Hackers have become increasingly sophisticated and continue to rake in billions of dollars from crypto exploits.
The good news? There isn’t one: 2024 has officially surpassed last year’s total stolen money, with months of hacks piling up in an already record-breaking year.
In the third quarter of 2024, blockchain intelligence firm TRM Labs reported that more than $2.2 billion had been stolen in crypto hacks – more than the $1.8 billion lost in all of 2023.
As the year comes to a close, the total continues to rise. Analysis shows that thefts were not limited to the experimental world of decentralized finance, or DeFi; centralized crypto exchanges were also major targets.
Here are the biggest crypto heists of 2024.
DMM Bitcoin’s $308 million
Japanese crypto exchange DMM Bitcoin lost in May, more than 4,500 BTC (worth $308 million at the time) to hackers.
It’s unclear how hackers managed to steal the exchange, but TRM Labs said stolen private keys were a plausible explanation.
The company is still in the process of closing and transferring customer accounts to another exchange, SBI VC Trade, which is taking over its assets.
PlayDapp’s $290 million
Hackers focused the crypto gaming platform PlayDapp twice in February by exploiting a private key vulnerability. They made off with $290 million worth of PLA tokens during the two incidents.
The attackers also ignored a $1 million white hat reward to return the stolen money. To this day, the money is still missing.
WazirX’s $235 million
Indian crypto exchange WazirX was too focused in June, when hackers made off with nearly $235 million.
WazirX has suspended all withdrawals, leaving users unable to access their funds after the hack. Elliptic said the attack was linked to North Korea.
The exchange’s parent company, Zettai Pte Ltd, was granted a four-month moratorium by Singapore’s High Court in August in a bid to get its finances in order.
In October, things took a strange turn when the co-founder of rival exchange CoinSwitch accused WazirX of transferring $75 million in user funds to top exchanges Bybit and KuCoin in the wake of the attack.
WazirX has said since then that it is in the process of “token rebalancing,” and customers will soon be informed of the next steps to repay creditors.
Ripple co-founder Chris Larsen’s $112.5 million
Hackers targeted Ripple co-founder and executive chairman Chris Larsen’s XRP stock on January 30. The crypto entrepreneur wrote on X that there had been “unauthorized access to a few of my personal focused.
Still, it was a serious attack, and blockchain sleuth ZachXBT said hackers took about 213 million XRP ($112.5 million at the time) before laundering it through exchanges. Attempts to recover the stolen goods have been unsuccessful.
Orbit Chain $80 million
The year started with a significant DeFi breach by hackers deflated more than $80 million from the Orbit Chain cross-chain bridge project on January 1. Criminals made off with Ethereum and the stablecoin DAI in their exploit – and then fell silent.
Months later, millions of dollars worth of stolen crypto coins were stolen moved to coin mixer Tornado Cash. Aside from a January statement apologizing for the exploit, the team behind the project has since provided little information about what happened – or how it would get back the stolen money.
BtcTurk’s $54 million
On June 22 hackers focused the Turkish crypto exchange BtCTurk, which is targeting the country’s nascent market. Most of the funds were in the form of Avalanche (AVAX), the twelfth largest digital asset by market cap.
The exchange reassured users that most of the funds – kept in cold storage – were safe. Meanwhile, a day after the hack, Binance CEO Richard Teng said said his exchange had frozen $5.3 million in stolen funds to support BtcTurk’s efforts.
Radiant Capital has $50 million
In October, Hackers hit DeFi project Radiant Capital in “one of the most advanced hacks ever recorded in DeFi,” taking away $50 million worth of tokens at the time.
The breach occurred after a Radiant developer received a Telegram message from what appeared to be a former contractor, the protocol said. The message contained a PDF, which was then used to deliver malware and then gain control of several private keys, allowing hackers to steal USDT, USDCAnd ARB tokens.
Radiant Capital, which allows users to earn interest and borrow crypto, has since said North Korean hackers were behind the attack.
$20 million from the US government
Hackers even focused the Feds disappeared more than $20 million worth of stablecoins this year and Ethereum in October from a government wallet containing money seized from criminals.
The crypto in question was linked to a previous hack of the Bitfinex exchange from 2016. Hackers sent the coins and tokens to a new address, prompting pseudonymous blockchain sleuth ZachXBT to say it was likely a theft.
Nearly $19.3 million in stolen money was then returned to the wallet the next day, according to data collected by Arkham Intelligence. It’s still not clear what happened to the rest of the stolen crypto, or why hackers returned it in the first place.
Edited by Sebastian Sinclair
Daily debriefing Newsletter
Start every day with today’s top news stories, plus original articles, a podcast, videos and more.
