The 5 Biggest Crypto Hacks of 2024 Targeted Private Keys and Smart Contract Ownership

It wasn't a secret. Blockchain security experts shouted it from rooftops last year: Infrastructure attacks targeting private keys and smart contract ownership would cause major damage to crypto projects in 2024.

Despite warnings from blockchain security experts, some companies failed to secure their private keys, leading to major crypto hacks in 2024. Here are the five biggest:

1. DMM Bitcoin Lost $308 Million in May: Japanese crypto exchange DMM Bitcoin was hit hard, losing 4,502.9 Bitcoin (around $308 million) in May. While the details are still murky, security researchers believe North Korean hackers may have accessed the platform’s private keys. This is based on the similarities in laundering techniques used by the attackers, which are linked to the Lazarus Group, a notorious North Korean cybercrime syndicate. DMM Bitcoin failed to recover from the hack, closing earlier this month and transferring its assets to trading platform SVI VC Trade.

2. PlayDapp Hacked for $290 Million, but Averted災難: South Korean blockchain gaming app PlayDapp managed to avoid catastrophe despite suffering a massive hack in February. A hacker managed to hijack control of PlayDapp’s smart contract for minting tokens, creating 200 million PLA tokens. At the time, the tokens were valued at $26 million. PlayDapp quickly intervened, contacting exchanges to freeze the tokens and preventing the attacker from cashing out. However, the attacker persisted, minting 1.6 billion PLA tokens (around $264 million) a few days later, but they were unable to sell them. PlayDapp has since migrated to a new token contract.

3. Hackers Stole $235 Million from WazirX in Multisig Wallet Breach: At first glance, India’s largest crypto exchange, WazirX, appeared to be a secure platform. It utilized a multisig wallet with four out of six signers, had address whitelisting configured to an offsite interface, and kept signing keys in a hardware wallet. Despite these measures, the platform lost nearly half of its assets in a single incident. In July, hackers breached one of the platform’s multisig wallets, stealing various cryptocurrencies, including Ether and the Shiba Inu memecoin, totaling $235 million. The attackers employed a complex attack vector, tricking WazirX wallet administrators into ceding access control to the bad actors, which they then used to bypass other security measures and syphon funds from the platform’s wallet. In November, police in India arrested a suspect allegedly connected to the hack.

4. Radiant Capital Attacked Twice, Losing $62.5 Million: Cross-chain DeFi lending protocol Radiant Capital was hit by cybercriminals not once but twice in 2024, in January and October. In the first attack, an attacker manipulated the protocol’s smart contract to steal $4.5 million from Radiant Capital versions deployed on Arbitrum and BNB Chain. Later in October, the platform lost $58 million when hackers compromised the protocol developer’s private keys to steal funds. This second attack has been linked to North Korean cybercriminals. The attacker posed as a former team member and sent a malware-laced digital file to the project’s developer. The malware provided the hackers access to Radiant Capital’s computers, where the private keys were stored.

5. Munchables Internal Hacker Stole $62.5 Million, Later Returned Keys: External actors are not the only threats to crypto projects; sometimes, the bad guys are within. That was the case in March for Muncha