In a troubling trend for the cryptocurrency industry, crypto hacks in September 2024 exceeded $120 million, with centralized exchanges BingX and Indodax suffering the brunt of the attacks. These breaches highlight ongoing vulnerabilities within the sector, particularly for centralized platforms, as hackers continue to exploit security weaknesses.
The total amount stolen from various crypto platforms in September marks one of the highest monthly losses this year. Despite advancements in cybersecurity measures, the scale of the attacks serves as a reminder that the crypto industry remains a prime target for cybercriminals.
Major Breaches at Centralized Exchanges
The most significant breaches this month occurred at two centralized exchanges—BingX and Indodax—which together accounted for more than half of the total value stolen. These exchanges serve millions of users, and the hacks raise concerns about the safety of user funds and the security protocols used by even some of the most popular platforms.
- BingX: This popular exchange saw a breach that resulted in the loss of approximately $40 million in cryptocurrencies. Attackers exploited a vulnerability in the platform’s internal wallet system, allowing them to drain multiple wallets over a series of coordinated attacks. BingX has since frozen withdrawals and issued a statement apologizing to its users, while its cybersecurity team works with external auditors to investigate the breach.
- Indodax: One of Southeast Asia’s largest exchanges, Indodax, experienced a $25 million hack. This attack occurred after hackers gained access to the platform’s hot wallets, which store user funds for quick access. The breach highlights the ongoing risks associated with hot wallets, which, while convenient, remain more vulnerable to attacks compared to cold wallets.
Together, these attacks on BingX and Indodax accounted for more than $65 million, more than half of the total amount stolen in September’s crypto hacks.
Other Significant Hacks in September
While BingX and Indodax were the most high-profile victims, several smaller platforms and decentralized finance (DeFi) protocols were also hit in September. Among the most notable were:
- DeFi Exploits: Various decentralized protocols reported losses due to smart contract exploits, with an estimated total of $30 million stolen. DeFi platforms remain a frequent target for hackers, as vulnerabilities in code can often go unnoticed until they are exploited. Hackers continue to find ways to manipulate contracts to drain liquidity pools or siphon off user funds.
- Cross-Chain Bridges: Another $10 million was stolen from cross-chain bridges, which facilitate the transfer of assets between different blockchain networks. These bridges have long been a weak point in the ecosystem, as their complexity makes them susceptible to sophisticated attacks.
- Phishing Attacks: $5 million was lost to phishing attacks aimed at users of various exchanges and wallets. Hackers used fake websites, social media scams, and fraudulent emails to trick users into providing sensitive information like private keys or recovery phrases, which were then used to access and drain user accounts.
Vulnerabilities in Centralized Exchanges
The breaches at BingX and Indodax underline the persistent vulnerabilities associated with centralized exchanges (CEXs). While these platforms are convenient and popular, they are also centralized points of failure, making them attractive targets for hackers.
Centralized exchanges often manage user funds through hot wallets, which are always connected to the internet and therefore more susceptible to cyberattacks. While most exchanges also use cold wallets to store the majority of user funds offline, the hot wallets contain enough liquidity to facilitate daily transactions, which hackers target in attacks.
Hot wallet security remains one of the biggest challenges for centralized platforms. In many cases, the hot wallets used by exchanges are not adequately segmented, allowing hackers to move funds quickly across multiple wallets once they gain access. Additionally, internal security protocols may fail to detect unusual activities before funds are siphoned off, compounding the problem.
The Growing Threat to the Crypto Industry
September’s hack total of over $120 million follows a series of high-profile attacks throughout 2024, bringing the year-to-date total to over $1 billion in stolen funds. The persistence of these attacks highlights the ongoing risks faced by the crypto industry as a whole.
Despite numerous regulatory and technological advancements, including efforts to increase cybersecurity, criminals continue to innovate new ways to exploit both centralized and decentralized platforms. The combination of high liquidity, relative anonymity, and inconsistent security measures across the industry makes the crypto space an appealing target for cybercriminals.
Moreover, the attacks underscore the challenges faced by regulators and law enforcement in combating cybercrime in the decentralized world of blockchain technology. While decentralized exchanges (DEXs) offer alternatives that reduce reliance on centralized platforms, they are not immune to hacks, particularly in the realm of smart contract vulnerabilities.
How Exchanges and Users Can Protect Themselves
In light of the recent breaches, both exchanges and users must take proactive steps to protect their assets from theft.
For Exchanges:
- Enhanced Hot Wallet Security: Exchanges need to implement stronger hot wallet security protocols, including multi-signature transactions, frequent wallet rotations, and tighter withdrawal limits.
- Cold Storage Solutions: Increasing the percentage of user funds stored in cold wallets can reduce the amount of accessible liquidity for hackers.
- Real-Time Monitoring: Exchanges must invest in real-time transaction monitoring systems that can detect suspicious activity quickly and stop hacks before they escalate.
- Third-Party Audits: Regular third-party security audits can help identify vulnerabilities in code and infrastructure before they are exploited by malicious actors.
For Users:
- Use Cold Wallets: For long-term storage of assets, users should transfer their funds to cold wallets, which are not connected to the internet and therefore less vulnerable to hacks.
- Enable Two-Factor Authentication (2FA): Users should enable 2FA on their exchange accounts to add an additional layer of security.
- Be Cautious with Phishing: Always verify URLs and email addresses before entering login credentials or private keys. Avoid clicking on links from unknown or untrusted sources.
Conclusion: A Wake-Up Call for the Industry
The cryptocurrency industry continues to face significant challenges in securing its platforms and protecting user funds. With more than $120 million stolen in September 2024 alone, the hacks at BingX and Indodax highlight the pressing need for better security infrastructure in the crypto space.
As the industry evolves, so must the security measures designed to protect it. Centralized exchanges, in particular, must adopt stronger safeguards to protect against attacks, while users should take more responsibility for securing their assets through cold storage and other security practices.
Moving forward, the crypto industry will need to strike a balance between innovation and security to regain user trust and prevent further losses from cyberattacks.
