October 2024 Hack Report: Crypto Industry Faces $126.93 Million in Losses

Overview and Key Takeaways

October 2024 was marked by significant security breaches, with crypto asset losses totaling $126.93 million. The incidents targeted both centralized exchanges and decentralized platforms, underscoring critical security gaps. This report highlights the most impactful hacks and analyzes methods, implications, and emerging security trends.

Summary of Losses by Incident

1. M2 Exchange: $13.7 Million Lost
   On October 31, M2 Exchange suffered a breach targeting its hot wallets. The hack resulted in the theft of $13.7 million worth of digital assets. Fortunately, M2’s CEO confirmed that all user funds were restored, and services are now back to normal. However, this incident serves as a reminder of the vulnerabilities of hot wallets, especially on centralized exchanges.
2. U.S. Government Wallet Hack: $20 Million Stolen
   A crypto wallet associated with the U.S. government, which contained funds seized from the 2016 Bitfinex hack, was breached in October. The hacker drained $20 million in Ethereum and stablecoins such as USDC and USDT. The funds, which had been inactive for months, were quickly moved through various exchanges, raising questions about the security of government-held crypto assets.
3. Radiant Capital: $58 Million Flash Loan Attack
   On October 16, Radiant Capital, a cross-chain lending platform, was exploited in a flash loan attack, leading to a loss of $58 million. The attack targeted the platform’s newly launched USDC market on Arbitrum, halting lending and borrowing activities. This breach comes on the heels of an earlier attack in January 2024 that drained around $4.5 million from Radiant’s BNB Chain and Arbitrum protocols.
4. Blast Network Whale Exploit: $35 Million
   One of the most significant events in October involved a $35 million theft from Blast Network, where an attacker tricked a user into signing an offline permit message, allowing the hacker to drain fwDETH tokens from the victim’s account. The price of fwDETH dropped drastically, from $2,000 to $100, before recovering slightly. This exploit highlights the ongoing risks of phishing and social engineering attacks in the crypto space.
5. Morpho Protocol PAXG/USDC Market: $230,000
   The Morpho Protocol, a decentralized lending platform, faced a $230,000 loss in October due to an Oracle misconfiguration in its tokenized gold market (PAXG/USDC). The misconfiguration caused an inflated price of gold, which was exploited by an attacker to withdraw funds. While most of the stolen funds have been recovered, this incident underscores the importance of accurate Oracle configurations in decentralized finance (DeFi).

Key Trends in October’s Hacks

1. Centralized Exchange (CEX) Attacks

Centralized exchanges remain prime targets for hackers, as evidenced by the M2 Exchange breach and the U.S. government wallet hack. These attacks typically target hot wallets, which store users' funds for quick transactions. While exchanges continue to improve security, the trend of these exchanges being targeted is concerning for both users and platform operators.

2. Flash Loan and Oracle Exploits in DeFi

Flash loan attacks, which exploit vulnerabilities in smart contracts and decentralized protocols, continue to pose a significant threat to decentralized platforms. Radiant Capital's $58 million loss serves as a reminder of the risks DeFi platforms face from these types of exploits. Additionally, the Morpho Protocol hack highlights how even minor misconfigurations, such as incorrect Oracle prices, can lead to significant financial damage.

3. Phishing and Social Engineering

Phishing attacks continue to evolve, with attackers employing sophisticated techniques to trick users into giving away private keys or signing fraudulent transactions. The Blast Network whale exploit is a prime example of how phishing, combined with offline signature requests, can lead to massive losses.

Protective Measures for Crypto Users and Platforms

For Individual Users:

• Always enable 2FA and use hardware wallets for long-term storage of digital assets.
• Be extremely cautious of phishing attempts—never sign transactions or share private keys unless you're absolutely sure of the legitimacy of the request.
• Keep your software and security protocols up-to-date to guard against new vulnerabilities.

For Developers and Platforms:

• Regularly audit smart contracts and Oracle configurations to ensure there are no vulnerabilities that could be exploited.
• Consider implementing more robust security measures for hot wallets, such as multi-signature wallets, to prevent large-scale hacks.
• Educate users about security best practices to help reduce the risks posed by phishing and social engineering attacks.

Conclusion: A Growing Threat Landscape

October 2024 has been a wake-up call for the crypto community. From centralized exchanges to decentralized platforms, security breaches are increasing in frequency and scale. The losses from these attacks have reached alarming levels, underscoring the importance of improving security at every level of the crypto ecosystem. Whether you're a user or a platform, now is the time to prioritize security and take proactive steps to protect your assets.

Stay informed, stay secure, and lets continue working together to build a safer crypto space.

#CryptoSecurity #DeFi #BlockchainSecurity #PrismBlocks #CryptoHacks #OctoberReport #SecurityMatters