From DMM Bitcoin to the US Government: Largest Crypto Exploits and Hacks of 2024

Hackers have grown more sophisticated and continue to rake in billions of dollars from crypto exploits.

The good news? There isn’t any—2024 has officially surpassed last year’s totals for stolen funds, with months of hacks piling on to an already record-breaking year.

By Q3 2024, blockchain intelligence firm TRM Labs reported that over $2.2 billion had been stolen in crypto hacks—exceeding the $1.8 billion lost in all of 2023.

Now, as the year comes to a close, the total continues to climb. Analysis reveals that thefts weren’t limited to the experimental world of decentralized finance, or DeFi; centralized crypto exchanges were also prime targets.

Here are the biggest crypto heists of 2024.

DMM Bitcoin’s $308 million

Japanese crypto exchange DMM Bitcoin lost over 4,500 BTC—worth $308 million at the time—to hackers back in May.

It’s unclear how hackers managed to steal from the exchange, but TRM Labs said that stolen private keys were a plausible explanation.

The company is still shutting down and transferring customer accounts to another exchange, SBI VC Trade, which is taking over its assets.

PlayDapp’s $290 million

Hackers targeted the crypto gaming platform PlayDapp twice in February by exploiting a private key vulnerability. They made off with $290 million in PLA tokens across the two incidents.

The attackers also ignored a $1 million white hat reward to return the stolen funds. To this day, the funds are still missing.

WazirX’s $235 million

Indian crypto exchange WazirX was also targeted in June, with hackers running away with close to $235 million.

WazirX suspended all withdrawals, leaving users unable to access their funds after the hack. Elliptic said that the attack was linked to North Korea.

The exchange's parent company, Zettai Pte Ltd, secured a four-month moratorium from the Singapore High Court in August in a bid to get its finances in order.

Things took a weird twist in October when the co-founder of rival exchange CoinSwitch accused WazirX of transferring $75 million worth of user funds to top exchanges Bybit and KuCoin in the wake of the attack.

WazirX has since said that it’s in the process of “rebalancing tokens,” and clients will soon be informed on the next steps to repay creditors.

Ripple co-founder Chris Larsen’s $112.5 million

Hackers targeted Ripple co-founder and Executive Chairman Chris Larsen’s XRP stash on January 30. The crypto entrepreneur wrote on X that there had been “unauthorized access to a few of my personal XRP accounts,” but reassured people that Ripple itself hadn’t been targeted.

Still, it was a hefty attack, and blockchain sleuth ZachXBT said that hackers made away with about 213 million XRP—$112.5 million at the time—before laundering it through exchanges. Efforts to recover the stolen assets have been unsuccessful.

Orbit Chain’s $80 million

The year began with a significant DeFi breach, as hackers drained over $80 million from the cross-chain bridge project Orbit Chain on January 1. Criminals took off with Ethereum and the stablecoin DAI in the exploit—and then fell silent.

Months later, millions of dollars of the stolen crypto was moved to coin mixer Tornado Cash. Other than a January statement apologizing for the exploit, the team behind the project has since given little update on what happened—or how it would retrieve the stolen funds.

BtcTurk’s $54 million

On June 22, hackers targeted the Turkish crypto exchange BtCTurk—which caters to the country’s budding market. Most of the funds were in the form of Avalanche (AVAX), the 12th-largest digital asset by market capitalization.

The exchange reassured users that most funds—kept in cold storage—were safe. Meanwhile, a day after the hack, Binance CEO Richard Teng said his exchange had frozen $5.3 million in stolen funds to assist BtcTurk’s efforts.

Radiant Capital’s $50 million

In October, Hackers hit DeFi project Radiant Capital in “one of the most sophisticated hacks ever recorded in DeFi,” making away with $50 million in tokens at the time.

The breach happened after a Radiant developer received a Telegram message from what appeared to be a former contractor, the protocol said. The message contained a PDF, which was then used to deliver malware and subsequently gain control of several private keys, allowing hackers to steal USDT, USDC, and ARB tokens.

Radiant Capital, which allows users to earn interest and borrow crypto, has since said that North Korean hackers were behind the attack.

U.S. government’s $20 million

Hackers even targeted the Feds this year with over $20 million worth of stablecoins and Ethereum disappearing in October from a government wallet containing funds seized from criminals.

The crypto in question was tied to a previous 2016 hack of the Bitfinex exchange. Hackers sent the coins and tokens to a new address, prompting pseudonymous blockchain sleuth ZachXBT to say it was likely a theft.

Then, the next day, close to $19.3 million worth of the pinched funds were returned to the wallet, data collected by Arkham Intelligence shows. It still isn’t clear what happened to the rest of the stolen crypto—or why hackers returned it in the first place.

Edited by Sebastian Sinclair