In Q1 2024, there were already significant losses due to hacks, totaling $507 Mn. The trend of crypto hack losses continued in Q2 with a 37% increase reaching a new high of $688 Mn across 184 incidents. Phishing attacks dominated the Q2 with over $433.6 Mn lost across 67 incidents. $170 Mn was lost due to Private key compromises in 16 major incidents. The Ethereum chain was attacked the most with 83 incidents leading to a loss of $170 Mn.
Hacks by Type
Source – Certik
Phishing attacks dominated Q2’ 24 with a loss of $433.7 Mn in 67 incidents. These attacks are successful because they trick people into giving up their private keys or clicking on malicious links that steal their crypto funds and often target people who are new to the crypto space and don’t know how to spot a scam. Private key compromises were also not that far behind with a loss of $170.1 Mn in just 16 incidents. These incidents occur when a malicious actor gets hold of your keys through various means, including malware attacks, compromised exchanges, or even simple user errors like losing keys. Once a private key is compromised, the attacker gains complete control over the associated crypto funds.
Top Incidents
Source – Cetik
DMM Bitcoin
DMM Bitcoin, a Japanese exchange was hacked on May 31, 2024. The hackers stole 4502.9 BTC valued at around ~ $304 Mn. The team quickly identified the security breach and took steps to prevent further thefts. They even restricted services like creating new accounts and crypto withdrawals. The exchange also assured its users that all Bitcoin deposits will be fully guaranteed with some support from its group companies to refund the lost BTC and an update on the same is still pending.
BtcTurk
BtcTurk, Turkey’s largest crypto exchange, experienced a major cyberattack targeting hot wallets that contained 10 different cryptocurrencies. The exchange quickly halted all deposits and withdrawals to mitigate the impact. The exchange assured the users that their cold wallets were secure and users would not be affected. The attackers moved significant amounts of AVAX to Coinbase and THORchain and sold off for bitcoin which caused the AVAX price to drop by 10%. Binance is assisting them with the investigation and has frozen over $5.3Mn of stolen funds.
Phishing Victim (0x1e22)
Phishing vectors were dominant throughout 2023 resulting in over 48% of the losses with just 6% of the total incidents. The 0x1e22 was the third largest hack of Q2 2024 resulting in a loss of around $68Mn. This was because the attacker had planted a similar-looking address in their wallet and the victim mistakenly transferred a sum of ~ 1155.2 wBTC. But surprisingly the attacker returned all the amount to the victim. There are speculations that his IP address was leaked due to a vulnerability in MetaMask’s RPC.
Lykke
Lykke, a UK crypto exchange, halted trading on June 6 2024 after a hack of ~ $23 Mn. Onchain experts claimed the exchange suffered suspicious outflows, as users were unable to withdraw funds. The stolen crypto consisted of Bitcoin, Ether, Litecoin, and Bitcoin Cash, with hackers employing common laundering tactics. Lykke has claimed that user funds are safe but hasn’t provided any details on the same.
Gala Games
Gala Games suffered a security breach leading to the theft of ~ $21 Mn. The incident was caused by internal control failures that allowed unauthorized access to a company administrative wallet, resulting in the sale of 600 million GALA tokens and the burning of 4.4 billion. Gala Games has partnered with the FBI and DOJ to investigate the breach. This incident comes amidst an ongoing legal battle between co-founders Eric Schiermeyer and Wright Thurston, who accuse each other of misappropriating company assets.
Losses by Chain
Source – Certik
Ethereum was once again the most targeted chain with 83 incidents resulting in a loss of ~ $170 Mn. But it was not the most expensive as Bitcoin suffered a major attack with a loss of over ~ $304 Mn in just 1 incident. BNB chain was the 2nd ranked in terms of no of attacks but it only suffered a loss of ~ $9.4 Mn. Arbitrum was also targeted with 15 incidents which resulted in a loss of ~ $6 Mn. Other chains like Solana, Tron, Polygon, and Base also saw some exploits but they were not as major compared to Ethereum and Bitcoin.
Closing Thoughts
Security considerations continue to stay at the top of the ever-evolving Web3 landscape. Recent hacks highlight the diverse tactics attackers employ, from social engineering to exploiting code vulnerabilities. To combat these threats, a shared responsibility is crucial and projects must prioritize robust smart contract audits along with secure coding practices. Investors should also exercise vigilance by meticulously researching projects, maintaining strong passwords, and employing secure private key storage to safeguard their digital assets.
