Last year, blockchain security experts warned that weak infrastructure, especially around private keys and smart contract control, would lead to big problems for crypto projects in 2024. Unfortunately, some companies didn’t take these warnings seriously, and the results have been catastrophic.
Private keys are like secret passwords that unlock crypto wallets. If someone gets hold of them, they can steal all the funds in the wallet. Some companies didn’t protect these keys properly, making it easy for hackers—particularly North Korean cybercriminal groups—to steal a staggering $1.34 billion worth of crypto this year alone.
A blockchain security expert explained that many of these breaches happened because companies made avoidable mistakes. For example, they relied on third-party platforms to manage their private keys, but these platforms lacked strong security features like encryption or distributed storage.
This year, most major crypto hacks were tied to issues like private key leaks and weak access controls. In fact, infrastructure attacks like these accounted for 81% of the $2.3 billion stolen from crypto projects in 2024. Here’s a breakdown of the five biggest hacks this year:
### 1. **DMM Bitcoin Exchange Hack**
The Japanese crypto exchange DMM Bitcoin suffered the largest loss this year, with hackers stealing 4,502.9 Bitcoin—worth $308 million—in May. While details are still murky, experts believe North Korean hackers were involved due to their signature money-laundering techniques. Sadly, DMM Bitcoin couldn’t recover and shut down its operations, transferring assets to another platform.
### 2. **PlayDapp Gaming App Breach**
PlayDapp, a South Korean blockchain gaming platform, narrowly avoided complete disaster after being hacked twice in February. The hacker took control of its smart contract used to mint tokens, creating billions of fake tokens worth $290 million. Fortunately, PlayDapp acted quickly by contacting exchanges to freeze the tokens before the hacker could cash out. They later switched to a new token system to prevent future attacks.
### 3. **WazirX Crypto Exchange Hack**
India’s largest crypto exchange, WazirX, seemed secure with advanced protections like multisig wallets and hardware-stored keys. Yet in July, hackers bypassed these measures and stole $235 million in cryptocurrencies, including Ether and Shiba Inu tokens. The attackers tricked administrators into handing over wallet access and used it to drain funds. Authorities later arrested a suspect connected to the attack.
### 4. **Radiant Capital Double Attack**
The DeFi lending protocol Radiant Capital was hit twice this year. In January, a hacker exploited its smart contract to steal $4.5 million from its platforms on Arbitrum and BNB Chain. Then in October, hackers used malware to gain access to private keys stored on a developer’s computer and siphoned off $58 million. Both attacks have been linked to North Korean cybercriminals.
### 5. **Munchables NFT Project Insider Attack**
Sometimes, threats come from within. In March, an insider at the NFT project Munchables exploited their access to inject a vulnerability into the project’s smart contract. This allowed them to steal $62.5 million worth of Ether. Surprisingly, the attacker later returned $60.5 million to the team.
The rise in attacks involving private key leaks has made 2024 a devastating year for crypto investors. Losses this year jumped 40% compared to last year, reaching $2.3 billion—though still below the $3.8 billion record set in 2022.
Experts are warning that the future could bring even more sophisticated attacks. Advances in quantum computing and artificial intelligence might make it easier for hackers to find vulnerabilities in smart contracts or create highly convincing phishing scams.
To counter these threats, crypto companies will need to upgrade their security systems and adopt better practices for protecting private keys and operational protocols. Staying ahead of evolving attack methods will be crucial for safeguarding investors and preventing even larger losses next year.