In October, several high-profile crypto security breaches contributed to industry-wide losses totaling nearly $130 million.
Among the significant incidents, a crypto user reportedly lost 15,079 fwDETH, equivalent to about $36 million, after falling victim to a phishing attack on October 11. Meanwhile, crypto exchange M2 disclosed a $13.7 million hack, with attackers draining its hot wallets of assets including Bitcoin, Ethereum, and Solana. M2 assured users that the issue was resolved, and funds were fully restored.
October saw a surge in crypto losses, primarily from exit scams, flash loan exploits, and other security breaches, as documented by blockchain security firm CertiK. The largest losses stemmed from protocol exploits, amounting to $127 million. Radiant Capital, a lending platform, suffered the month’s biggest hit with an exploit resulting in a loss of over $50 million.
Following the attack, Radiant temporarily suspended its BNB Chain and Arbitrum markets, later revealing that the breach was due to a malware attack that compromised the devices of several core developers.
To enhance security, Radiant has since restructured its protocol ownership under a timelock contract, requiring a 72-hour delay on all changes. Although October’s losses represented a slight month-over-month increase, they marked a substantial decline from May’s peak losses of $324.7 million.
Hackers in the crypto world are changing course, moving away from exploiting smart contracts and turning their focus toward tricking users directly.
Coinbase is now facing mounting scrutiny after it allegedly sat on a serious data breach for over four months, exposing the personal information of nearly 70,000 users before taking action.
A major security lapse has rocked Taiwan-based crypto exchange BitoPro, which quietly suffered an $11.5 million hack earlier in May but failed to alert users for weeks.
A Nevada resident has been sentenced to six years in federal prison after orchestrating a sophisticated fraud operation that involved stealing U.S. Treasury checks and using stolen identities to access the funds.