Quick Links
During the first quarter of 2024, hacks and scams remain a persistent threat with, a loss of over
~ $507 Mn across 223 onchain incidents which is 54% more when compared with Q1 ‘2023 during which ~ $326 Mn was lost.
Key Takeaways
- Three significant exploits accounted for 454% of the total losses, highlighting vulnerabilities in specific projects.
- Hacking incidents constituted 95.6% of losses, reaffirming the persistent threat posed by cyberattacks.
- Private key compromises were once again the most costly with a loss of ~ 239 Mn in just 26 Incidents.
- Ethereum emerged as the most targeted blockchain with 131 incidents highlighting its susceptibility to breaches, followed by Ripple & Blast.
- Despite losses, ~ $77 Mn (22% of total losses) were successfully recovered, showcasing resilience within the ecosystem.
Exploits in the Spotlight
Chris Larsen (~ 112 Mn)
In January 2024, Chris Larsen, the co-founder and chairman of Ripple, reported that his personal wallets had been compromised, resulting in a loss of 213 million XRP, worth ~ $112.5 Mn at the time. The hacker had links to a wallet account that Ripple may have controlled. The stolen funds were split up into eight different wallet accounts and sent to various exchanges. The blockchain auditing firm Hacken claimed that a wallet address that had previously sent ~ $64.6 Mn in XRP to Larsen also sent $37,500 to one of the intermediate wallets later used to transfer the stolen funds. This suggests that either the person who sent Larsen $65 million also sent $37,500 to the attacker, or the attacker is the person who sent these funds to Larsen.
Munchables Meltdown (~ 62 Mn)
The Munchables hack is a case study of the importance of performing background checks for critical team members. This NFT game on the Ethereum layer 2 Blast blockchain suffered a $62 million exploit. The attacker used their control over the project’s smart contract to assign themselves a balance of 1 million ETH within the smart contract. The Munchables team identified the hacker as one of its developers. And after an hour of negotiations led the former developer to agree to return the hacked funds. The developer shared all private keys involved to assist in recovering the user funds. The Munchables team is now working on redistributing the recovered funds.
BitForex Exit Scam (~ $56.6 Mn)
In February 2024, BitForex, a centralized exchange, shut down without warning, allegedly disappearing with at least ~ $57 Mn in customers’ funds. After blocking all users from accessing the exchange, a suspicious withdrawal of ~ $56.6 Mn was made to three different wallets. The BitForex management has not made any official announcements since the incident.
PlayDapp Hack (~ 32 Mn)
The PlayDapp hack was made possible by an access control vulnerability in the project’s smart contract resulting in a loss of ~ $32.35 Mn. By exploiting this vulnerability, the attacker was able to add themselves as an official minter on the project. The PlayDapp team, facing a community backlash, implemented a security patch and is working on bolstering their overall security posture. The aftermath for PlayDapp included a significant drop in the value of their native token, PLA, showcasing the potential consequences of security breaches.
In Q1 2024, over ~ $77 Mn was recovered from hackers across seven instances which makes up ~15.1% of the total losses in Q1’24. In the Munchables exploit, for example, the entire stolen sum was fortunately recovered. However, other cases saw limited success, highlighting the need for standardized recovery protocols and collaboration within the crypto community.
In-Depth Analysis
Breakdown by Attack Type
Q1 ’24 saw DeFi hacks dominated by social engineering tactics like phishing ($64 Mn stolen) and private key compromise ($239 Mn). Code vulnerabilities ($42 Mn) and DeFi-specific exploits like Oracle manipulation ($37 Mn) were also present. While less frequent, exit scams ($68 Mn) highlight the importance of project research. This breakdown emphasizes the need for robust security practices by both DeFi platforms and users to navigate this evolving space.
DeFi vs. CeFi Analysis
In Q1 2024, DeFi bore the brunt of attacks, with 100% of exploits targeting DeFi protocols. Compared to the same period in 2023, DeFi losses actually decreased by 22.8%. Conversely, CeFi platforms saw zero incidents. While this highlights the ongoing security hurdles in DeFi, it’s important to remember that CeFi isn’t entirely risk-free, and both sectors require continuous security improvements. In Q1 2023, DeFi already held the unfortunate title of being the primary target for exploits but CeFi platforms also saw some losses due to hacks.
Losses by Chain
The battleground for crypto security extends beyond platforms. Different blockchains have varying degrees of vulnerability. In the last three months, Ethereum emerged as the most targeted chain, likely due to its established nature and larger user base. Ripple followed closely behind. While other chains like BNB Chain and Blast also saw some exploits, diversifying your holdings across various blockchains can help mitigate risk concentration on any single platform.
Conclusion
The DeFi landscape continues to evolve, but security concerns remain paramount. The hacks discussed in this blog exemplify the diverse tactics employed by attackers, from social engineering to exploiting code vulnerabilities. It’s a shared responsibility – projects must prioritize robust smart contract audits and secure coding practices. Meanwhile, users can stay vigilant by researching projects thoroughly, employing strong password hygiene, and storing private keys securely.