploiting this weakness. The freshly created tokens were subsequently sold by the attacker for 1,310 wrapped Ether (ETH), or $4.6 million.
Duelbits crypto casino hit by $4.6M breach
The hack entailed transferring $4.6 million from Duelbits wallets on the Ethereum and BNB chains to an unidentified address, according to Cyvers CEO Deddy Lavid. Furthermore, it looks like the wallet access control has been broken. This implies that access credentials or private keys could have been misplaced or taken. The hackers intended to convert various tokens into Ether in order to guarantee the highest level of liquidity for the fastest possible fund cycle.
The fact that Ether was carefully tied to assets on the BNB chain adds to the complexity. This implies that illicit earnings were transferred across platforms in order to conceal their source. However, the hacker’s haste was evident when they exchanged all of the BNB for BSC-USD without taking into account the fact that they lacked the gas costs required to link the assets to Ether.
Mozaic finance hacked for $2.4M via private key compromise
A statement from the protocol’s development team claims that on March 15, the Abitrum network was compromised via the yield farming protocol Mozaic Finance. The group asserts that the hacker has placed all of the stolen money on the controlled cryptocurrency exchange MEXC and is “confident” that it will receive its money back. Blockchain security company CertiK announced that the attacker used the “bridgeViaLifi” contract, which can only be called by a developer wallet, to drain funds. Thus, CertiK came to the conclusion that “a private key compromise appears to be the root cause of this incident.”
Abracadabra Finance drained an estimated $6.4 million in an apparent security attack
Abracadabra Finance’s DeFi protocol was allegedly the target of a serious security breach. According to security specialists from Peckshield and Blocksec, the protocol looks to have lost more than $6.4 million. According to Blocksec, the attackers specifically targeted the project’s smart contract, taking advantage of a rounding error that led to a “precision loss.” The business evaluated that there were still over $29 million in assets under the impacted contract.
A security issue at Socket Tech impacts several D’Apps and wallets.
On January 16, an attack in the cross-chain infrastructure protocol Socket.Tech had an impact on some Web3 applications. An estimated $3.3 million went missing as a result of the assault on the Bungee Exchange, a frontend for the Socket Protocol that connects Ethereum and 12 EVM chains. Through the exploitation of a flaw in the SocketGateway component of the system, a hacker was able to obtain money from users who had granted that component authorisation without the users’ knowledge or agreement. About thirty minutes after PeckShield, a blockchain security business, initially reported the theft at 2:26 PM ET, Socket Tech verified it.
CoinsPaid has experienced its second security breach in six months, this time $7.5M
Crypto payment gateway CoinsPaid has experienced its second security breach in six months. Web3 security firm Cyvers reported detecting unauthorised transactions of nearly $7.5 million. According to Cyver’s team on X (formerly Twitter), the attacker swapped around 97 million CPD tokens for ETH worth approximately $368,000 before moving the funds to externally owned accounts (EOAs) and crypto exchanges MEXC, WhiteBit and ChangeNOW. CoinGecko’s data shows CPD trading at $0.0006 at the time of writing, down 39.5% in 24 hours.
Orbit Chain loses $81M in cross-chain bridge exploit
Hackers took advantage of a cross-chain bridge on Orbit Chain, a platform that connects and transacts with many blockchains, and they lost $81 million as a result. In a post on X, the project verified the hack, stating that before targeting Orbit Chain’s Ether (ETH) vault, a hacker financed a wallet utilising the approved privacy protocol Tornado Cash. The hack’s proceeds were then transferred to many ETH wallets. Approximately $18 million worth of the dai (DAI) stablecoin and 26,741.6 ETH ($64 million) are being held in these wallets.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Victoria is a writer on a variety of technology topics including Web3.0, AI and cryptocurrencies. Her extensive experience allows her to write insightful articles for the wider audience.
More articlesVictoria is a writer on a variety of technology topics including Web3.0, AI and cryptocurrencies. Her extensive experience allows her to write insightful articles for the wider audience.