WazirX and BingX hacks lead Q3, accounting for 69.5% of losses
Advertisement
- WazirX and BingX accounted for the majority of Q3 losses.
- Attacks on centralised exchanges increased compared to 2023.
- Poor private key management remains a major security weakness for centralised exchanges.
Follow Invezz on Telegram, Twitter, and Google News for instant updates >
Just two hacks accounted for over 69% of the funds lost to cyber criminals in the third quarter of 2024, with WazirX and BingX taking the lead.
Advertisement
Are you looking for signals & alerts from pro-traders? Sign-up to Invezz Signals™ for FREE. Takes 2 mins.
Blockchain security firm Immunefi released its Q3 2024 crypto losses report on September 26, registering a 40% year-over-year drop in losses from hacks and scams.
Advertisement
Last year, hackers and fraudsters managed to get their hands on over $685 million worth of crypto assets.
While this sounds like a positive development on the surface, the severity of individual hacks on centralised exchanges remained a concern.
The security firm reported a total of 34 successful and semi-successful incidents that comprised both hacks and frauds.
Hacks remained the leading cause of losses, accounting for 99.25%, while incidents involving fraud stood at a mere 0.75%.
Centralised platforms continued to remain the preferable target for bad actors, with 74.8% of the funds lost this quarter coming from these entities. This also marked a 66.4% hike from the previous year.
Private key management an issue for centralised exchanges
Copy link to sectionThe most prominent victim of the third quarter was the Indian crypto exchange WazirX, which lost roughly $235 million.
On July 18, unknown hackers breached the exchange’s hot wallets, and over $100 million in Shiba Inu (SHIB) and $52 million in Ether were siphoned off.
The compromised wallet held 45% of the exchange’s total customer funds, and as such, the attack severely impacted the exchange’s ability to maintain 1:1 asset backing.
Experts have speculated that the attack likely transpired due to a compromised private key, which allowed the attacker to manipulate a smart contract and transfer control of the hot wallet.
Similarly, Singapore-based BingX lost roughly $52 million from its hot wallet on September 20.
The exchange managed to freeze $10 million of the stolen funds and mitigated some damage, but the hacker managed to get away with the rest.
These two incidents alone accounted for 69.5% of Q3 losses, with approximately $287 million in combined losses.
Of the three incidents targeting CEXes, Indonesia’s Indodax was impacted the least, losing $22 million from its hot wallet.
Immunefi founder Mitchell Amadour warned that private key management remains a key “infrastructural issue,” adding that centralised platforms often fail to implement proper security audits and emergency plans for private key management, essential to maintaining the self-custody of crypto assets.
Losses by chain
Copy link to sectionEthereum was the most targeted blockchain network, with 15 reported incidents, followed by Binance-backed BNB Chain with eight incidents.
Together, the two networks accounted for more than 50% of all attacks, primarily due to their size and popularity.
Interestingly, Solana, ranked third by total value locked, only had one reported incident, whereas the smaller Base chain, developed by Coinbase, saw two.
Advertisement
Want easy-to-follow crypto, forex & stock trading signals? Make trading simple by copying our team of pro-traders. Consistent results. Sign-up today at Invezz Signals™.