WazirX and BingX hacks lead Q3, accounting for 69.5% of losses

1 month ago 16
Hacker with a laptop.

Just two hacks accounted for over 69% of the funds lost to cyber criminals in the third quarter of 2024, with WazirX and BingX taking the lead.

Blockchain security firm Immunefi released its Q3 2024 crypto losses report on September 26, registering a 40% year-over-year drop in losses from hacks and scams. 

Last year, hackers and fraudsters managed to get their hands on over $685 million worth of crypto assets.

While this sounds like a positive development on the surface, the severity of individual hacks on centralised exchanges remained a concern.

The security firm reported a total of 34 successful and semi-successful incidents that comprised both hacks and frauds.

Hacks remained the leading cause of losses, accounting for 99.25%, while incidents involving fraud stood at a mere 0.75%.

Centralised platforms continued to remain the preferable target for bad actors, with 74.8% of the funds lost this quarter coming from these entities. This also marked a 66.4% hike from the previous year.

However, attacks on decentralised platforms dropped by roughly 80% despite accounting for 31 of the 34 incidents.

Private key management an issue for centralised exchanges

The most prominent victim of the third quarter was the Indian crypto exchange WazirX, which lost roughly $235 million.

On July 18, unknown hackers breached the exchange’s hot wallets, and over $100 million in Shiba Inu (SHIB) and $52 million in Ether were siphoned off.

The compromised wallet held 45% of the exchange’s total customer funds, and as such, the attack severely impacted the exchange’s ability to maintain 1:1 asset backing.

Experts have speculated that the attack likely transpired due to a compromised private key, which allowed the attacker to manipulate a smart contract and transfer control of the hot wallet.

Similarly, Singapore-based BingX lost roughly $52 million from its hot wallet on September 20.

The exchange managed to freeze $10 million of the stolen funds and mitigated some damage, but the hacker managed to get away with the rest.

These two incidents alone accounted for 69.5% of Q3 losses, with approximately $287 million in combined losses.

Of the three incidents targeting CEXes, Indonesia’s Indodax was impacted the least, losing $22 million from its hot wallet.

Immunefi founder Mitchell Amadour warned that private key management remains a key “infrastructural issue,” adding that centralised platforms often fail to implement proper security audits and emergency plans for private key management, essential to maintaining the self-custody of crypto assets.

Losses by chain

Ethereum was the most targeted blockchain network, with 15 reported incidents, followed by Binance-backed BNB Chain with eight incidents.

Together, the two networks accounted for more than 50% of all attacks, primarily due to their size and popularity.

Interestingly, Solana, ranked third by total value locked, only had one reported incident, whereas the smaller Base chain, developed by Coinbase, saw two.

The post WazirX and BingX hacks lead Q3, accounting for 69.5% of losses appeared first on Invezz

Read Entire Article