Unveiling the Emerging Wave of Cryptocurrency Attacks: Disturbing Events of 2024
In Brief
Numerous sectors—including online gaming sites, decentralized finance networks, and crypto exchanges—have come under the scrutiny of highly sophisticated cybercriminals, collectively incurring losses that exceed $150 million.
As we approach the end of the first quarter of 2024, the cryptocurrency sector faces numerous severe security incidents, triggering investor doubt and posing critical questions about the integrity of blockchain networks. Across different domains—from gaming interfaces to DeFi services and cryptocurrency exchanges—many organizations have been targeted by crafty hackers, which has resulted in staggering losses exceeding $150 million. These alarming events highlight a pressing need for heightened security measures and constant vigilance throughout the cryptocurrency landscape. Let's explore the most significant hacks that have made headlines in the early months of 2024.
The blockchain gaming platform PlayDapp was compromised after a significant theft of PLA tokens amounting to $32 million.
PlayDapp faced a major security breach that saw approximately $32.5 million in tokens vanish due to a vulnerability that came to light on February 9th. The reputable blockchain security firm, PeckShield, was the first to identify this attack, which severely harmed both the network and its native token, PLA.
According to PeckShield's analysis, the assailant generated 200 million PLA tokens through two transactions after infiltrating PlayDapp's secret key. This drastic increase in token circulation resulted in a steep decline in PLA’s market value, plummeting more than 10%. Despite PeckShield promptly informing PlayDapp about the vulnerability, the platform neither recognized the breach nor initiated an investigation. This inaction has raised substantial concerns among users and investors regarding PlayDapp's security measures.
Investors are increasingly anxious as the value of PLA has significantly dropped following the exploit. Within the first day after the attack, the token lost 8.4% of its value. While PlayDapp has publicly acknowledged the issue, swift action is essential to bolster security and prevent further incidents. This event underscores the importance of robust security protocols in the blockchain industry, especially for platforms handling significant user assets.
FixedFloat has suffered a cryptocurrency theft totaling $26 million, with Bitcoin and Ether being the primary targets.
An unidentified entity exploited vulnerabilities in FixedFloat, a regulated and efficient cryptocurrency exchange, resulting in the theft of approximately $26 million worth of Bitcoin. User 0xJosh was the first to share this alarming news, indicating the exchange was facing 'minor technical issues' that necessitated entering maintenance mode due to the breach.
Further investigations by blockchain security and auditing firm Peckshield unveiled that the hackers stole 409 BTC—valued at nearly $21 million—alongside 1,728 ETH worth approximately $4.85 million during the cyberattack. Notably, a substantial portion of the stolen Ether has already been transferred to various blockchain exchanges.
A white-hat attack costs Super Sushi Samurai $4.6 million, causing the SSS token's value to drop by 99%.
A security breach affecting the Layer 2 network Blast, tied to the Telegram messaging platform, led to significant losses for the GameFi project Super Sushi Samurai (SSS). This incident revolved around the exploitation of the smart contract's minting features shortly after the release of the SSS coin. $4.6 million being stolen A developer named Coffee from Yuga Labs identified a flaw in the token contract that allowed users to transfer their entire wallet balance to themselves, effectively doubling their amount. The attacker capitalized on this vulnerability, significantly draining liquidity on decentralized exchanges. Ultimately, the stolen tokens were sold off for 1,310 wrapped Ether (ETH), equating to $4.6 million.
We have been compromised due to a minting-related issue, and our team is currently analyzing our code. Unauthorized tokens were minted and sold back into the liquidity pool.
The breach involved transferring $4.6 million from Duelbits wallets across the Ethereum and BNB chains to an unknown address, as reported by Cyvers CEO Deddy Lavid. Additionally, it seems that access control measures for the wallet have been compromised, suggesting potential loss or theft of access credentials or private keys. The hackers aimed to swap various tokens for Ether to ensure maximum liquidity during their swift transaction cycle.
The fact that Ether was meticulously linked to assets across the BNB chain complicates matters further. This implies that the illicit funds were shuffled between platforms to obscure their origins. However, the hacker's impatience became evident when they exchanged all their BNB for BSC-USD without considering the required gas fees to transfer the assets back to Ether.
🚨ALERT🚨 Our monitoring system has flagged multiple suspicious transactions involving
The development team of Mozaic Finance revealed that on March 15, the Abitrum network was compromised via its yield farming protocol. The team asserts that the thief has placed all illicitly obtained funds on a centralized cryptocurrency exchange, MEXC, expressing optimism regarding the recovery of their money. Blockchain security firm CertiK found that the hacker exploited the 'bridgeViaLifi' contract, which can only be executed by a developer wallet, to siphon off assets. CertiK concluded that the breach appears to stem from a compromised private key.
• This individual was a Mozaic developer who illegitimately acquired the private keys of a security module by breaching the core team's data.
The DeFi protocol Abracadabra Finance seemingly became the target of a serious security incident. Security experts from Peckshield and Blocksec reported that the protocol appears to have suffered losses exceeding $6.4 million. Blocksec noted that the attackers specifically focused on the project's smart contract, exploiting a rounding error that resulted in a 'precision loss.' The current valuation indicates that over $29 million worth of assets remain tied up in the affected contract.
We are investigating an exploit involving specific cauldrons on Ethereum.
On January 16, a breach in the cross-chain infrastructure protocol Socket.Tech impacted several Web3 applications, leading to an estimated loss of $3.3 million from the Bungee Exchange, a frontend for the Socket Protocol connecting Ethereum with 12 EVM-compatible chains. By exploiting a vulnerability in the SocketGateway component of the system, a hacker accessed user funds who had unknowingly granted authorization to this component. Approximately thirty minutes after PeckShield alerted about the theft at 2:26 PM ET, Socket Tech confirmed the incident.
Socket experienced a security incident affecting wallets with unlimited approvals to Socket contracts.
The cryptocurrency payment gateway CoinsPaid has reportedly fallen victim to its second cyber incident in just six months. Web3 security company Cyvers reported unauthorized transactions totaling almost $7.5 million. On X (formerly Twitter), Cyvers' team revealed that the attacker exchanged around 97 million CPD tokens for ETH, valued at roughly $368,000, before transferring the funds to various external accounts (EOAs) and cryptocurrency exchanges like MEXC, WhiteBit, and ChangeNOW. According to CoinGecko's pricing data, CPD was trading at $0.0006 when this information was published, reflecting a 39.5% drop over the last 24 hours.
Orbit Chain suffers an $81 million loss due to a cross-chain bridge exploit.
Cybercriminals exploited a cross-chain bridge on Orbit Chain, a platform designed for interfacing with multiple blockchains, resulting in a staggering $81 million theft. In a post on X, the project confirmed the compromise, stating that the hacker funded a wallet using the sanctioned privacy protocol Tornado Cash before initiating attacks on Orbit Chain's Ether (ETH) vault. The funds derived from this breach have since been distributed across various ETH wallets, with approximately $18 million held in Dai (DAI) stablecoins and 26,741.6 ETH (roughly $64 million) found in these accounts.
Emerging Trends in Cryptocurrency Hacking: Alarming Incidents of 2024 - Metaverse Post
Disclaimer
In line with the Trust Project guidelines Various platforms, including gaming frameworks, decentralized finance applications, and crypto exchanges, have suffered devastating security breaches that have collectively cost over $150 million in damages. This trend emphasizes the pressing need for enhanced security practices across digital financial landscapes.
