Crypto Industry Loses $120M to Hackers in September with BingX Taking Hardest Hit

As a researcher who has spent years studying and navigating the complex world of cryptocurrencies, I can’t help but feel a mix of dismay and intrigue when I look at the state of cybersecurity within the industry. September 2024 was a month that saw an alarming increase in hacking incidents, with losses totaling more than $120 million across multiple platforms. This is just one snapshot of the broader picture for the year, where an estimated $1.38 billion has been stolen from the crypto industry in the first half alone.


Last September saw a stormy period for the crypto industry, as cyber attackers intensified their assaults across multiple sectors. According to PeckShield, a blockchain security firm, hackers made off with over $120 million in 20 separate incidents last month. It’s important to note that this total does not include a recent theft of $32.4 million involving $spWETH, which was stolen through a vulnerability in the Permit signature system.

Major Hacks across Multiple Platforms

In September, the leading platforms that were focused on were BingX, a Singapore-based exchange, along with Penpie (a decentralized protocol), Indodax, Delta Prime, Truflation, Shezmu, Onyx, BananaGun, Bedrock, and CUT.

Among these platforms, BingX suffered the most significant setback, with a loss of approximately $44 million. On September 20th, cybercriminals targeted the company’s hot wallet, emptying various cryptocurrencies kept within it. Initially, it was estimated that the total loss could reach around $52 million.

On September 3, Penpie suffered an exploit amounting to $27 million, making it the second-largest victim in this incident. The culprits discovered a vulnerability within the platform that gave them access to a function called “registerPenpiePool.” This feature enabled the malicious actors to establish a Pendle market where the exploitation transpired, as reported by Zokyo, a blockchain security firm, on September 4.

According to PeckShield’s data, several cryptocurrency platforms experienced substantial losses totaling approximately $21 million, $5.98 million, $5.6 million, $4.9 million, $3.8 million, $3 million, $1.75 million, and $1.4 million respectively. Interestingly, one of the affected parties managed to retrieve some of the stolen funds.

In September 2024, there were over 20 cyber attacks in the cryptocurrency sector resulting in approximately $120.23 million worth of losses (excluding the $32.4 million of spWETH stolen through a Permit signature phishing scam).
— PeckShieldAlert (@PeckShieldAlert) October 1, 2024

Growing  Concerns  Over Cybersecurity in Crypto

Despite the significant $120 million loss experienced in September, the outlook for 2024 appears even more dismal. In fact, according to TRM Labs, a leading blockchain research firm, hackers have managed to pilfer an astounding $1.38 billion from the cryptocurrency sector within the first half of this year alone.

In contrast to the same timeframe in 2023, which saw losses amounting to $657 million, the events witnessed a significant spike in occurrences. TRM Labs partially explained this rise in misappropriated assets by pointing out the higher average token values as a contributing factor.

As an analyst, I’ve observed that the surge in global acceptance of cryptocurrencies might not only be driving their growth but could also be a contributing factor to the escalation of cybercrimes. The debut of Bitcoin and Ethereum exchange-traded funds (ETFs) in financial hubs such as the US, Hong Kong, and Australia has undeniably drawn increased interest to the industry. This heightened attention, in turn, has potentially created fresh avenues for potential vulnerabilities.

Following the release of the TRM Labs report, Greg Johnson, the CEO of Rubicon Digital Assets, expressed worries about the sector’s readiness.

Although it’s no shock, the latest TRM Labs report underscores the need for significant action in the crypto sector to address the gaps within the larger blockchain infrastructure,” he pointed out.

Read More

Sorry. No data so far.

2024-10-01 13:56