Hackers have grown more sophisticated and continue to rake in billions of dollars from crypto exploits.
The good news? There isn’t any—2024 has officially surpassed last year’s totals for stolen funds, with months of hacks piling on to an already record-breaking year.
By Q3 2024, blockchain intelligence firm TRM Labs reported that over $2.2 billion had been stolen in crypto hacks—exceeding the $1.8 billion lost in all of 2023.
Now, as the year comes to a close, the total continues to climb. Analysis reveals that thefts weren’t limited to the experimental world of decentralized finance, or DeFi; centralized crypto exchanges were also prime targets.
Here are the biggest crypto heists of 2024.
DMM Bitcoin’s $308 million
Japanese crypto exchange DMM Bitcoin lost over 4,500 BTC—worth $308 million at the time—to hackers back in May.
It’s unclear how hackers managed to steal from the exchange, but TRM Labs said that stolen private keys were a plausible explanation.
Japanese Crypto Exchange to Shut Down After $300M Hack, Transfer Accounts to SBI
Japanese crypto exchange DMM Bitcoin plans to cease operations by March 2025, transferring customer accounts and custodial assets to SBI VC Trade, the crypto arm of financial giant SBI Holdings, according to a statement Monday. The closure comes months after DMM Bitcoin disclosed a $305 million loss due to a cyberattack that resulted in the theft of 4,502.9 Bitcoin (BTC). The breach prompted the suspension of spot trading and withdrawal services, significantly impairing the platform's operation...
The company is still shutting down and transferring customer accounts to another exchange, SBI VC Trade, which is taking over its assets.
PlayDapp’s $290 million
Hackers targeted the crypto gaming platform PlayDapp twice in February by exploiting a private key vulnerability. They made off with $290 million in PLA tokens across the two incidents.
The attackers also ignored a $1 million white hat reward to return the stolen funds. To this day, the funds are still missing.
WazirX’s $235 million
Indian crypto exchange WazirX was also targeted in June, with hackers running away with close to $235 million.
WazirX suspended all withdrawals, leaving users unable to access their funds after the hack. Elliptic said that the attack was linked to North Korea.
The exchange's parent company, Zettai Pte Ltd, secured a four-month moratorium from the Singapore High Court in August in a bid to get its finances in order.
WazirX Seeks 30-Day Moratorium to Restructure as Rival Sues for Locked Funds
Crypto exchange CoinSwitch has taken legal action against its beleaguered competitor WazirX over funds stuck on the latter’s platform following an alleged cyber attack in July. The lawsuit is being filed the same day that WazirX announced in a blog post that yesterday it filed for a 30-day moratorium with Singapore’s High Court. A hearing date has not yet been scheduled, the exchange wrote. If the moratorium is approved, it’ll give the exchange “breathing space while Zettai progresses with a r...
Things took a weird twist in October when the co-founder of rival exchange CoinSwitch accused WazirX of transferring $75 million worth of user funds to top exchanges Bybit and KuCoin in the wake of the attack.
WazirX has since said that it’s in the process of “rebalancing tokens,” and clients will soon be informed on the next steps to repay creditors.
Ripple co-founder Chris Larsen’s $112.5 million
Hackers targeted Ripple co-founder and Executive Chairman Chris Larsen’s XRP stash on January 30. The crypto entrepreneur wrote on X that there had been “unauthorized access to a few of my personal XRP accounts,” but reassured people that Ripple itself hadn’t been targeted.
Still, it was a hefty attack, and blockchain sleuth ZachXBT said that hackers made away with about 213 million XRP—$112.5 million at the time—before laundering it through exchanges. Efforts to recover the stolen assets have been unsuccessful.
Ripple Founder Hacked for $113 Million, XRP Drops 5%
The price of XRP dropped Wednesday morning Eastern Time following reports of a hack on Ripple, the fintech company whose founders created the sixth-largest cryptocurrency by market cap. Ripple co-founder and Executive Chairman Chris Larsen said on Twitter (aka X) that there "was unauthorized access to a few of my personal XRP accounts," but ultimately clarified that the attack was not against Ripple itself. He added that the exchanges had frozen the addresses and that “law enforcement is already...
Orbit Chain’s $80 million
The year began with a significant DeFi breach, as hackers drained over $80 million from the cross-chain bridge project Orbit Chain on January 1. Criminals took off with Ethereum and the stablecoin DAI in the exploit—and then fell silent.
Over $80 Million Stolen in Orbit Chain Exploit, Assets 'Remain Unmoved'
Cross-chain bridge project Orbit Chain was hit by a "cyberattack" Monday, with over $80 million drained from its bridge. The project stated that following "unidentified access" on Orbit Bridge, an attacker had taken and was holding $84.5 million worth of assets across multiple wallet addresses. The stolen funds total 26,741.6 ETH held across five addresses (worth around $64.5 million at current prices), with just under $20 million worth of the stablecoin DAI held in another three addresses. The...
Months later, millions of dollars of the stolen crypto was moved to coin mixer Tornado Cash. Other than a January statement apologizing for the exploit, the team behind the project has since given little update on what happened—or how it would retrieve the stolen funds.
BtcTurk’s $54 million
On June 22, hackers targeted the Turkish crypto exchange BtCTurk—which caters to the country’s budding market. Most of the funds were in the form of Avalanche (AVAX), the 12th-largest digital asset by market capitalization.
The exchange reassured users that most funds—kept in cold storage—were safe. Meanwhile, a day after the hack, Binance CEO Richard Teng said his exchange had frozen $5.3 million in stolen funds to assist BtcTurk’s efforts.
Radiant Capital’s $50 million
In October, Hackers hit DeFi project Radiant Capital in “one of the most sophisticated hacks ever recorded in DeFi,” making away with $50 million in tokens at the time.
The breach happened after a Radiant developer received a Telegram message from what appeared to be a former contractor, the protocol said. The message contained a PDF, which was then used to deliver malware and subsequently gain control of several private keys, allowing hackers to steal USDT, USDC, and ARB tokens.
Radiant Capital Exploited for $50 Million Across BNB Chain, Arbitrum
Radiant Capital suffered an exploit across chains, several blockchain security firms said Wednesday, as the project confirmed that an “issue” had emerged with its lending markets. Blockchain security firm Ancilia Inc. first reported suspicious activity on a Radiant Capital smart contract on BNB Chain at 1:35pm ET on Wednesday in a Twitter (aka X) post. A list of on-chain transactions appeared to show hackers had drained at least $16 million from Radiant on BNB, according to Ancilia. Assets were...
Radiant Capital, which allows users to earn interest and borrow crypto, has since said that North Korean hackers were behind the attack.
U.S. government’s $20 million
Hackers even targeted the Feds this year with over $20 million worth of stablecoins and Ethereum disappearing in October from a government wallet containing funds seized from criminals.
The crypto in question was tied to a previous 2016 hack of the Bitfinex exchange. Hackers sent the coins and tokens to a new address, prompting pseudonymous blockchain sleuth ZachXBT to say it was likely a theft.
Hacker Returns $19.3 Million to Drained US Government Crypto Wallet
A government-controlled wallet that had been drained of $20 million on Thursday received most of its funds back Friday, adding another layer of mystery to transactions flagged by blockchain analysts as likely being connected to a high-profile theft. The pseudonymous blockchain sleuth ZachXBT had said in a tweet Thursday that the transfers resembled the playbook of a bad actor. Engaging with several decentralized finance protocols, the wallet had also tapped so-called instant exchanges after fund...
Then, the next day, close to $19.3 million worth of the pinched funds were returned to the wallet, data collected by Arkham Intelligence shows. It still isn’t clear what happened to the rest of the stolen crypto—or why hackers returned it in the first place.
Edited by Sebastian Sinclair
