Crypto Hacks Exceed $120 Million in September BingX and Indodax Among the Victims

Crypto Hacks Exceed $120 Million in September BingX and Indodax Among the Victims

In September 2024, hackers stole over $120 million from various cryptocurrency platforms, marking a troubling month for the industry. Recent data from PeckShield indicates that more than 20 significant incidents targeted both centralized and decentralized exchanges.

The most substantial losses were suffered by platforms including BingX, Penpie, and Indodax, which collectively accounted for over $90 million in damages. These breaches reflect an ongoing trend of security vulnerabilities within the crypto sector, contributing to a staggering total of $409 million lost during the third quarter, as reported by Immunefi.

BingX, a Singapore-based exchange, was hit hardest, with losses estimated at approximately $44 million in a single incident. This event underscores the platform's previous vulnerabilities and constitutes a significant part of the overall $409 million stolen by hackers in Q3 2024.

Penpie, a decentralized finance protocol, reported a breach of $27 million. Despite the increasing interest in DeFi—evidenced by over $87 billion locked across various protocols—these platforms have become prime targets for cybercriminals, often due to complex smart contract interactions and inadequate security measures.

Indodax, Indonesia’s largest cryptocurrency exchange, experienced a loss of $21 million, ranking as the third-largest hack of the month. The rise in attacks on Asian exchanges highlights the region's rapidly expanding crypto markets and the security gaps therein.

Additional incidents in September included DeltaPrime, which lost nearly $6 million, and Truflation, which suffered a breach of $5.6 million. Smaller platforms such as Shezmu, Onyx, BananaGun, Bedrock, and CUT also faced hacks, with losses ranging from $1.4 million to $4.9 million.

While some affected platforms managed to recover a portion of their stolen assets, the overall repercussions remain significant. A noteworthy phishing attack targeting $spWETH signatures resulted in $32.4 million in losses, although this was not included in the total reported by PeckShield.

According to Immunefi’s recent report, the third quarter of 2024 saw $409 million stolen across 31 separate incidents, a 40% decrease from the same period in 2023, when over $685 million was lost to hackers. The report highlights the particular vulnerability of centralized finance (CeFi) platforms, which accounted for 75% of total losses, often stemming from large-scale breaches. In contrast, decentralized finance (DeFi) platforms experienced a greater number of incidents, though the overall financial impact was generally lower.

Mitchell Amador, founder and CEO of Immunefi, pointed out the escalating risks for CeFi platforms, particularly regarding the management of private keys, underscoring the need for improved security measures across the industry.