Biggest Crypto Hacks in Q1, 2024

This article lists the major exploits that happened in crypto in Q1, 2024. 

Orbit Chain ($81.5M)

The year started with the biggest attack that Q1 saw: the $81.5M Orbit Chain exploit. On January 1, the cross-chain platform tweeted about an unidentified access. Following updates revealed that the hacker managed to execute transactions from different wallets and stole ETH, USDT, USDC, WBTC, and DAI. Despite Orbit Chain’s attempts to communicate with the hacker, no response was received. 

Next in size comes the exploit of Munchables, a GameFi platform built on the Ethereum Layer 2 network, Blast. On March 27, Munchables announced it was compromised. The hacker was able to withdraw over 17,000 ETH from the platform. After hours of investigation with PeckShield and ZachXBT, it was known that the person behind the hack was one of the Munchables developers. Luckily, the incident had a relatively happy ending as the already ex-developer agreed to return funds without any conditions. 

PlayDapp ($36.5M)

Another GameFi platform was hacked in February. On February 10, PlayDapp posted about a critical security breach. The hacker spotted a vulnerability in the PLA token smart contract and was able to issue 200 million PLA tokens, worth around $36.5M at the time. In response, PlayDapp notified partner exchanges to suspend the trading of the PLA tokens. They also sent an on-chain message to the hacker calling for negotiation. However, the latter had other plans and executed a secondary attack on February 13. This time, the hacker minted 1.59 billion PLA tokens valued at more than $253 million. After this, PlayDapp announced migrating to a new token, PDA, making it difficult for the attacker to benefit from the stolen assets. On the PLA to PDA migration portal, token holders can swap their tokens for new ones. 

FixedFloat ($26.1M)

In mid-February, the decentralized exchange FixedFloat suffered a major exploit, losing $26.1 million in Bitcoin and Ether. The DEX wasn’t quick to officially report the incident, leading some users to suspect it was a rug pull — a type of scam where project founders disappear with user funds. Meanwhile, the website was down and displayed a message of technical work being in process. In March, FixedFloat resumed operations and moved to a new website domain. They published a blog post clarifying that more than 30 user orders halted during the hack, were completed. FixedFloat mentioned that the damage was done only to the service and that user funds were safe.  Addressing concerns, the team wrote: 

Hackers don't overlook the Play to Earn gaming platform Gamee. On January 23, the project announced a security incident.  GAMEE tweeted that the hacker gained access to the platform’s private keys and smart contracts by exploiting a vulnerability in its GitLab repository, a platform for hosting code. This allowed the attacker to gain control of around 600M GMEE tokens and execute unauthorized conversions to MATIC and ETH. Upon detecting the breach, GAMEE suspended the Polygon-Ethereum bridge and halted trading for the affected smart contracts. However, 200M tokens remained under the hacker’s control. The project clarified that the exploit affected only the team’s token reserves and not community-owned assets.

Prisma Finance ($11.7M)

The latest big hack of the quarter happened at the end of March, targeting the DeFi staking platform Prisma Finance. On March 28, Prisma Finance tweeted about a possible exploit, mentioning they paused the protocol to investigate the case. According to the blockchain security company Hacken, the exploiter was able to gain $11.7M through several flash loan attacks. Prisma announced that the remaining funds are safe and the team is working on retrieving the funds and resolving the situation.

WOOFI ($8.7M)

On March 6, the DeFi platform WOOFI informed about an exploitation of its smart contract based on the Arbitrum network. The attacker discovered a vulnerability in the platform’s price adjustment algorithm that allowed price manipulation. They used the flash loan functionality, which enables borrowing funds without providing collateral. First, the hacker borrowed around 7.7 million WOO tokens through a flash loan and then sold the assets into the pool. The large number of tokens being sold triggered the algorithm to lower the WOO token price. Once achieving this, the hacker swapped a large number of WOO tokens (around 10 million) for other assets, repeating the attack  3 times and causing $8.75M in losses. To return the funds, WOOFI offered the hacker a 10% bounty while informing users that they were working to fix the contract and improve the platform’s security.