HomeCrime28 Attacks Led to $463.6 Million Losses in Q3 2024, Hacken Report...

28 Attacks Led to $463.6 Million Losses in Q3 2024, Hacken Report Uncovers

-

Hacken indicated about half a billion dollars was lost to hacks in 2024’s third quarter. WazirX’s loss beefed up every category the incident fell under.

According to blockchain cybersecurity firm Hacken, cybercriminals made away with $463.6 million last quarter across 28 attacks. Out of that, only three projects were able to recover their stolen funds, amounting to $23.5 million. 

“A similar trend is observed in the amount of assets stolen, which has been steadily declining throughout the year,” the Hacken report read. “However, this is the worst quarter in recent times in terms of recovered or frozen funds.” 

“We had hoped that the trend of refunding a percentage of the siphoned funds, which was common in previous quarters, would continue—but alas!” A large chunk of the funds stolen, which were laundered through Tornado Cash, comes from the WazirX incident, amounting to over $230 million from this quarter’s stolen funds alone. That hack has also pushed Asia to the forefront as the region that witnessed the most funds ransacked last quarter.

How the Hacks Looked Across Categories

Regarding attack types, the Hacken report mentioned that access control attacks siphoned the largest sum, $397 million. Again, the WazirX hack makes the cut here to singlehandedly contribute to over 50% of that amount. However, cybercriminals siphoned away $160 million beyond WazirX, which is highly significant.

Smart contract vulnerabilities allowed cybercriminals to walk away with over $42 million. Also called reentrancy attacks, attackers repeatedly exploit loops in contracts to extract the value they hold. Contracts holding large amounts of value, like liquidity pools, can face the biggest threats to such hacks as bad actors can siphon away the liquidity.

Moving to project types, centralized exchanges lead the pack with $295 million lost. No surprise because of the WazirX fiasco. Yield aggregators and bridges followed, amounting to $35 million and $28 million hacked, respectively. 

Lending and borrowing protocols also ranked up, with DeFi big-name Aave taking a $56,000 hit. The hacker behind the attack launched a single transaction to siphon the funds, meaning the hacker was unidentifiable and would not have been stopped. “Even the largest protocols like Aave may leave its periphery contracts unprotected. This was exactly the case with that was not included in any audits and exploited by a hacker for $56,000.”

Furthermore, Ethereum and BNB observed the most attacks aimed at on-chain protocols.

FOLLOW US

Upcoming Events

Most Popular