In a month of relentless cyber attacks, the crypto industry saw over $120M disappear in hacks, with BingX losing $44M in a single breach.
September proved to be a turbulent month for the crypto industry, with cybercriminals escalating their attacks across various sectors. According to data from blockchain security firm PeckShield, hackers siphoned off more than $120 million in 20 separate exploits last month. Notably, these figures exclude a recent $32.4 million theft involving $spWETH, which was drained via a Permit signature vulnerability.
Major Hacks across Multiple Platforms
The top ten targeted platforms in September included Singapore-based exchange BingX, decentralized protocol Penpie, Indodax, Delta Prime, Truflation, Shezmu, Onyx, BananaGun, Bedrock, and CUT.
Out of these platforms, BingX took the hardest blow, losing $44 million. Cybercriminals attacked the company’s hot wallet on September 20, draining different cryptocurrencies stored in the wallet. At first, it was speculated that the loss amounted to around $52 million.
Penpie was the second-largest victim, suffering a $27 million exploit on September 3. The attackers uncovered a flaw on the platform that provided them access to a function known as “registerPenpiePool” This functionality allowed the bad actors to create a Pendle market where the exploit took place, according to a September 4 report from blockchain security firm Zokyo.
As per PeckShield’s data, the remaining crypto platforms suffered significant losses of $21 million, $5.98 million, $5.6 million, $4.9 million, $3.8 million, $3 million, $1.75 million, and $1.4 million, respectively. However, one of the victims saw some of the stolen funds returned.
#PeckShieldAlert September 2024 saw 20+ hacks in the crypto space, leading to ~$120.23 million in losses. (Note: The $32.4 million worth of $spWETH drained in a Permit signature #phishing is not included)#Top 10 Hacks in September 2024:#BingX: $44 million#Penpie: $27 million… pic.twitter.com/t2YuvIds6u
— PeckShieldAlert (@PeckShieldAlert) October 1, 2024
Growing Concerns Over Cybersecurity in Crypto
While September’s $120 million loss is staggering, the broader picture for 2024 is even grimmer. Blockchain research firm TRM Labs reported that hackers stole an estimated $1.38 billion from the crypto industry in the first six months of the year.
The incidents marked a dramatic increase compared to the same period in 2023 when losses totaled $657 million. TRM Labs attributed the surge in stolen assets partly to “higher average token prices.”
Other factors, such as the growing global adoption of cryptocurrencies, may have also contributed to the rise in cybercrimes. The introduction of spot Bitcoin and Ethereum exchange-traded funds (ETFs) in regions like the United States, Hong Kong, and Australia has drawn more attention to the industry, creating new vulnerabilities
In response to the TRM Labs report, Greg Johnson, CEO of Rubicon Digital Assets, voiced concern over the industry’s preparedness
“While not surprising, the recent TRM Labs report is a stark reminder that the crypto industry needs to do much more to plug the holes that exist within the broader blockchain ecosystem,” he said.
next