Slowmist Reveals 2024’s Top 10 Crypto Security Incidents

• Slowmist highlights the top 10 major crypto security incidents of 2024, exposing vulnerabilities across platforms and exchanges.
• North Korean-linked groups played a significant role in some of 2024’s most critical cryptocurrency hacking incidents.

The year 2024 saw some of the most serious security breaches in crypto history. A recent Slowmist report points up weaknesses across projects, blockchain systems, and exchanges. With billions in damages overall, these events highlight the ongoing dangers in the quickly changing crypto space.

Top 10 Security Incidents in Crypto for 2024

1. DMM Bitcoin: Japan’s Third-Largest Crypto Exchange Hack

DMM Bitcoin, a Japanese crypto exchange, announced on May 31, 2024, the illegal 4,502.9 BTC transfer valued at around $330 million. Following Mt. Gox (2014) and Coincheck (2018), this hack of a crypto exchange ranked third in Japan’s history.

Authorities connected the hack to the TraderTraitor campaign, a North Korean-affiliated outfit well-known for social engineering methods. Unencrypted communication networks were compromised via a malicious Python script posted to a GitHub page, therefore allowing the theft.

2. PlayDapp: Phishing Attack Exposes PLA Token Vulnerability

On February 9, 2024, PlayDapp, a blockchain gaming platform, suffered a serious attack compromising the smart contract secret key of its PLA token.

Though exchange freezes help to offset more losses, hackers created over 1.79 billion PLA tokens. Emphasizing the need for email security, the compromise resulted from a phishing email including a modified remote-access tool.

3. WazirX: Interface Exploit Unveils Wallet Service Vulnerabilities

On July 18, 2024, Indian crypto exchange WazirX noticed dubious activity. Investigations found that hackers took advantage of differences in Liminal, a transaction-verifying tool’s interface. This highlighted weaknesses in wallet service providers since it resulted in losses of around $230 million.

4. BtcTurk: Hot Wallet Breach Highlights Cybersecurity Risks

Turkish exchange BtcTurk suffered a cyberattack compromising 10 cryptocurrencies’ holdings in its hot wallet on June 22, 2024. Reported losses in the transaction were $90 million. Crucially important, Binance froze $5.3 million of the pilfered funds, therefore reducing some damage.

5. Munchables: Internal Threats and an Unexpected Fund Recovery

On March 27, 2024, former developers caused the $62.5 million loss the Blast ecosystem project Munchables suffered. Fascinatingly, these people later returned $97 million to show the complexity of internal risks in blockchain companies.

6. Radiant Capital: Multisig Wallet Breach Linked to UNC4736 

Following a fraudulent contract upgrade, Radiant Capital suspended activities on October 17, 2024. Attackers stole $50 million from three multisig wallets. Security company Mandiant connected the hack to another North Korean entity called UNC4736.

7. BingX: Hot Wallet Breach Tied to the Lazarus Group

With losses of $45 million, Singapore-based exchange BingX noted illegal access to a hot wallet on September 20, 2024. Examining the incident connected it to the notorious Lazarus Group, a North Korean hacker outfit, therefore revealing their worldwide influence.

8. Hedgey Finance: Validation Flaws Expose Critical Vulnerabilities 

Insufficient input validation cost Hedgey Finance $44.7 million on April 19, 2024. Attackers made use of system weaknesses, therefore influencing Ethereum and Arbitrum’s operations. This episode emphasizes how important thorough code audits are.

9. Penpie: Flash Loan Exploit Reveals Market Assumption Flaws

Liquidity rewards project Penpie lost $27.35 million on September 4, 2024. Attackers used fraudulent contracts and flash loans to take advantage of Pendle Finance’s market development process by basing their assumptions wrong.

10. FixedFloat: External Vulnerabilities Lead to Multiple Breaches

FixedFloat on a crypto platform suffered several attacks in 2024. The first, on February 16, claimed 409 BTC and 1,728 ETH. Total damages from a follow-up attack on April 2 came to $29 million. The breaches highlight the threats posed by unresolved outside vulnerabilities.

These events expose recurrent themes: social engineering, phishing, insider risks, and poor system validation. Understanding these hazards and supporting improved security policies depend on the Slowmist report, which is a vital tool.

Stakeholders in the crypto space have to give strong defenses top priority in order to guard against ever more complex attacks.