Web3 Lost $38.9 Million to Bad Actors in First Month of 2024: Quantstamp

Bad actors have stolen $38.9 million from various Web3 projects in the first month of 2024.

According to a recent report from Quantstamp, a decentralized finance (DeFi) security startup, bad actors used different attack vectors to steal funds, including smart contract hacks, key compromises, and scams.

Major Crypto Hacks of January 2024

One of the first major crypto hacks of the year occurred when Radiant Capital experienced a $4.5 million loss due to an empty market exploit.

Peckshield, a blockchain security company, identified that the root cause was not unique and originated from a short timeframe when new markets were activated on lending protocols.

At the time, Radiant Capital halted its USDC pool on Arbitrum to address the issue, assuring users that their funds were secure. The project resumed operations after a thorough investigation.

Gamma Strategies, another affected platform, fell victim to a flash loan attack on January 4, shortly after the Radiant Capital incident.

The attack exploited a code bug, enabling the hackers to siphon $6.1 million from Gamma’s public-facing vaults.

In response, Gamma temporarily suspended deposits and closed the vulnerability to mitigate further damage.

Furthermore, Wise Lending, a Web3 lending app, encountered a flash loan attack on January 12, resulting in a loss of at least $460,000.

The exploit involved manipulating the price oracle used by Wise Lending and marked the second attack on the protocol in six months. Approximately 170 Ether was drained from the platform.

Socket Lost Over $4 Million to Web3 Bad Actors

On January 16, Socket, a multichain protocol, suffered a security breach due to a vulnerability in user verification input, allowing hackers to steal nearly 2,000 ETH, valued at over $4 million.

However, Socket managed to recover 1,032 ETH (equivalent to approximately $2.3 million) and reimbursed all affected users as part of its strategy to restore user funds.

Goledo Finance faced a security breach similar to Gamma Strategies’ exploit on January 28, involving a flash loan attack that resulted in a theft of $1.7 million.

The platform is still negotiating with the perpetrator, and Goledo has announced a bounty to return the funds.

Goledo has frozen the hacker’s accounts on centralized exchanges and is assessing the extent of the loss to develop a recovery strategy. It has also informed local law enforcement about the situation.

To address the losses suffered by its users, the Goledo Team has initiated a compensation process for asset recovery.

The project has provided users with a Google form to submit their claims.

The incidents highlighted by Quantstamp’s report serve as a reminder of the ongoing challenges faced by the Web3 ecosystem regarding security and the need for continuous vigilance in safeguarding user funds.

It is worth noting that 2023 saw a slight decline in hacking incidents targeting the cryptocurrency industry despite losing around $2 billion to bad actors. 

According to a recent report from De.FI, a prominent Web3 security firm known for its REKT database, hackers managed to pilfer $2 billion in digital assets throughout the year.

While that amount is still alarming, it marks the first decrease in crypto hacking incidents since 2021.

 

Leave a Reply