Over $120 million was lost in a string of high-profile cryptocurrency hacks in September, with the biggest losses going to BingX, Penpie, and Indodax.
Over $120 million was taken by hackers in a string of well-publicized cryptocurrency hacks on platforms in September 2024.
The latest figures from PeckShield revealed that more than 20 incidents occurred during the month, targeting both centralized and decentralized platforms.
The biggest breaches involved platforms like Indodax, Penpie, and BingX, which resulted in losses totaling more than $90 million.
These hacks add to a growing trend of security breaches in the crypto sector, contributing to a staggering $409 million in losses in the third quarter alone, as highlighted in a recent Immunefi report.
#PeckShieldAlert September 2024 saw 20+ hacks in the crypto space, leading to ~$120.23 million in losses. (Note: The $32.4 million worth of $spWETH drained in a Permit signature #phishing is not included)#Top 10 Hacks in September 2024:#BingX: $44 million#Penpie: $27 million… pic.twitter.com/t2YuvIds6u
— PeckShieldAlert (@PeckShieldAlert) October 1, 2024
Major Crypto Hacks in September: BingX, Penpie, and Indodax
The biggest blow in September was dealt to BingX, a Singapore-based exchange that lost approximately $44 million in a single incident, making it the hardest-hit platform of the month.
This hack comes after earlier platform weaknesses. The losses incurred by BingX in September account for a sizeable chunk of the $409 million that cryptocurrency hackers took in Q3 2024.
A $27 million breach also occurred in Penpie, a decentralized finance protocol.
Due to their intricate smart contract interactions and frequently inadequate security protocols, these platforms have become prime targets for cybercriminals despite DeFi’s growing popularity and over $87 billion in total value locked across various protocols.
Indodax, one of Indonesia’s largest cryptocurrency exchanges, also reported a $21 million loss, making it the third-largest hack of the month.
This attack is part of a larger pattern in which hackers are targeting Asian exchanges as they try to take advantage of security holes in the rapidly expanding cryptocurrency markets in the region.
Other noteworthy events from September included the theft of almost $6 million from DeltaPrime and the $5.6 million loss from Truflation.
Smaller platforms such as Shezmu, Onyx, BananaGun, Bedrock, and CUT also experienced breaches, with losses ranging from $1.4 million to $4.9 million.
While some of these platforms managed to recover a portion of the stolen funds, the overall impact remains severe.
One of the notable aspects of the September hacks was the $32.4 million phishing attack that targeted $spWETH signatures.
Though this attack was excluded from the overall total reported by PeckShield, it is worth mentioning.
Q3 2024: Crypto Hacks Reach $409 Million
According to a report released by Immunefi earlier this week, the third quarter alone saw $409 million stolen in 31 separate incidents.
In comparison to the same period in 2023, when hackers and fraudsters lost over $685 million, this indicates a 40% decrease.
The majority of the stolen money has been found on centralized finance (CeFi) platforms, which have been especially susceptible to significant security lapses, according to the Immunefi report.
Actually, seventy-five percent of the losses could be attributed to CeFi platforms, with certain attacks resulting in the theft of assets valued at hundreds of millions of dollars.
In comparison, there were more incidents on decentralized finance (DeFi) platforms, but overall the losses were not as severe.
In the report, Immunefi’s founder and CEO, Mitchell Amador, stressed the growing risk to CeFi platforms, especially with regard to managing private keys.
Amador said;
“We’re seeing a higher number of incidents targeting DeFi, while CeFi experiences fewer incidents but often with more severe consequences,”.
Despite these challenges, there have been some efforts to rebuild trust in the industry.
The $120 million in losses from September’s hacks and the $409 million stolen in Q3 2024 are stark reminders for investors.
An environment that is ready for abuse has been created by the increasing use of digital assets and the difficulty of maintaining these systems’ security.