Crypto Industry Lost $89M In Hacks In the First Week of 2024
Three major hacks caused losses of $89 million. Protocol vulnerabilities and cross-chain bridge hacks: what marked the first week of 2024 in the crypto industry.
New year, new crypto hacks
The first and sophisticated attack occurred on New Year's Eve. The Orbit Bridge cross-chain bridge, part of the Orbit Chain ecosystem, was compromised worth $81.7 million. Taking advantage of the TornadoCash crypto mixer, the attackers conducted several transactions and transferred $30 million in Tether (USDT), $10 million in USD Coin (USDC), $21.7 million in Ether (ETH), $9.8 million in Wrapped Bitcoin (WBTC) and $10 million in DAI to undisclosed wallets.
🚨Urgent🚨
— Orbit Chain (@Orbit_Chain) January 1, 2024
Dear Orbit Bridge Users,
An unidentified access to Orbit Bridge, a decentralized Cross-chain protocol, was confirmed on Dec-31-2023 08:52:47 PM +UTC.
Further information regarding the issue will be updated.
The second hack attack was related to Radiant Capital's cross-chain lending protocol. The protocol was forced to suspend lending and borrowing operations on Arbitrum after a $4.5 million exploit was discovered related to one of the newly created USDC Coin (USDC) markets. The fraudster exploited a vulnerability in the protocol and manipulated an index parameter to make it extremely large. This allowed the attacker to conduct repetitive deposit and withdrawal transactions and make a profit.
🚨ALERT🚨Our AI-powered system has identified multiple #rugpull transactions on #ARB linked to this address: https://t.co/GZKVDypuAh. The address has been involved in creating numerous tokens.
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) January 2, 2024
The address has bridged 500K $USDT to $ETH, then swapping it to $DAI before depositing… pic.twitter.com/4l8JmdXmcd
Another $3.4 million was stolen from Gamma Strategies, a company specializing in Ethereum-based liquidity management. The problem occurred on January 4, but the company managed to contact the attackers and negotiate to return the funds for a bounty.
We're monitoring and reacting to a possible security incident. Please be patient while we take security precautions to assess the issue. If you needwith draw our front end is still up at https://t.co/p5JwV003JJ
— Gamma (@GammaStrategies) January 4, 2024
Web3 industry learns security lessons
Meanwhile, some analytics companies have summarized crypto hacks for the year 2023. CertiK, which also recently suffered a hacking attack, said that the total amount of money lost in various hacks and exploits amounted to $1.8 billion. Such staggering losses were the result of 751 attacks over 2023. Yet, according to the company, this amount is 51% lower than that of 2022.
The third quarter was the most lucrative quarter for attackers, with $689 million lost to multiple attacks. Private key compromise, according to CertiK, remains the most vulnerable area. More than $880 million was lost in 47 such incidents.
The Ethereum network also saw the most losses. CertiK estimated that $686 million was lost in multiple incidents.
Another analyst company, SlowMist, disagrees with CertiK's figures. According to SlowMist, the situation with hacker attacks in 2023 is more dismal, with multiple security incidents resulting in losses totaling nearly $2.5 billion. SlowMist stated that 60.7% of attacks were in the DeFi sector.
Still, 2023 was marked by positive developments in the security of the crypto industry. CertiK noted an increase in the implementation of various programs and preventive measures aimed at improving the security of cryptocurrency platforms. And this is indeed the case. For example, decentralized exchange dYdX said that it managed to identify the hacker responsible for an attack on the platform in November 2023, which resulted in the loss of $9 million from its insurance fund. The exchange is preparing a lawsuit in court.
Despite a total loss of $2 billion dollars, the efforts of cybersecurity experts have recovered about $200 million of the total amount.
