$66.6M Stolen Through Crypto Crimes — Top 5 Hacks of December 2024
In December 2024, over $66.6 million was stolen through various crypto crimes, with phishing alone accounting for more than $41 million, while fraudulent projects garnered over $4 million.
Hacks resulted in just over $19 million in losses, marking one of the lowest monthly theft totals from exploits in 2024.
Here is a breakdown of the top 5 hacking exploits of the month!
Top 5 Crypto Hacks of December 2024 — Nefture
🚨 LastPass — An Ongoing Private Key Threat
Blockchain security researchers revealed in September 2023 that hundreds of wallets had been silently siphoned for more than $35 million due to LastPass’ encrypted vaults being cracked, offering access to the seed phrases stored within.
Since then, victims have been piling up. In the latest LastPass “attack” around December 17th, crypto sleuth ZachXBT reported that more than 100 wallets had been siphoned for over $12.38 million.
In total, at the very least, over $50 million has been lost due to the LastPass breach.
If you want to learn more about the LastPass exploit dig into the following report:
Private Keys: the Threat of Brute Force Attacks
🚨 GemPad Loses $1.9M in Simple Hack 101 Attack: Reentrancy Exploit
GemPad, a no-code smart contract platform, was hacked for $1.9 million across Ethereum, BNB Chain, and Base networks due to a reentrancy vulnerability in its smart contracts.
The attacker exploited this flaw in the collectFees function, deploying malicious contracts that allowed repeated withdrawals of locked assets. An exploit that was repeated across three blockchains.
🚨 Feed Every Gorilla Hacked for The Third Time
FEG proves once again that bad things tend to come in threes. After a disastrous 2022, which saw FEG fall victim to a flash loan attack and a supply chain attack, December 2024 brought a $1 million loss due to a vulnerability in their bridge.
BlockSec’s analysis of the hack revealed that the relayer can register withdrawals in the SmartBridge without checking if the source address is authorized when receiving a wormhole bridge message.
After the attacker dumped the FEG token, its price plummeted by 99%.
🚨 Unknown Protocol Falls Victim to Costly Hack
BlockSec reported on December 10th that an unidentified protocol on the BSC blockchain fell victim to a hack.
According to their research, an attacker launched multiple governance attacks on the protocol, which were successful, resulting in the theft of over $640,000.
🚨 Clipper DEX victim of a $500k Hack
Decentralized exchange Clipper lost $500,000 in a hack on its protocol. The root cause, per Clipper, was a vulnerability in its withdrawal function.
The attacker exploited two liquidity pools on December 1st, taking about 6% of the total value locked.
Clipper then disabled the feature that allowed withdrawals in a single token, which was identified as the exploited vulnerability.
About us
Nefture is a Web3 real-time security and risk prevention platform that detects on-chain vulnerabilities and protects digital assets, protocols and asset managers from significant losses or threats.Nefture core services includes Real-Time Transaction Security and a Threat Monitoring Platform that provides accurate exploits detections and fully customized alerts covering hundreds of risk types with a clear expertise in DeFi.Today, Nefture proudly collaborates with leading projects and asset managers, providing them with unparalleled security solutions.Book a demo 🤝
$66.6M Stolen Through Crypto Crimes — Top 5 Hacks of December 2024 was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.