Security Challenges in DeFi: The Largest Hacks of 2024

This year, approximately $1.27 billion was stolen from digital currency exchanges and decentralized finance (DeFi) protocols—a figure that grows even larger when factoring in unreported breaches.

This year’s breaches not only exposed significant systemic vulnerabilities within many DeFi protocols but also raised concerns about the ability of numerous startups in the industry to protect user funds. These incidents underscore the ongoing challenges some sectors face in improving security and gaining public trust.

Initially, my plan was to delve into every DeFi hack that occurred in 2024. However, with DeFi Llama reporting a staggering 90 separate incidents, it quickly became evident that covering each case would be unfeasible. Instead, I’ve chosen to focus on the five largest hacks of the year, analyzing the trends they reveal about the current state of DeFi security.

The Top 5 DeFi Hacks of 2024

1. DMM BTC Exchange Hack: $305 Million Lost

On May 31, 2024, the Japanese Bitcoin exchange DMM suffered a devastating hack, resulting in the theft of 4,502.9 BTC—equivalent to $305 million at the time. The attackers compromised the private key of DMM’s Bitcoin wallet, enabling them to transfer funds to their own address.

The consequences were severe for DMM. Customer withdrawals and spot-market transactions were suspended immediately after the attack. Ultimately, DMM announced its permanent closure, transferring customer accounts and assets to another platform.

2. WazirX Phishing Attack: $234.9 Million Stolen

India-based WazirX was hacked on July 18, 2024, losing $234.9 million across over 200 digital assets, including 5.43 billion SHIB tokens, 15,200 Ethereum, and 20.5 million MATIC.

The attack was linked to a phishing campaign targeting the platform’s multi-signature wallet. A significant portion—$229 million—was laundered through Tornado Cash, a cryptocurrency mixer, while $6 million remains untouched. Despite losing nearly half of its reserves, WazirX continues to operate.

3. Munchables Storage Slot Exploit: $62.5 Million Drained

Web3 gaming platform Munchables fell victim to a storage slot exploit, resulting in the loss of 17,400 ETH, valued at $62.5 million at the time. Investigations suggested that the attack was likely conducted by a developer involved in creating the platform’s smart contract.

These breaches highlight the evolving tactics of attackers and the pressing need for improved security measures within the DeFi space. By focusing on these major incidents, we can gain insight into the vulnerabilities that must be addressed to safeguard users and the industry as a whole.

Interestingly, almost all the stolen funds were returned to the company within 24 hours. However, this incident underscores the risks of outsourcing critical development tasks to third parties, particularly in a sector as inherently vulnerable as DeFi.

4. BTC Turk Hot Wallet Hack: $54 Million Compromised

In June 2024, Turkish cryptocurrency exchange BTC Turk suffered a $54 million loss after attackers breached several of its hot wallets. Fortunately, the exchange had stored the majority of its assets in cold wallets, which significantly minimized the potential damage.

Approximately 10% of the stolen funds were transferred to Binance, likely for laundering purposes. However, Binance’s security team acted swiftly, identifying and freezing $5.3 million.

5. Radiant Capital: $53 Million Stolen

In October 2024, Radiant Capital fell victim to an attack that resulted in a $53 million loss. The attacker exploited the protocol’s signers, coercing them into approving malicious transactions that granted access to Radiant’s lending pools.

Investigations revealed that a team member had been socially engineered by an individual posing as a trusted contractor. This deception allowed the attacker to infiltrate critical systems and drain funds from both the BSC and ARB blockchains. Notably, this marked the second hack Radiant Capital suffered in 2024.

Key Trends in DeFi Hacks

To gain deeper insights, I analyzed the top 20 DeFi hacks of 2024 and identified two recurring patterns:

1. Private Key Compromises
   Despite the digital asset community’s emphasis on safeguarding private keys, many breaches occurred due to compromised keys.

These weren’t simply cases of negligence but were largely attributed to sophisticated social engineering. Attackers tricked key holders into revealing credentials or approving fraudulent transactions. This highlights a critical vulnerability: human error remains a significant attack vector.

2. Smart Contract Exploits
   Another prevalent trend was smart contract vulnerabilities. Historically, many DeFi platforms reused code from existing protocols, meaning that exploiting one often opened the door to exploiting others.

Although coding practices have likely improved, breaches in 2024 demonstrated that developers sometimes retain unnecessary access to critical areas like wallets and lending pools, creating avoidable security gaps.

Lessons from 2024’s DeFi Hacks

Regrettably, more funds were stolen in 2024 than in 2023, marking a step backward in the security of DeFi protocols. Losses for the year reached billions, underscoring the immense financial impact of these breaches.

These attacks highlight the urgent need for stronger security measures across the blockchain and digital asset industry. DeFi platforms, which often operate as lean startups, must prioritize robust security strategies to mitigate risks and prevent such devastating losses.

Watch: Breaking the Misconception Between ‘Crypto’ and Blockchain