In September, hackers stole more than $120 million worth of crypto assets in a series of large-scale cyberattacks on platforms. According to data from PeckShield, there were more than 20 major incidents throughout the month. In fact, these attacks targeted both centralized and decentralized platforms.
The most notable cases involved platforms such as BingX, Penpie, and Indodax. Together, these hacks led to losses totaling $90 million.
These attacks add to a growing trend of exploiting security flaws in the cryptocurrency business, contributing to a staggering $409 million in losses in the third quarter alone, as a recent report from Immunefi showed.
#PeckShieldAlert September 2024 saw 20+ hacks in the crypto space, leading to ~$120.23 million in losses. (Note: The $32.4 million worth of $spWETH drained in a Permit signature #phishing is not included)#Top 10 Hacks in September 2024:#BingX: $44 million#Penpie: $27 million… pic.twitter.com/t2YuvIds6u
— PeckShieldAlert (@PeckShieldAlert) October 1, 2024
BingX, Penpie and Indodax were the main victims of hackers
The biggest scam of the month hit BingX, a Singapore-based exchange. After all, it lost approximately $44 million in a single incident. In other words, the losses exceeded a third of the total reported in the study.
This attack reflects pre-existing vulnerabilities in the platform. In fact, BingX’s losses accounted for a significant portion of the total $409 million that cryptocurrency hackers stole in Q3 2024.
Meanwhile, Penpie, a decentralized finance (DeFi) protocol, suffered a security breach that led to a $27 million embezzlement.
DeFi is growing in popularity, with over $87 billion in total value locked across different protocols. However, these platforms have become prime targets for cybercriminals due to their complex smart contract interactions. They are often accompanied by insufficient security protocols.
Indodax, one of Indonesia’s largest cryptocurrency exchanges, also reported losses totaling $21 million, making it the third-largest hack of the month.
This attack followed a broader trend of Asian exchanges being targeted for attacks, as hackers continue to exploit common security flaws in these countries, whose cryptocurrency markets are growing rapidly in the region.
Other cases raised the numbers
Other notable incidents in September included DeltaPrime, which lost $6 million in total, and Truflation, which lost $5.6 million. Smaller platforms such as Shezmu, Onyx, BananaGun, Bedrock and CUT were also attacked, with losses ranging from $1.4 million to $4.9 million.
While some of these platforms were able to recover a portion of the funds, the overall impact remains significant. For example, one notable case among the September hacks was the $32.4 million phishing attack that targeted $spWETH subscriptions.
This attack was eventually excluded from PeckShield’s reported total for technical reasons. However, it is important to mention it.
Cryptocurrency hackers stole $409 million
According to a report from Immunefi, from earlier this week, there was a record of US$409 million in embezzlement, in 31 separate incidents, counting only the third quarter. This represents a 40% drop compared to the same period in 2023. After all, in this case, there had been more than US$685 million in embezzlement by hackers and fraudsters.
Immunefi’s study also shows how centralized finance (CeFi) platforms have been particularly vulnerable to large-scale security breaches. In fact, these types of services were the most frequently cited as responsible for the high volume of misappropriated funds.
In fact, CeFi platforms accounted for 75% of the total losses. Some specific attacks amounted to hundreds of millions of dollars in stolen assets. On the other hand, DeFi platforms recorded a higher number of incidents, but they were generally less severe in terms of total losses.
Mitchell Amador, founder and CEO of Immunefi, stated in the report that there is a growing risk for CeFi platforms. Mainly, with regard to private key management:
“We are seeing a higher number of incidents focusing on DeFi, while CeFi experiences fewer incidents but with often more severe consequences.”
Despite these challenges, efforts are underway to rebuild trust in the crypto industry. But the $120 million in losses from the September hacks, as well as the $409 million stolen in the third quarter of this year, are clear messages to investors.
The growing adoption of digital assets, together with the complexity involved in protecting these systems, ended up creating an environment conducive to exploitation.