Crypto is the Wild West of finance — a vast, untamed frontier brimming with opportunity. However, this is also a realm where outlaws and bandits lurk around every corner.
Hacks and scams are two of the biggest threats to users looking to hop aboard the crypto bandwagon. Hacks are tech-driven attacks that exploit system flaws, like breaching an exchange or cracking a wallet’s security, while scams are about tricking people — convincing victims to hand over their money through fake projects or too-good-to-be-true offers.
But why is this West so wild?
The blockchain world allows pseudonymity, suffers from a lack of regulation, and introduces new, complex technologies.
In other words, crypto transactions are sometimes hard to trace, there’s not always a clear authority to oversee or enforce rules, and many users are still learning the ropes, making them easier targets for scammers.
In this article, let’s dive into the top crypto hacks and scams that rocked the crypto space.
Crypto hacks to watch out for in October 2024
1. Phishing attacks
Phishing attacks are fraudulent attempts to steal sensitive information such as private keys, passwords or crypto by pretending to be a trusted entity. Attackers often impersonate official platforms or services, creating fake websites or messages designed to trick users into revealing their personal information.
A sophisticated phishing scam targeted Spark Wrapped Ether (spWETH) users, leading to the theft of $32.43 million. The attackers lured victims into signing fraudulent “permit” signatures, giving them unauthorized access to users’ spWETH tokens, which were then moved across multiple wallets.
To protect yourself from phishing, always double-check the sender’s identity and URL before clicking any links or signing anything. Avoid clicking on links from unsolicited emails or social media messages, and never share your private keys or seed phrases. Use multifactor authentication (MFA) to add an extra layer of security, and ensure you only interact with verified and official communication channels
2. Rug pulls
Rug pulls occur when developers of a crypto project suddenly disappear, taking investor funds with them. These scams usually happen with new tokens, decentralized finance (DeFi) platforms or initial coin offerings (ICOs).
A notable example from September 2024 involved BaseBros Fi, a DeFi protocol on the Base blockchain. Developers vanished after deleting all their social media accounts and draining $130,000 from user deposits. They used an unaudited smart contract, which allowed them to siphon off funds without raising suspicion until it was too late.
To avoid rug pulls, invest in projects with audited smart contracts and transparent, identifiable teams. Check if the project has backing from reputable investors or organizations, and look for continuous updates and community engagement. Always be cautious of projects that offer guaranteed high returns or those that lack external verification from third-party audits.
3. Fake airdrops
Fake airdrops are scams where attackers offer free tokens to lure users into revealing their private keys or connecting their wallets to malicious sites.
For example, on Sept. 19, 2024, Decentraland’s official X account was hijacked, and hackers promoted a fake MANA token airdrop. The phishing link they shared tricked users into connecting their wallets to a fraudulent site, which compromised their funds as soon as they interacted with it.
To protect yourself from fake airdrops, only engage with airdrops from verified official sources. Always confirm airdrop details via official websites or trusted community channels.
Be skeptical of unsolicited messages about airdrops, especially if they require you to connect your wallet or share sensitive information. Using hardware wallets or non-custodial wallets with strong security settings can also help limit your exposure to scams.
4. Crypto Ponzi schemes
Crypto Ponzi schemes involve promises of high returns, where early investors are paid with money from new investors rather than legitimate profits. These schemes collapse when there are not enough new participants to sustain payouts.
A notable case from October 2024 involved David Carmona, founder of IcomTech, who was sentenced to 121 months in prison for running a Ponzi scheme disguised as a cryptocurrency trading and mining company. IcomTech scammed investors by claiming their funds were being used for profitable crypto ventures, but in reality, the scheme paid old investors using funds from new recruits until it imploded, leaving many with huge losses.
To protect yourself from Ponzi schemes, be wary of investments that promise guaranteed returns, especially if those returns seem too good to be true. Research any company or project thoroughly before investing, checking for transparency about how profits are generated. Ensure the company’s business model is sustainable and avoid schemes that rely heavily on recruiting new participants.
Did you know? Victims of the infamous BitConnect Ponzi scheme, which defrauded investors out of billions, began recovering some of their lost funds after US authorities seized over $56 million in cryptocurrency from the scheme’s promoters in 2021. This marked one of the few cases where crypto Ponzi victims managed to get part of their money back.
5. Smart contract exploits
Smart contract exploits occur when hackers find vulnerabilities in a project’s code and use them to manipulate or drain funds. A smart contract is a self-executing contract with the terms of the agreement directly written into code.
For example, the Penpie platform lost $27 million in September 2024 after an attacker exploited a reentrancy protection flaw in the contract’s reward system, allowing them to repeatedly claim rewards that weren’t meant to be distributed. Similarly, the Indonesian exchange Indodax lost $21 million when hackers breached its withdrawal system and siphoned off multiple cryptocurrencies, including Bitcoin (BTC) and Shiba Inu (SHIB).
To protect yourself from smart contract exploits, stick to projects that have undergone rigorous code audits by reputable third-party firms. Avoid using platforms or decentralized applications (DApps) that have not been extensively tested or that have recently launched without an established track record.
Stay informed about vulnerabilities in the DeFi space and follow trusted security firms for updates on exploits. Consider using insurance services available in the DeFi ecosystem to mitigate the risk of losing funds in case of an exploit.
Did you know? In 2023, hackers stole over $3.8 billion from the cryptocurrency industry through various exploits, making it one of the worst years for crypto-related thefts. The majority of these attacks targeted decentralized finance (DeFi) platforms, accounting for about 80% of the losses, as reported by blockchain analytics firm Chainalysis.
6. Crypto exchange hacks
Crypto exchange hacks happen when attackers exploit vulnerabilities in the exchange’s security infrastructure, allowing them to steal funds from user accounts.
As an example, in October 2024, BingX, a centralized exchange, suffered a significant breach resulting in the loss of $44 million after hackers bypassed their security systems and withdrew large amounts of cryptocurrency. This attack is believed to have been facilitated by malware that compromised the platform’s hot wallets across multiple blockchains, allowing the hackers, possibly linked to the infamous Lazarus Group, to gain access to private keys.
To avoid falling victim to an exchange hack, avoid keeping large sums of crypto on exchanges. Instead, use cold storage or hardware wallets to store your assets securely. Make sure to enable two-factor authentication (2FA) on your exchange accounts and regularly monitor account activity for suspicious behavior. Use exchanges with a strong reputation for security and transparency, and be sure to diversify your holdings across multiple platforms.
7. Money mule scams
Money mule scams involve criminals recruiting individuals to transfer stolen or illicit funds through their accounts in exchange for a commission.
In September 2024, for instance, Russian authorities arrested over 100 people connected to the Cryptex crypto exchange, which was involved in laundering millions through a network of money mules. These individuals unknowingly helped move illicit funds for organized crime groups, making it one of the largest crypto-related money laundering operations in 2024.
To protect yourself from money mule scams, never agree to transfer money for others without fully understanding the source and legitimacy of the funds.
Be suspicious of any requests to use your account for transferring large sums of money, especially if they offer commissions for doing so. Report any suspicious activities to the authorities, and always conduct due diligence on any financial transactions you’re asked to participate in.
Did you know? The average age of money mules in crypto scams is often between 18 and 34, with many young people being coaxed through job ads promising easy money for “processing payments.” While some may not realize they are part of illegal activity, those caught can face severe punishments, including up to 20 years in prison, hefty fines and permanent damage to their financial records.
8. Celebrity impersonation scams
Celebrity impersonation scams use the likeness or identity of well-known public figures to deceive victims into sending money, typically through fake promotions or giveaways. These scams often rely on deepfake technology or hacked social media accounts to create convincing appearances of celebrities endorsing fraudulent crypto schemes.
For instance, in September 2024, scammers hijacked YouTube to livestream a deepfake of Apple CEO Tim Cook during the iPhone 16 launch, promising viewers that any cryptocurrency they sent would be doubled. This scam exploited the high visibility of a legitimate event to deceive users and amassed hundreds of thousands of views before being taken down.
To protect yourself, be highly skeptical of any promotions involving cryptocurrency giveaways, especially those claiming to be endorsed by a celebrity. Always verify the authenticity of such offers through official channels — like the celebrity’s verified social media profiles or trusted news sources — and avoid acting on unsolicited messages.
Additionally, refrain from sending crypto to any address promising returns, as legitimate companies or public figures do not conduct giveaways in this manner.
Steps to take if you’re a victim of a crypto scam
Due to the anonymity in crypto, recovering lost funds can be tough, but it’s not the end of the world — with swift action, documentation and the right tools, there’s still hope. Here are some general steps:
- Stop all communication with the scammer: Immediately cease any further interactions with the scammer to prevent additional losses.
- Document everything: Gather all relevant information, such as transaction IDs, wallet addresses, emails, screenshots of conversations and any suspicious links you clicked. This evidence will be crucial when reporting the incident.
- Report the scam to the exchange or platform: If you sent cryptocurrency via a specific exchange or wallet platform, report the fraudulent activity to them. They may be able to freeze the funds, block suspicious accounts, or provide support in recovering the funds.
- Contact blockchain forensics firms: Reach out to blockchain forensics companies like Chainalysis or CipherTrace. These firms specialize in tracing and analyzing blockchain transactions, which can help track where your stolen funds went.
- File a complaint with law enforcement: Report the scam to your local authorities and agencies like the United States Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) or other relevant financial regulatory bodies in your country. Some countries also have specialized units for financial crimes that can assist in investigations.
- Notify your bank or payment provider: If your credit card or bank account details were involved, notify your bank immediately to freeze your account and dispute any unauthorized transactions.
- Educate yourself on crypto security: After resolving the incident, take proactive steps to protect your future transactions. Enable 2FA, use hardware wallets for storing large sums of cryptocurrency, and only transact on reputable, verified platforms.
By following these steps, you’ll be taking crucial actions to mitigate the damage and potentially recover your lost assets.
Written by Bradley Peak