Here’s How Much Was Stolen
Blockchain security firm PeckShield has reported that the crypto space suffered more than 20 hacking incidents in September 2024.
According to the company, these events caused about $120.23 million in losses, excluding $32.4 million worth of Spark Wrapped Ethereum (spWETH) drained in a phishing attack on September 27.
BingX, Penpie, and Indodax Suffer the Most
CryptoPotato reported on some of the largest hacks of the last month, including a $44 million breach at BingX, a $27 million loss at Penpie, and a $21 million hit on Indodax.
In the BingX incident, which occurred on September 20, PeckShield alerted the public about an initial $13.5 million outflow it deemed suspicious. However, after further investigation, several on-chain security experts gave different estimations of the loss, ranging between a low of $44 million and a high of $52 million.
In a subsequent response to the attack, the Singapore-based exchange assured users that it would cover the losses, which it described as “minor.”
The Penpie case was one of the earliest of the month, occurring on September 3. A post-mortem revealed that the criminal exploited a reentrancy protection vulnerability on the platform, allowing them to register a fake Pendle market. They used this to manipulate the platform’s reward system, ultimately making off with 11,113.6 ETH.
The incident also featured a bit of drama on the side when the person suspected to have been behind the $200 million Euler hack in 2023 reached out to the Penpie attacker to congratulate them on their exploit, urging them not to return a single cent of the stolen money.
Indonesian crypto exchange Indodax was also among the most heavily affected by last month’s criminal activities. In that exploit, the perpetrator reportedly breached the platform’s withdrawal system and stole large amounts of Bitcoin (BTC), Tron (TRX), Polygon (MATIC), and Shiba Inu (SHIB).
Smaller Hacks
Other platforms that were affected on a relatively smaller scale by the September crypto breaches include DeltaPrime, which lost $5.98 million, and Truflation, which was hit for $5.6 million.
Onyx, a Compound Finance fork, also lost $3.8 million last month. In October 2023, the protocol was robbed of another $2.1 million. In that incident, the thief took advantage of a known vulnerability in Onyx’s code that had also reportedly been used to steal funds from Midas Capital and Hundred Finance.
The top ten biggest hacks of the month were rounded up by BananaGun, which was hit for $3 million, Bedrock, which suffered a $1.75 million breach, and Caterpillar Coin (CUT), where $1.4 million disappeared in a flash loan attack.
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).
LIMITED OFFER 2024 at BYDFi Exchange: Up to $2,888 welcome reward, use this link to register and open a 100 USDT-M position for free!