TheDinarian
News • Business • Investing & Finance
North Korean hackers’ $308m DMM Bitcoin heist ranked 2024′s biggest. AI will make attacks even worse
December 23, 2024
post photo preview

Summary:

  • The biggest hacks this year were mostly due to private key leakage.
  • Security experts warned that such attacks would happen.
  • Investors lost $2.3 billion to crypto theft in 2024.

It wasn’t a secret.

Blockchain security experts shouted it from rooftops last year: Infrastructure attacks targeting private keys and smart contract ownership would cause major damage to crypto projects in 2024.

Private keys control access to crypto wallets and should be stored securely. If not, hackers can use them to steal funds from a victim’s wallet.

Some companies didn’t heed those warnings and failed to secure their private keys, leaving the door open for North Korean cybercriminals to steal $1.34 billion in crypto, according to blockchain forensics company Chainalysis.

According to Luciano Ciattaglia, vice president of services at blockchain security auditor Hacken, companies affected by private key leakage made “avoidable mistakes.”

“Victims often used third-party private key management platforms that lacked proper security practices such as encryption or distributed storage,” Ciattaglia told DL News.

This year’s biggest hacks were all due to access control vulnerabilities including private key leakage.

In a year where investors lost $2.3 billion to crypto theft, private key leakage and other infrastructure attacks account for 81% of that total, according to blockchain security firm Cyvers.

Here are the five biggest crypto hacks of 2024.

DMM Bitcoin $308 million in May

Japanese crypto exchange DMM Bitcoin was the hardest hit this year.

The platform lost 4,502.9 Bitcoin worth $308 million in May.

Six months after the hack, the details are still unclear, but security researchers suspect North Korean hackers accessed the platform’s private keys.

They based their claim on the similarities between the laundering techniques used by the hackers to that of the dreaded North Korean cybercrime syndicate Lazarus Group.

DMM Bitcoin was unable to recover from the hack. The platform shuttered earlier this month and transferred its assets to trading platform SVI VC Trade.

PlayDapp: $290 million

PlayDapp, a South Korean blockchain gaming app, managed to avert disaster despite suffering a massive hack in February.

The saga began when a hacker hijacked control of PlayDapp’s smart contract for minting tokens and created 200 million PLA tokens.

At the time, the tokens were worth $26 million.

PlayDapp acted swiftly by contacting exchanges to freeze the tokens which prevented the attacker from cashing out.

Undaunted, the hacker minted 1.6 billion PLA tokens worth $264 million days later but they were unable to sell them.

PlayDapp has since migrated to a new token contract.

 

WazirX: $235 million

At first glance, WazirX was a secure platform.

India’s largest crypto exchange used a multisig wallet with four out of six signers, address whitelisting configured to an offsite interface, and signing keys domiciled in a hardware wallet.

Still, the platform lost almost half of its assets in one fell swoop.

Hackers breached one of the platform’s multisig wallets in July and stole $235 million in various cryptocurrencies including Ether and the Shiba Inu memecoin.

The hackers used complex attack vectors to trick WazirX wallet administrators into ceding access control over to the bad actors.

They used this access control to bypass other security measures and syphon funds from the platform’s wallet.

Police in India arrested a suspect allegedly connected to the hack in November.

 

Radiant Capital: $62.5 million

Cybercriminals attacked cross-chain DeFi lending protocol Radiant Capital twice this year, in January and October.

In January, an attacker manipulated the protocol’s smart contract to steal $4.5 million from versions of Radiant Capital deployed on Arbitrum and BNB Chain.

Then in October, the platform lost $58 million in an attack where hackers compromised the protocol developer’s private keys to steal funds.

That second attack has been linked to North Korean cybercriminals.

The attacker posed as a former team member and sent a malware-laced digital file to the project’s developer.

The malware gave the hackers access to Radiant Capital’s computers where private keys were stored.

 

Munchables $62.5 million

External actors aren’t the only threats to crypto projects; sometimes, the bad guys are within.

That was the case in March for Munchables, a non-fungible token project on the Blast blockchain.

The Munchables team had a bad actor in its midst.

The hacker, suspected to be from North Korea, used their access to introduce a vulnerability in the project’s smart contract.

That allowed the attacker to steal $62.5 million in Ether from the Munchables project in March.

However, the attacker returned the private keys needed to recover $60.5 million to the team.

 

Looking ahead

The uptick in private key leakage attacks this year contributed to investors suffering greater losses in 2024 than the previous year.

At $2.3 billion, crypto thefts in 2024 exceeded last year’s total by 40% — but is lower than the $3.8 billion record of 2022.

Crypto crime fighters say new and more dangerous attack vectors are looming.

Cyvers said in its report that that advances in quantum computing and artificial intelligence could drive more complex attacks next year.

Other security experts are also converging on that possibility.

“Next year, crypto investors might see more risks from AI-driven attacks, which are likely to make phishing scams more convincing and help attackers find vulnerabilities in smart contracts faster,” Ciattaglia said.

The Hacken executive said these sophisticated threats will require crypto developers to upgrade their operational security protocols.

 

Link

 

community logo
Join the TheDinarian Community
To read more articles like this, sign up and join my community today
0
What else you may like…
Videos
Podcasts
Posts
Articles
⚠️ Vietnam has closed 86 million bank accounts...

"Vietnam has closed 86 million bank accounts... because they refused... the digital ID."

"You had to register a digital ID with biometric data... And if you don't do it, we'll take your money, whether you like it or not."

"It's coming here. They're pushing for digital IDs."

"We had it during Covid. Oh, just get one vaccination and you'll be fine. And then they took away your permissions... and said, no, actually, you need another one. And then another one."

"The more we give away our freedom, our power, the more they'll take."

"We are on the edge of a cliff... We have to show that we are not going to allow this or accept this. Because if we all stopped going to work, or we all stopped using our cards, they'd... listen to us rather quickly."

"And that's a choice we still have at the moment. If cash disappears, that choice is gone forever."

"And I wouldn't like to think of the world where we are controlled—where we can drive, where we can fly, what food we can eat—and the bank can choose ...

00:03:23
It's All About The Bloodlines Retaining Control 👁 THEY Are Targeting The Children

Chelsea Clinton has launched a new podcast aimed at “debunking misinformation” on health topics like vaccines and fluoride, featuring a lineup of so-called experts.

The show, That Can’t Be True!, will cover topics like childhood vaccines, fluoride, and raw milk, with Clinton and guests aiming to dismiss “misleading” claims.

Clinton has previously admitted to working with the World Health Organization and the Gates Foundation on a massive childhood immunization campaign 👉 to catch as many kids up as possible. 👩‍👧‍👧

00:02:26
Built On Stellar XLM 💎 😉

Blockchain adoption demands both privacy and transparency. Stellar is built for both.

@tomerweller, SDF's Chief Product Officer, shares the path to privacy on Stellar:

Dont underestimate Stellar..
This is financial advice. 💎

00:01:01
👉 Coinbase just launched an AI agent for Crypto Trading

Custom AI assistants that print money in your sleep? 🔜

The future of Crypto x AI is about to go crazy.

👉 Here’s what you need to know:

💠 'Based Agent' enables creation of custom AI agents
💠 Users set up personalized agents in < 3 minutes
💠 Equipped w/ crypto wallet and on-chain functions
💠 Capable of completing trades, swaps, and staking
💠 Integrates with Coinbase’s SDK, OpenAI, & Replit

👉 What this means for the future of Crypto:

1. Open Access: Democratized access to advanced trading
2. Automated Txns: Complex trades + streamlined on-chain activity
3. AI Dominance: Est ~80% of crypto 👉txns done by AI agents by 2025

🚨 I personally wouldn't bet against Brian Armstrong and Jesse Pollak.

👉 Coinbase just launched an AI agent for Crypto Trading

🚨 JAPAN TOURS ENABLED ON XRP LEDGER & STABLECOIN PAYMENTS VIA GRAB 🚨

Japan’s tourism industry is gearing up for an upgrade, as SBI Ripple Asia partners with travel agency Tobu Top Tours to roll out blockchain-powered payments on the XRP Ledger, while USDC and USDT payments launch for everyday use via the Grab super-app as part of Asia Express.

🔑 Key Points:

🔹 XRP Ledger Tourism Payments: SBI Ripple Asia and Tobu Top Tours will issue custom tokens and NFTs on the XRP Ledger, enabling visitors to pay for accommodation, dining, shopping, and experiences in Japan through instantaneous and cost-effective digital transactions.

🔹 Stablecoins Go Mainstream: In Singapore, OKX and Grab introduce USDC and USDT payments for rides, food delivery, and local commerce, making stablecoin spending part of daily habits across millions of consumers.

🔹 NFT-Driven Engagement: Tourism transactions on the XRP Ledger will also feature NFT-based incentives, digital keepsakes, and loyalty rewards, expanding use...

The Pyth Networks Booth At Suifest 🚀
post photo preview

🚨 RIPPLE PARTNERS WITH UC BERKELEY TO LAUNCH DIGITAL ASSETS CENTER 🚨

Ripple has partnered with the University of California, Berkeley’s College of Engineering to establish a new Center for Digital Assets (CDA), backed by $1.3 million in funding denominated in Ripple’s USD-backed stablecoin, $RLUSD. The center aims to advance pioneering research at the intersection of blockchain technology and digital twin innovations to revolutionize how physical assets are captured, valued, and exchanged in the digital realm.

🔑 Key Points:

🔹 Funding & Mission: Ripple’s $1.3 million $RLUSD donation funds collaborative research designed to develop trusted methods for defining and measuring digital asset value—spanning blockchain-based assets such as NFTs, cryptocurrencies, and tokenized real-world assets, including digital replicas of physical items (digital twins).

🔹 Partnership & Impact: The center combines UC Berkeley’s academic expertise with Ripple’s technical resources, building on a ...

post photo preview
The Great Onboarding: US Government Anchors Global Economy into Web3 via Pyth Network

For years, the crypto world speculated that the next major cycle would be driven by institutional adoption, with Wall Street finally legitimizing Bitcoin through vehicles like ETFs. While that prediction has indeed materialized, a recent development signifies a far more profound integration of Web3 into the global economic fabric, moving beyond mere financial products to the very infrastructure of data itself. The U.S. government has taken a monumental step, cementing Web3's role as a foundational layer for modern data distribution. This door, once opened, is poised to remain so indefinitely.

The U.S. Department of Commerce has officially partnered with leading blockchain oracle providers, Pyth Network and Chainlink, to distribute critical official economic data directly on-chain. This initiative marks a historic shift, bringing immutable, transparent, and auditable data from the federal government itself onto decentralized networks. This is not just a technological upgrade; it's a strategic move to enhance data accuracy, transparency, and accessibility for a global audience.

Specifically, Pyth Network has been selected to publish Gross Domestic Product (GDP) data, starting with quarterly releases going back five years, with plans to expand to a broader range of economic datasets. Chainlink, the other key partner, will provide data feeds from the Bureau of Economic Analysis (BEA), including Real Gross Domestic Product (GDP) and the Personal Consumption Expenditures (PCE) Price Index. This crucial economic information will be made available across a multitude of blockchain networks, including major ecosystems like Ethereum, Avalanche, Base, Bitcoin, Solana, Tron, Stellar, Arbitrum One, Polygon PoS, and Optimism.

This development is closer to science fiction than traditional finance. The same oracle network, Pyth, that secures data for over 350 decentralized applications (dApps) across more than 50 blockchains, processing over $2.5 trillion in total trading volume through its oracles, is now the system of record for the United States' core economic indicators. Pyth's extensive infrastructure, spanning over 107 blockchains and supporting more than 600 applications, positions it as a trusted source for on-chain data. This is not about speculative assets; it's about leveraging proven, robust technology for critical public services.

The significance of this collaboration cannot be overstated. By bringing official statistics on-chain, the U.S. government is embracing cryptographic verifiability and immutable publication, setting a new precedent for how governments interact with decentralized technology. This initiative aligns with broader transparency goals and is supported by Secretary of Commerce Howard Lutnick, positioning the U.S. as a world leader in finance and blockchain innovation. The decision by a federal entity to trust decentralized oracles with sensitive economic data underscores the growing institutional confidence in these networks.

This is the cycle of the great onboarding. The distinction between "Web2" and "Web3" is rapidly becoming obsolete. When government data, institutional flows, and grassroots builders all operate on the same decentralized rails, we are simply talking about the internet—a new iteration, yes, but the internet nonetheless: an immutable internet where data is not only published but also verified and distributed in real-time.

Pyth Network stands as tangible proof that this technology serves a vital purpose. It demonstrates that the industry has moved beyond abstract "crypto tech" to offering solutions that address real-world needs and are now actively sought after and understood by traditional entities. Most importantly, it proves that Web3 is no longer seeking permission; it has received the highest validation a system can receive—the trust of governments and markets alike.

This is not merely a fleeting trend; it's a crowning moment in global adoption. The U.S. government has just validated what many in the Web3 space have been building towards for years: that Web3 is not a sideshow, but a foundational layer for the future. The current cycle will be remembered as the moment the world definitively crossed this threshold, marking the last great opportunity to truly say, "we were early."

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto Donations👇
XRP: r9pid4yrQgs6XSFWhMZ8NkxW3gkydWNyQX
XLM: GDMJF2OCHN3NNNX4T4F6POPBTXK23GTNSNQWUMIVKESTHMQM7XDYAIZT
XDC: xdcc2C02203C4f91375889d7AfADB09E207Edf809A6

Read full Article
post photo preview
US Dept of Commerce to publish GDP data on blockchain

On Tuesday during a televised White House cabinet meeting, Commerce Secretary Howard Lutnick announced the intention to publish GDP statistics on blockchains. Today Chainlink and Pyth said they were selected as the decentralized oracles to distribute the data.

Lutnick said, “The Department of Commerce is going to start issuing its statistics on the blockchain because you are the crypto President. And we are going to put out GDP on the blockchain, so people can use the blockchain for data distribution. And then we’re going to make that available to the entire government. So, all of you can do it. We’re just ironing out all the details.”

The data includes Real GDP and the PCE Price Index, which reflects changes in the prices of domestic consumer goods and services. The statistics are released monthly and quarterly. The biggest initial use will likely be by on-chain prediction markets. But as more data comes online, such as broader inflation data or interest rates from the Federal Reserve, it could be used to automate various financial instruments. Apart from using the data in smart contracts, sources of tamperproof data 👉will become increasingly important for generative AI.

While it would be possible to procure the data from third parties, it is always ideal to get it from the source to ensure its accuracy. Getting data directly from government sources makes it tamperproof, provided the original data feed has not been manipulated before it reaches the oracle.

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto
XRP: r9pid4yrQgs6XSFWhMZ8NkxW3gkydWNyQX
XLM: GDMJF2OCHN3NNNX4T4F6POPBTXK23GTNSNQWUMIVKESTHMQM7XDYAIZT
XDC: xdcc2C02203C4f91375889d7AfADB09E207Edf809A6

Read full Article
post photo preview
List Of Cardano Wallets

Well-known and actively maintained wallets supporting the Cardano Blockchain are EternlTyphonVesprYoroiLaceADAliteNuFiDaedalusGeroLodeWalletCoin WalletADAWalletAtomicGem WalletTrust and Exodus.

Note that in case of issues, usually only queries relating to official wallets can be answered in Cardano groups across telegram/forum. You may need to consult with specific wallet support teams for third party wallets.

Tips

  • Its is important to ensure that you're in sole control of your wallet keys, and that the keys used can be restored via alternate wallet providers if a particular one is non-functional. Hence, put extra attention to Non-Custodial and Compatibility fields.
  • The score column below is strictly a count of checks against each feature listed, the impact of specific feature (and thus, score) is up to reader's descretion.
  • The table represents current state on mainnet network, any future roadmap activities are out-of-scope.
  • Info on individual fields can be found towards the end of the page.
  • Any field that shows partial support (eg: open-source field) does not score the point for that field.

Brief info on fields above

  • Non-Custodial: are wallets where payment as well as stake keys are not shared/reused by wallet provider, and funds can be transparently verified on explorer
  • Compatibility: If the wallet mnemonics/keys can easily (for non-technical user) be used outside of specific wallet provider in major other wallets
  • Stake Control: Freedom to elect stake pool for user to delegate to (in user-friendly way)
  • Transparent Support: Easy approachability of a public interactive - eg: discord/telegram - group (with non-anonymous users) who can help out with support. Twitter/Email supports do not count for a check
  • Voting: Ability to participate in Catalyst voting process
  • Hardware Wallet: Integration with atleast Ledger Nano device
  • Native Assets: Ability to view native assets that belong to wallet
  • dApp Integration: Ability to interact with dApps
  • Stability: represents whether there have been large number of users reporting missing tokens/balance due to wallet backend being out of sync
  • Testnets Support: Ability to easily (for end-user) open wallets in atleast one of the cardano testnet networks
  • Custom Backend Support: Ability to elect a custom backend URL for selecting alternate way to submit transactions transactions created on client machines
  • Single/Multi Address Mode: Ability to use/import Single as well as Multiple Address modes for a wallet
  • Mobile App: Availability on atleast one of the popular mobile platforms
  • Desktop (app,extension,web): Ways to open wallet app on desktop PCs
  • Open Source: Whether the complete wallet (all components) are open source and can be run independently.

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto
XRP: r9pid4yrQgs6XSFWhMZ8NkxW3gkydWNyQX
XLM: GDMJF2OCHN3NNNX4T4F6POPBTXK23GTNSNQWUMIVKESTHMQM7XDYAIZT
XDC: xdcc2C02203C4f91375889d7AfADB09E207Edf809A6

 

Read full Article
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals