September 2024: $120M Lost in Crypto Hacks
In September, cryptocurrency hacks resulted in losses surpassing $120 million. This marked the second-lowest monthly loss due to hacks in 2024, with only April seeing fewer losses. Despite the decline, these figures still highlight the ongoing vulnerability within the crypto space.
Centralized exchanges continue to be frequent targets for hackers, contributing to significant losses month after month. In September, two exchanges—BingX and Indodax—were responsible for over half of the $120 million in damages.
Blockchain security firm Peckshield reported that a total of more than 20 hacks occurred in September, contributing to the $120.23 million in losses. These incidents emphasize the risks associated with centralized exchanges, which often have weaker security measures compared to decentralized platforms.
Centralized exchanges continue to be at risk
However, there was a notable improvement compared to August. September saw a substantial 61.7% drop in losses from hacks, compared to the previous month’s massive $314 million in damages. BingX experienced the most significant loss in September, reporting a staggering $44 million stolen in the attack. Indodax also suffered heavily, losing $21 million to hackers during the same period.
Decentralized finance (DeFi) platforms were not immune to attacks either. Penpie, a DeFi protocol, was hit with a major exploit that resulted in $27 million in losses. Other well-known DeFi hacks in September included Delta Prime, which lost $6 million, the inflation data provider Truflation, which faced a $5.6 million hack, and the crypto liquid restaking protocol Bedrock, which lost $2 million to a cyber attack.
There were some instances of partial recovery from these hacks. For example, crypto lending platform Shezmu, which initially lost $5 million in a breach, was able to negotiate with the hacker through onchain communications and recover a portion of the stolen funds. Additionally, the Telegram bot Banana Gun, which suffered a $3 million hack, managed to refund affected traders, providing some relief to those impacted.
WazirX Hit by 2024's Biggest Crypto Hack
The Indian cryptocurrency exchange WazirX remains the largest victim of a crypto hack in 2024. On July 18, the exchange lost a staggering $235 million after its Safe Multisig wallet on the Ethereum blockchain was compromised.
Following the hack, WazirX suspended all crypto and cash withdrawals while it conducted an internal investigation to assess the damage. Three months later, the exchange has yet to provide a concrete plan for compensating affected users, leaving many in the dark about their lost funds.
In an additional complication, rival exchange CoinSwitch has taken legal action against WazirX, seeking to recover 2% of its assets, valued at roughly $6.2 million. While WazirX has been working on fund recovery efforts, it recently disclosed that 43% of customer funds are permanently lost, signaling a grim outlook for many users still waiting for reimbursement. This situation underscores the ongoing risks in the cryptocurrency market, particularly when exchanges fail to adequately protect their assets and users from sophisticated cyber attacks.