Crypto Hacks Top $120M in September, BingX and Indodax Suffer

In September 2024, hackers stole over $120 million in a series of high-profile crypto hacks on cryptocurrency platforms.

The latest figures from PeckShield revealed that more than 20 incidents occurred during the month, targeting both centralized and decentralized platforms.

The largest breaches involved platforms such as BingX, Penpie, and Indodax, which collectively accounted for over $90 million in losses.

These hacks add to a growing trend of security breaches in the crypto sector, contributing to a staggering $409 million in losses in the third quarter alone, as highlighted in a recent Immunefi report .

Major Crypto Hacks in September: BingX, Penpie, and Indodax

The biggest blow in September was dealt to BingX, a Singapore-based exchange that lost approximately $44 million in a single incident , making it the hardest-hit platform of the month.

This hack follows previous vulnerabilities in the platform. BingX’s losses in September represent a significant portion of the total $409 million stolen by crypto hackers in Q3 2024.

Penpie, a decentralized finance protocol, also suffered a $27 million breach .

Despite the growing popularity of DeFi, with over $87 billion in total value locked across various protocols, these platforms have become prime targets for cybercriminals due to their complex smart contract interactions and often insufficient security protocols.

Indodax, one of Indonesia’s largest cryptocurrency exchanges, also reported a $21 million loss , making it the third-largest hack of the month.

This attack follows a broader trend of Asian exchanges being targeted, as hackers continue to exploit security gaps in the region’s rapidly growing crypto markets.

Other significant incidents in September include DeltaPrime, which saw nearly $6 million stolen , and Truflation, which lost $5.6 million .

Smaller platforms such as Shezmu, Onyx, BananaGun , Bedrock , and CUT also experienced breaches, with losses ranging from $1.4 million to $4.9 million.

While some of these platforms managed to recover a portion of the stolen funds, the overall impact remains severe.

One of the notable aspects of the September hacks was the $32.4 million phishing attack that targeted $spWETH signatures.

Though this attack was excluded from the overall total reported by PeckShield, it is worth mentioning.

Q3 2024: Crypto Hacks Reach $409 Million

According to a report released by Immunefi earlier this week, the third quarter alone saw $409 million stolen in 31 separate incidents.

This represents a 40% decrease compared to the same period in 2023 when over $685 million was lost to hackers and fraudsters.

The Immunefi report also highlights how centralized finance (CeFi) platforms have been particularly vulnerable to large-scale breaches, accounting for the majority of the stolen funds.

In fact, CeFi platforms were responsible for 75% of the total losses, with some individual attacks leading to hundreds of millions of dollars in stolen assets.

By contrast, decentralized finance (DeFi) platforms saw a greater number of incidents but were generally less severe in terms of total losses.

Mitchell Amador, the founder and CEO of Immunefi, emphasized in the report, the increasing risk to CeFi platforms, particularly when it comes to managing private keys.

Amador said;

“We’re seeing a higher number of incidents targeting DeFi, while CeFi experiences fewer incidents but often with more severe consequences,”.

Despite these challenges, there have been some efforts to rebuild trust in the industry.

The $120 million in losses from September’s hacks and the $409 million stolen in Q3 2024 are stark reminders for investors.

The growing adoption of digital assets, and the complexity of securing these systems, has created an environment ripe for exploitation.