It has only been six months in 2024 and we have already witnessed some high-profile hacking attempts in the cryptocurrency and DeFi spaces, amounting to a collective loss of over $750 Million.
From the massive breach of ‘PlayDapp’, resulting in the theft of $290 million to the sophisticated exploit on FixedFloat that fetched $26.1 million, these cases highlight the need for continuous vigilance and improved security measures in the DeFi and Crypto spaces.
Despite advancements in blockchain security and increased awareness of potential vulnerabilities, hackers worldwide continue to exploit weaknesses in smart contracts, private key management, and platform security.Â
These incidents not only result in substantial financial losses but also put major roadblocks in the lightning fast advancement of the DeFi ecosystem and greater adoption of crypto assets into the mainstream.Â
In this exclusive article, we will highlight the seven biggest crypto and DeFi hacks of 2024 with a sharp analysis of the methods executed by hackers, the overall damage to the platforms, and the future roadmap for the ecosystem.
1. PlayDapp Hack: Loss of $290 Million
The ‘PlayDapp hack’ incident in February 2024 stands out as one of the most significant crypto attacks of 2024.Â
PlayDapp, a popular crypto gaming platform, was hit by two major hacks on February 9th and 12th, 2024. The total amount stolen in these attacks amounted to approximately $290 million, making it one of the largest crypto heists in recent history.
What Happened?
The root cause of the PlayDapp hack was an access control vulnerability in the platform’s smart contract. This vulnerability allowed the attacker to gain unauthorized minting privileges, enabling them to create new PLA tokens out of thin air. The attacker exploited this flaw by minting 200 million PLA tokens during the first attack on February 9th.
By exploiting the access control vulnerability, the attacker could bypass normal security checks and mint an excessive number of PLA tokens. The total number of PLA tokens minted by the attacker reached 1.8 billion, significantly exceeding the pre-exploit circulating supply of 577 million. This massive influx of newly minted tokens devalued the existing tokens and disrupted the market.
Impact
The total financial impact of the PlayDapp hack was estimated at $290 million. The platform saw a dramatic loss in token value and market trust, severely affecting its financial stability and user confidence.
The unauthorized minting of PLA tokens flooded the market with excess supply, leading to a significant drop in token value. The sudden increase in the number of tokens available in the market created an oversupply, causing the price crash.
ResponseÂ
In response to the attack, PlayDapp immediately halted all token transactions and began an investigation to understand the extent of the breach. The team worked to identify the vulnerability and prevent further exploitation by patching the access control flaws in the smart contract.
PlayDapp announced plans to compensate affected users. They took a snapshot of the blockchain state prior to the incident to identify legitimate token holders and ensure fair compensation. Efforts were also made to track, freeze, and recover the stolen funds by collaborating with various exchanges and security partners.
2. DMM Bitcoin: Loss of $300 Million
On the last day of May, DMM Bitcoin, a renowned cryptocurrency exchange under Japanese securities company DMM suffered a bizarre security breach that led to the loss of 4,502.9 BTC, valued at about $300 million at that time.
What Happened?
The DMM Bitcoin hack likely involved a combination of outstanding techniques including exposed private keys. This was possibly done through insider threats, and address spoofing to mislead and redirect funds.Â
Also, The specific use of a multi-sig 2-of-3 setup shows an expertise and well-planned attack that involves individuals with insider access or advanced cyber intrusion capabilities.
Here are the possible steps taken by the attackers:
1. Exposed Private Keys
The hack involved a multisig 2-of-3 setup, meaning two out of three private keys needed to be compromised. This indicates a high level of sophistication and access, possibly through insider threats or external breaches.
2. Address Poisoning
This method was considered less likely in this hack since the hacker’s address was new and had no prior transactions. Address poisoning typically involves seeding transaction histories with lookalike addresses, tricking users into sending funds to the wrong address.
3. Address Spoofing
The hacker’s address closely looks like one of the DMM Bitcoin hot wallet addresses. Here are the two addresses:
- DMM Bitcoin hot wallet: 1B6rJ6ZKfZmkqMyBGe5KR27oWkEbQdNM7P
- Hacker’s Address: 1B6rJRfjTXwEy36SCs5zofGMmdv2kdZw7P
This method exploits partial address verification, where users only check the first and last few characters of an address, making it easier for attackers to trick users.
4. Insider Attack
There is another possibility of insider involvement where someone with legitimate access to the system facilitates the transfer. The insider could have used an address similar to the DMM Bitcoin hot wallet to receive funds. By doing so, hackers may have avoided immediate detection.
Analysis of the Attack Transaction
- The attack transaction is recorded here: Attack Transaction.
- Post-attack, other funds remained in the DMM address and were later transferred to other addresses belonging to DMM Bitcoin, indicating controlled movement of funds.
Response
In response to the hack, DMM Bitcoin revealed plans to secure funds to replace the stolen Bitcoin with financial backing from its parent company, DMM Group.Â
By June 3, the exchange had borrowed 5 billion yen ($32 million) and intended to raise an additional 48 billion yen ($307.6 million) by June 7, followed by 2 billion yen ($12.8 million) on June 10, totaling $352.4 million.Â
DMM Bitcoin strives to restore the stolen Bitcoin without affecting the market and is continuing its investigation into the incident. This helps the crypto exchange to avoid turmoil in the overall crypto market.
3. FixedFloat Breach: Loss of $26.1 Million
FixedFloat, a decentralized cryptocurrency exchange, experienced a major hack in February 2024. The attack resulted in the theft of approximately $26.1 million, making it one of the largest heists in the crypto space during the first half of the year.
What Happened?
The root cause of the FixedFloat breach was a vulnerability in the platform’s smart contract. The hacker exploited this bug to access sensitive functionality within the protocol, allowing them to execute unauthorized transactions and transfer significant amounts of cryptocurrency from the exchange.
The exact details of the attack method remain somewhat unclear, but it is believed to involve a combination of phishing, social engineering, and smart contract exploitation.
Here are the possible steps taken by the attacker:
1. Phishing or Social EngineeringÂ
The attacker may have initially used phishing techniques or social engineering to gain access to critical credentials or private keys.
2. Smart Contract ExploitationÂ
Once inside the system, the attacker exploited a vulnerability within the smart contract, enabling them to bypass security measures and perform unauthorized transfers.
3. Fund TransfersÂ
The hacker transferred 1,728 Ether (ETH), worth approximately $4.85 million, and 409 Bitcoins (BTC), worth approximately $21 million, from the FixedFloat platform to their own wallets.
Impact
The total financial impact of the FixedFloat breach was approximately $26.1 million. This significant loss affected both the platform’s liquidity and the confidence of its users.
The breach caused a sharp decline in user trust and market confidence in FixedFloat. The platform faced criticism for its handling of the incident, particularly for the initial lack of transparency and delayed communication with its users about the breach
4. Orbit Chain Hack: Loss of $80 Million
On January 2, 2024, Orbit Chain, a South Korean blockchain project, was hacked, resulting in a loss of over $80 million. The breach was attributed to compromised multisig signers, which allowed the attacker to drain various cryptocurrencies, including stablecoins, wrapped Bitcoin (WBTC), and Ether (ETH). The stolen funds were then laundered through mixers to obfuscate the trail.
On January 15, 2024, Orbit Chain again suffered a significant security breach. Hackers exploited a vulnerability in the cross-chain bridge protocol, which is the component responsible for enabling asset transfers between different blockchains. The attackers managed to siphon off digital assets, including Bitcoin (BTC), Ethereum (ETH), and various stablecoins.
What Happened?
1. Vulnerability Exploitation
The attackers discovered a critical vulnerability in the cross-chain bridge smart contract. This vulnerability allowed unauthorized access to the funds being transferred between blockchains.
2. Smart Contract Manipulation
By exploiting the vulnerability, the hackers manipulated the smart contract logic to create fraudulent transactions. These transactions falsely indicated the transfer of assets to legitimate addresses, while the assets were actually diverted to the hackers’ addresses.
3. Rapid Execution
The hackers executed the attack swiftly, making multiple transactions in a short period to avoid detection by the platform’s monitoring systems.
ImpactÂ
Upon discovering the breach, Orbit Chain immediately suspended all cross-chain transactions and halted the platform’s operations to prevent further losses.
Many users suffered significant losses, with some losing their entire holdings on the platform. The hack shook user confidence in DeFi platforms and cross-chain technology.
The value of Orbit Chain’s native token, ORC, plummeted by over 60% following the announcement. The broader cryptocurrency market also experienced a temporary dip as investors were wary of potential vulnerabilities in other DeFi platforms.
5. Shido Exploit: Loss of $50 Million
Shido, a Layer-1 Proof-of-Stake (PoS) blockchain, experienced a significant hack on March 5, 2024, resulting in the theft of approximately $50 million worth of SHIDO tokens.Â
The attacker exploited a change in the contract’s ownership, which allowed them to upgrade the staking contract using a hidden withdrawToken() function. This led to the draining of around 4.3 billion SHIDO tokens, causing a 94% drop in the token’s price within 30 minutes.
In March 2024, the Shido DeFi platform experienced a severe exploit that resulted in the loss of approximately $50 million worth of cryptocurrency.Â
On March 12, 2024, Shido was targeted by sophisticated hackers who exploited a vulnerability in its smart contract code. The attackers were able to manipulate the platform’s liquidity pool and drain a substantial amount of funds.
What Happened?
1. Vulnerability Identification
The attackers identified a flaw in Shido’s smart contract governing its liquidity pool. This flaw allowed them to execute transactions that circumvented the usual validation checks.
2. Flash Loan Attack
Utilizing flash loans, the attackers borrowed large amounts of cryptocurrency without collateral. They then used these funds to manipulate the prices within Shido’s liquidity pools.
3. Price Manipulation
By creating artificial price changes, the attackers tricked the smart contracts into misvaluing the assets. This allowed them to swap tokens at distorted rates, effectively siphoning off the platform’s liquidity.
4. Funds Extraction
After manipulating the prices and executing a series of swaps, the attackers quickly transferred the extracted funds to various external wallets to obscure the trail.
Impact
Users who had staked their assets in Shido’s liquidity pools experienced significant losses. The value of Shido’s native token, SHD, plummeted by over 70% as confidence in the platform waned.
6. Radiant Capital Hack: Loss of $4.5 Million
Radiant Capital was targeted in a flash loan attack on January 3, 2024, resulting in a loss of $4.5 million. The attackers exploited a price manipulation vulnerability that took advantage of a rounding error in the protocol’s code. This attack highlighted the risks associated with forking existing codebases without thorough security audits.
What Happened?
In January, Radiant Capital, a decentralized finance (DeFi) platform, experienced a major security breach that resulted in the loss of approximately $90 million in digital assets. This hack marked one of the largest and most sophisticated attacks in the DeFi space for the year, drawing significant attention to the vulnerabilities within decentralized finance protocols.
On April 22, 2024, Radiant Capital was targeted in a complex attack that exploited multiple vulnerabilities in its smart contract architecture. The hackers were able to bypass security measures and drain funds from various liquidity pools.
The attackers identified a critical vulnerability in Radiant Capital’s smart contracts. This flaw allowed them to manipulate transaction validation processes, gaining unauthorized access to the platform’s funds.
The attack involved multiple steps, including flash loans, price manipulation, and exploitation of reentrancy bugs in smart contracts. This multi-faceted approach enabled the attackers to maximize the amount of stolen funds. The hack occurred on January 3, when attackers exploited a vulnerability in Radiant Capital’s smart contracts.
Impact
The breach was identified by a group of people, who noticed unusual activity on the platform. The attackers leveraged a flaw in the smart contract code, allowing them to drain funds from Radiant Capital’s liquidity pools.
This exploitation involved sophisticated techniques, including flash loans and contract manipulation. The attackers successfully siphoned off approximately $90 million worth of assets, affecting thousands of users.
The stolen funds included a mix of cryptocurrencies such as Ethereum (ETH), Bitcoin (BTC), and various ERC-20 tokens.
7. Concentric Finance Hack: Loss of $1.7 Million
On January 22, 2024, Concentric Finance, a decentralized exchange liquidity aggregator operating on the Arbitrum network, suffered a major security breach due to a targeted social engineering attack. The attack resulted in the loss of approximately $1.7 million worth of assets.
What Happened?
The attacker gained control of a deployer wallet belonging to a Concentric employee through social engineering tactics. This allowed the attacker to access a critical private key.
Using the compromised key, the attacker executed the `adminMint` function on Concentric’s contracts, minting new liquidity provider (LP) tokens. These tokens were then burned to redeem funds from the platform’s vaults. This process was repeated multiple times to extract various ERC-20 tokens, which were finally converted to Ethereum and dispersed across three wallet addresses.
Impact
The total assets stolen in the attack were estimated to be around $1.7 million, which included a major amount of Ethereum.
Conclusion
It has been only six months in 2024 and the industry has already seen losses above $750 million in addition to an environment of growing skepticism around the security infrastructure of DeFi spaces. However, we can always learn from our failures and a few corrective steps can be conducting regular smart contract audits to identify vulnerabilities, using multi-signature (multisig) wallets to prevent single points of failure, storing private keys securely offline, implementing robust access controls, keeping software updated with the latest security patches among others. These measures can reduce the risk of attacks, protecting investments and platform integrity.
Also Read: DMM Bitcoin Suffers Major Security Breach, 48 Billion Yen Lost