Crypto Hacks in the First Quarter of 2024
Last April, brothers Anton and James Peraire-Bueno, both in their twenties, made headlines when they stole $25 million worth of crypto assets in just 12 seconds. The two brothers, who graduated from the Massachusetts Institute of Technology, used their advanced computer science and math skills to exploit a vulnerability in the software used by Ethereum validators.
It wasn’t the first time a critical vulnerability in a crypto platform led to a multi-million dollar loss.
Just this month, top crypto exchange Kraken’s bug bounty took a surprising turn when a security researcher used a critical vulnerability in the system to withdraw $3 million from Kraken’s treasury. Kraken's bug bounty program allows white-hat hackers to minimally exploit a vulnerability, return the misappropriated assets, and share detailed findings to qualify for a bounty. However, the researcher and two of his associates refused to return the funds and demanded payment in return for the assets. This prompted Kraken to call law enforcement to help recover the stolen funds.
The culprit behind the extortion? Blockchain security firm Certik.
According to Certik, the whole incident was part of the intensive rounds of testing it was conducting, and Kraken failed all of the tests. The company also defended the researchers in question, explaining they did not have enough time to return the funds, as per the rules of the bug bounty program, before Kraken cried foul and allegedly threatened its employees.
It’s been over a decade since crypto was first introduced to the public and the hacks, scams, and theft that plague the market are still as scroll-stopping as ever. Let’s take a look at the top crypto hacks in the first quarter of 2024 and their causes:
January 2, 2024 - Orbit Chain
- Amount: $80 Million
- Cause: A security breach linked to compromised multisig wallets
January 3, 2024 - Radiant Capital
- Amount: $4.5 Million
- Cause: A flash loan attack shortly after the introduction of a new USDC market on Radiant Capital exploited vulnerabilities in the platform's smart contract codebase
January 8, 2024 - Gamma Strategies
- Amount: $3.4 Million
- Cause: A severe vulnerability within Gamma’s accounting mechanisms allowed an attacker to manipulate price thresholds and withdraw over 1500 ETH
January 8, 2024 - CoinsPaid
- Amount: $7.5 Million
- Cause: CoinsPaid experienced its second major hack within six months, with unauthorized withdrawals in multiple cryptocurrencies
January 16, 2024 - Socket.Tech
- Amount: $3.3 Million
- Cause: An exploit in the SocketGateway component of Socket.Tech allowed the unauthorized transfer of funds totaling $3.3 million
January 22, 2024 - Concentric.fi
- Amount: $1.8 Million
- Cause: A social engineering attack compromised a key deployer wallet, allowing the attacker to manipulate the protocol and withdraw funds
January 30, 2024 - Abracadabra Finance
- Amount: $6.5 Million
- Cause: A hack exploited a rounding error in its smart contracts
February 9 and February 12, 2024 - PlayDapp
- Amount: $290 Million
- Cause: A series of exploits allowed hackers to mint 1.79 billion PLA tokens without permission
February 16-17, 2024 - FixedFloat Crypto Exchange
- Amount: ~$4.85 million on Ethereum and ~$21.1 million on BTC
- Cause: Attackers accessed FixedFloat’s wallets and transferred out a large amount of Ethereum and Bitcoin, then moved the assets through various blockchain networks to prevent efforts to track down the funds
February 19-20, 2024 - LastPass Users
- Amount: $6.2 million worth of crypto assets
- Cause: 22 users were targeted; attackers exploited compromised credentials and possibly other stolen information to access and transfer out various cryptocurrencies, which were then bridged to Bitcoin using the THORChain network to cover their tracks
February 22, 2024 - Jeff Zirlin on Ronin Network
- Amount: 3,088,693.24 RON tokens, worth around $10 million
- Cause: Two personal wallets belonging to Ronin Network co-founder Jeff Zirlin were compromised, likely through a private key breach. The attacker transferred the RON tokens to Ethereum and laundered them through the Tornado Cash mixer
February 23, 2024 - Blueberry Protocol Foundation
- Amount: ~457.68 ETH ($1.34 million)
- Cause: A vulnerability in multiple lending markets under the Blueberry Protocol was exploited; fortunately, most of the funds were intercepted and returned by a validator bot to a secure multisig address
February 28, 2024 - SenecaUSD on Ethereum
- Amount: ~1,900 ETH, worth ~$6.5 million
- Cause: The smart contract’s lack of input validation was exploited to transfer assets from addresses that had approved the vulnerable contracts
February 29, 2024 - Shido Blockchain
- Amount: ~$35 million worth of SHIDO tokens
- Cause: After an unauthorized transfer of ownership of the Shido staking contract on Ethereum, the new owner quickly upgraded the StakingV4Proxy contract and introduced a hidden withdrawToken function to drain about 4.3 billion SHIDO tokens
March 5, 2024 - Wootrade’s WooPPV2 Contract
- Amount: $8.5 million worth of crypto assets
- Cause: A hacker exploited a vulnerability in the contract’s price calculation formula and manipulated the price, then profited from artificially created price discrepancies through successive token swaps
March 6, 2024 - TGBS Token
- Amount: ~$151k
- Cause: A flash loan attack targeted the burning mechanism of TGBS tokens and artificially increased token prices through a series of transactions; the attacker then sold the tokens at peak value
March 6, 2024 - User on Ethereum Chain
- Amount: ~1.1 million $PAAL, worth ~$700K
- Cause: The victim of a phishing attack unwittingly signed a malicious transaction, allowing the attacker to access the user's PAAL tokens and drain their wallet
March 11, 2024 - BlastOff on the Blast L2 chain
- Amount: ~150 ETH
- Cause: Unauthorized access to the future yield minter vault resulted in the theft of around $606K worth of ETH. The platform compensated affected users.
March 14, 2024 - Phishing Attack on Ethereum
- Amount: $2 million worth of ETH
- Cause: A phishing attack
March 17, 2024 - Remilia and Milady
- Amount: Millions of dollars worth of crypto assets and NFTs
- Cause: NFTs from the Remilia and Milady collections and other crypto assets were hacked and liquidated; some suspect internal fraud or a rugpull
March 20, 2024 - ParaSwap
- Amount: ~$24k worth of assets
- Cause: A critical vulnerability in ParaSwap’s Augustus V6 contract affected users who had approved this specific contract; the platform refunded affected users
March 20, 2024 - Dolomite on Arbitrum
- Amount: ~$1.8m in USDC
- Cause: An old Dolomite contract from 2019 was exploited, resulting in the theft of funds
March 20, 2024 - AirDAO
- Amount: ~$880K (35.2m AMB tokens and 125.51 ETH)
- Cause: Attackers used sophisticated phishing and email scams to gain unauthorized access to the liquidity pool tokens and transfer them across various platforms
March 23, 2024 - Curio Defi Project
- Amount: $16 million worth of assets
- Cause: A permission access flaw in its smart contract tied to the MakerDAO framework was exploited to mint an additional 1 billion CGT tokens illegitimately and manipulate the token supply
March 25, 2024 - Zongzi Token
- Amount: ~$232k (391.33 WBNB)
- Cause: The exploit targeted the Zongzi token's pricing mechanism, where the attacker artificially inflated the token's price to profit from referral-based invitation rewards
March 26, 2024 - Munchables NFT Game
- Amount: ~$63 million worth of ether (ETH)
- Cause: A developer at Munchables used admin-level permissions to upgrade a lock contract—meant to secure tokens temporarily—and assigned themselves a balance of 1 million Ether before executing the withdrawal.
Key Takeaways From These Incidents
These incidents collectively reveal critical insights into the current state of security in the Web3 space. After analyzing them, we found several key improvements needed to make crypto trading and investing safer for all:
- Enhanced security measures: Repeated incidents across multiple platforms are a glaring reminder that crypto exchanges and blockchain platforms need to step up their security measures, such as rigorous auditing of smart contracts and stronger multisig wallet security.
- Well-defined immediate-response protocols: Rapid incident response protocols will help minimize damage after a security breach is detected. These include clear guidelines on asset freeze, tracking, recovery, and restoring operations ASAP.
- Preventative measures against social engineering: Many of these hacks involve victims of social engineering and phishing attacks. Additional layers of security could help protect users from these types of attacks.
- Extra caution when implementing new features and upgrades: Newly introduced features, such as flash loan functionalities or new token markets, often come with vulnerabilities that are exploited quickly by attackers. No matter how fast-paced the market is, comprehensive testing before deploying new features or dApps is a must.
- Comprehensive user education: Educating users about the risks associated with phishing, compromised credentials, and the importance of securing private keys is critical to prevent unauthorized access and theft.
- Secure management of private keys: Several attacks were caused by compromised private keys or weak management of key permissions. There is clearly a need for better private key management practices and security protocols.
- Clearer use and management of bug bounty programs: While bug bounty programs are beneficial, the incident with Kraken indicates the potential for misuse. The terms of these programs must be clearly stated and enforceable to prevent abuse.
- Smart contract governance mechanisms: Contract governance and the mechanisms for upgrading contracts need to be improved to prevent unauthorized changes that could lead to major thefts.
- Regular security audits: The incidents reveal that regular and thorough security audits are crucial for identifying and resolving vulnerabilities before they can be exploited by attackers.
- Adoption of advanced security technologies: Implementing advanced security technologies such as behavioral analytics, anomaly detection systems, and artificial intelligence can help in early detection and prevention of unauthorized access or suspicious activities.
- Insurance for Crypto Assets: As the value and usage of crypto assets grow, both individual users and projects can benefit from insurance to cover potential losses from hacks and thefts.
- Cross-platform collaboration: Collaboration among different blockchain platforms can help in sounding the alert about threats and coordinating more effective responses to common security challenges.
- Stricter access controls: The thefts often involved unauthorized access to critical components or accounts, which could have been avoided through stricter access controls and multi-factor authentication processes.
- Integration of hardware security measures: Integrating hardware-based security measures, such as hardware wallets for key storage, can provide an additional layer of security against remote attacks.
- Active reporting through community involvement: Active reporting mechanisms allow the community to contribute to the early detection of anomalies and potential threats.
The alarming frequency and severity of crypto scams in the first few months of 2024 show a critical need for stronger security protocols across the industry. As crypto and blockchain continue to gain traction, the types of attacks targeting digital assets are becoming even more sophisticated. We can do our part by advocating for stronger regulations and security measures and of course, staying vigilant against potential scams and security threats. Only when we unite as a community to share knowledge and support one another can we get one step closer to creating a safer digital future for all.