Bad actors stole $38.9 million from various Web3 projects in the first month of 2024.
According to a recent report by Quantstamp, a decentralized finance (DeFi) security startup, criminals have used different attack vectors to steal funds, including smart contract hacks, key settlements, and scams.
The most important cryptocurrency hacks for January 2024
One of the first major cryptocurrency hacks of the year came when Radiant Capital suffered a $4.5 million loss due to a void market exploit.
Peckshield, a blockchain security company, determined that the root cause was not unique and arose in a short period of time when new markets in lending protocols were activated.
At the time, Radiant Capital temporarily suspended its USDC fund on Arbitrum to address the issue, ensuring users that their funds were safe. The project resumed operations after a comprehensive investigation.
Gamma Strategies, another affected platform, was the victim of a flash lending attack on January 4, shortly after the Radiant Capital incident.
The attack exploited a software bug, allowing hackers to withdraw $6.1 million from Gamma’s public coffers.
In response, Gamma temporarily suspended deposits and closed the vulnerability to mitigate further damage.
Additionally, Wise Lending, a Web3 lending app, was hit by a flash loan attack on January 12, resulting in a loss of at least $460,000.
This vulnerability involved manipulation of prices used by Wise Lending, and was the second attack on the protocol in six months. Approximately 170 Ether has been drained from the platform.
The socket lost more than $4 million to bad actors at Web3
On January 16, Socket, a multi-chain protocol, suffered a security breach due to a user verification input vulnerability, allowing hackers to steal nearly 2,000 Ethereum, worth over $4 million.
However, Socket was able to recover 1,032 ETH (equivalent to approximately $2.3 million) and refunded all affected users as part of its user recovery strategy.
Goledo Finance experienced a similar security breach to Gamma Strategies on January 28, which involved a loan sharking attack that led to the theft of $1.7 million.
The platform is still negotiating with the perpetrator and Golido has announced a reward to return the funds.
Golido has frozen the hackers’ accounts on centralized exchanges and is assessing the extent of the loss to develop a recovery strategy. He also informed the local authorities of the situation.
To address the losses incurred by its users, the Goledo team initiated an asset recovery compensation process.
The project provided users with a Google form to submit their complaints.
The events highlighted in the Quantstamp report serve as a reminder of the current challenges facing the Web3 ecosystem with regard to security and the need for continued vigilance to protect users’ funds.
It is worth noting that 2023 saw a slight decrease in hacking incidents targeting the cryptocurrency industry, despite the loss of approximately $2 billion to bad actors.
According to a recent report by De.FI, a prominent Web3 security firm known for its REKT database, hackers managed to steal $2 billion in digital assets over the course of the year.
While this number is still alarming, it represents the first decrease in cryptocurrency hacking incidents since 2021.