North Korean hackers’ $308 million Bitcoin theft ranks as the largest in 2024. Artificial Intelligence will make attacks worse – DL News

It was no secret.

Blockchain security experts He shouted it from the rooftops last year: Infrastructure attacks targeting private keys and smart contract ownership It would cause major damage For crypto projects in 2024.

Private keys control access to cryptocurrency wallets and must be stored securely. If not, hackers can use it to steal money from the victim’s wallet.

Some companies did not heed these warnings and failed to secure their private keys, leaving the door open for North Korean cybercriminals to steal. $1.34 billion In the cryptocurrency space, according to blockchain forensics firm Chainalysis.

According to Luciano Cittaglia, vice president of services at blockchain security review firm Hacken, companies affected by the private key leak made “mistakes that could have been avoided.”

“Victims often use third-party private key management platforms that lack proper security practices such as encryption or distributed storage,” Citale told DL News.

The biggest breaches this year were all due to access control vulnerabilities including private key leaks.

In a year in which investors lost $2.3 billion As for cryptocurrency theft, private key leaks and other infrastructure attacks account for 81% of that total, according to blockchain security firm Cyvers.

Here are the five biggest cryptocurrency hacks of 2024.

DMM Bitcoin worth $308 million in May

Japanese cryptocurrency exchange DMM Bitcoin was the hardest hit this year.

I lost the platform 4,502.9 BTC worth $308 million in May.

Six months after the hack, details are still unclear, but security researchers suspect that North Korean hackers gained access to the platform’s private keys.

They based their claim on Similarities between money laundering techniques It was used by hackers of the dreaded North Korean cybercrime syndicate Lazarus Group.

DMM Bitcoin was unable to recover from the hack. The platform was shut down earlier this month and transfer Its assets are based on the SVI VC Trade trading platform.

The story began when a hacker hijacked control of the PlayDapp smart contract to mint tokens and create… 200 million PLA codes.

At the time, the tokens were worth $26 million.

PlayDapp acted quickly by contacting exchanges to freeze the tokens, preventing the attacker from cashing out.

Pirate mint bravely 1.6 billion PLA tokens worth $264 million days later, but they were unable to sell them.

PlayDapp has since moved to a new token contract.

Minister X: $235 million

At first glance, WazirX was a secure platform.

India’s largest cryptocurrency exchange used a multi-signature wallet with four out of six signers, a whitelist of addresses configured on an off-site interface, and signing keys housed in a hardware wallet.

However, the platform lost nearly half of its assets in one fell swoop.

Hackers breached one of the platform’s multi-signature wallets in July and He stole $235 million In several cryptocurrencies including Ether and Shiba Inu memecoin.

Hackers used sophisticated attack vectors to trick WazirX wallet administrators into ceding access control to bad actors.

They used this access control to bypass other security measures and withdraw funds from the platform’s wallet.

Police in India Arrested One suspect is allegedly linked to the November hack.

Radiant Capital: $62.5 million

Cybercriminals attacked cross-chain DeFi lending protocol Radiant Capital twice this year, in January and October.

In January, an attacker manipulated the protocol’s smart contract to steal $4.5 million in Radiant Capital issues spread on Arbitrum and BNB Chain.

Then in October, I lost the platform 58 million dollars In an attack where hackers compromised the private keys of the protocol developer to steal funds.

This was the second attack linked To cybercriminals in North Korea.

The attacker pretended to be a former team member and sent a digital file with malware to the project developer.

The malware gave hackers access to Radiant Capital computers where the private keys were stored.

Munchables: $62.5 million

External actors are not the only threats to cryptocurrency projects; Sometimes, the bad guys are on the inside.

This was the case in March for Munchables, a non-fungible token project on the Blast blockchain.

The Munchables cast had a bad cast.

The hacker, suspected to be from North Korea, used his access to insert a vulnerability into the project’s smart contract.

Which allowed the attacker to do so He steals $62.5 million worth of ether from the Munchables project in March.

However, the attacker returned the private keys needed to recover $60.5 million to the team.

Looking forward

The rise in private key leak attacks this year contributed to investors suffering larger losses in 2024 than the previous year.

At $2.3 billion, cryptocurrency thefts in 2024 exceed last year’s total by 40% — but are short of the record $3.8 billion set in 2022.

Crypto crime fighters say new and more dangerous attack vectors are on the horizon.

Cyphers said in its report that advances in quantum computing and artificial intelligence could lead to more sophisticated attacks in the coming year.

Other security experts also agree on this possibility.

“Next year, cryptocurrency investors may see more risks from AI-driven attacks, which will likely make phishing scams more convincing and help attackers find vulnerabilities in smart contracts faster,” Ciatalia said.

The Hacken CEO said that these complex threats will require cryptocurrency developers to upgrade their operational security protocols.

Osato Afan Nomayo He is our DeFi correspondent based in Nigeria. It covers DeFi and technology. To share tips or information about stories, please contact him at osato@dlnews.com.