Crypto Security Incidents - December 2024
- Nominis Research Team
- Apr 6
- 10 min read
The decentralized finance (DeFi) space experienced a relatively quiet month in December 2024 compared to previous months, with the total value of reported hacks and exploits amounting to approximately $3.6 million—a significant drop from $65.2 million in November.
While overall scam activity has decreased, several notable incidents still pose serious risks to protocols and individual users.
The key incidents outlined in this report highlight a variety of attack vectors, including API vulnerabilities, reentrancy attacks, protocol logic flaws, and private key leaks. Some of the more significant breaches involved Clipper DEX, TheGemPad, Arata, and FEGtoken, with losses ranging from $11,200 to $1 million. The most prominent exploit of the month involved TheGemPad, resulting in a staggering $1.8 million loss.
In addition to protocol-specific incidents, December saw an uptick in individual scams, including phishing, romance scams, and malware attacks. These scams collectively caused over $3.39 million in losses, underscoring the ongoing risks faced by DeFi users. Notably, phishing attacks remained the most common method used by threat actors, often targeting high-value users through social engineering tactics such as compromising social media accounts, fake airdrops, and malicious software links.
Despite the downward trend in the volume of DeFi exploits, the variety and creativity of attack methods continue to evolve. This highlights the need for constant vigilance, security improvements, and user education to prevent future losses as we enter 2025. December’s incidents offer critical insights into key vulnerabilities, emerging trends, and effective mitigation strategies.
Key Incidents Overview
Clipper DEX - December 1, 2024
API Vulnerability or withdrawal vulnerability
The co-founder of the security organization Fuzzland, @shoucccc, posted on X stating that “Clipper DEX has been hacked due to an API vulnerability” (such as private key leakage). The following day, Clipper DEX itself argued that it was “likely caused by a withdrawal vulnerability” instead. Recent reports support losses were higher than $500,000, with an alleged further $6.5 million specifically at risk at the time of the hack. Users were encouraged to withdraw their funds immediately, and Clipper released a statement on X announcing a ‘pause on swaps and deposits.’
Impact: $ ~500,000
Spectral Labs - December 1, 2024
Protocol Logic attack
Spectral Labs, a ‘machine intelligence network’ generating onchain agents, released a statement on X explaining their recent experience of a vulnerability in its bonding curve contracts. This ultimately resulted in a $200K liquidity loss. In response, the platform was immediately secured by deactivating the app and pausing contracts to prevent further issues. Syntax is working with security experts to investigate the breach, address the root cause, and restore the platform. Users were assured that detailed updates would follow soon.
Impact: $200,000
DeBox - December 2, 2024
Private Key Leakage
DeBox, the ‘largest on-chain holding community’ reported an incident on their X account concerning a private key leakage. DeBox suffered a loss of 31.03 ETH and 4.88M BOX tokens due to a key leak in an operational wallet, unrelated to user security. To address this, DeBox said it would deploy a Stabilization Fund to buy back stolen tokens within a week, with all recovered tokens managed through BOX DAO community votes. The operational account would transition to a multi-signature wallet for added security. DeBox announced it intended to hire a professional firm to investigate the breach and trace stolen assets.
Impact: $275,000
#BYC token on BSC - December 3, 2024
Business Logic Flaw
An attack was detected on an unknown #BYC token on BSC, resulting in approximately $100,000 in losses. Due to the token’s flawed mechanism, which burns tokens from pairs once the token balance reaches a limit, the attacker can sandwich it with swaps, making a profit from the price distortion created as a result of the token burn.
Impact: $100,000
VestraDAO - December 4, 2024
Business Logic Flaw
Vestra DAO on Ethereum experienced an exploit in its Locked Staking contract, leading to the theft of 73,720,000 VSTR tokens, valued at approximately $378,400. The Stolen funds were sold, and deposited to TornadoCash.
Impact: $400,000
Arata - December 6, 2024
‘Market maker wallet’ hack
Arata announced on X that their ecosystem and CEX wallet had been exploited, with the hacker selling a significant portion of the tokens’. Their announcement confirmed that the team wallets remained safe and locked and that an investigation was underway. In a later announcement, they confirmed that specifically a ‘Marker-making wallet’ had been hacked, with the hacker transferring funds from this wallet to a new wallet, then to ecosystem wallets elsewhere. They confirmed that the hacker had stolen approximately $1 million in tokens, and some on X speculate that this was an inside job (however, there is no further evidence to suggest this is the case)
Impact: $1,000,000
StargateFinance - December 6, 2024
Contract vulnerability
Numerous suspicious attacks involving Stargate on the BSC (Binance Smart Chain) were announced, resulting in a loss of over $32,800. Later, further reports suggested that the attacker seemingly was able to drain USDT from an investment strategy contract that stakes funds in Stargate itself, as opposed to an element of Stargate’s core protocol.
Impact: Over $32,800
MAAT - December 7, 2024
Security vulnerability
MAAT, an omnichannel meta-yield aggregator, reported a security incident in its alpha release, which allowed attackers to exploit vulnerabilities and withdraw $240,000 USD without authorization. Announcements made on X, used to reference the reporting of this incident, have since been deleted.
Impact: $240,000
Clober - December 10, 2024
Contract vulnerability
Description: CloberDEX suffered an exploit targeting its liquidity vault, via a re-entry vulnerability in the burn functions of the Rebalancer contract. The core Clober protocol ‘remained unaffected’.
$501,000
Unknown Protocol on #BSC- December 10, 2024
Access Control Issue
Announcements on X emerged suggesting suspicious transactions, seemingly initiating governance attacks, had been detected on an unknown protocol on the #BSC blockchain. There is little further information surrounding this attack.
Impact: $640,000
LABUBU vulnerability - December 10, 2024
Transfer logic flaw
Description: LABUBU token on the #BSC chain was seemingly exploited due to a ‘flaw in its transfer logic’, where the attacker manipulated the token’s balance system to increase their balance for free. The money was then laundered via token swaps.
Impact: $11,900
Reentrancy Attack
Description: The #BNBS token was attacked via a reentrancy attempt, invoking a vulnerable contract’s function before the previous execution reached completion. The contract’s failure to update its state before transferring funds allows the hacker to drain funds from the target.
Impact: $20,300
JHY Exploit - December 14, 2024
Contract vulnerability
A suspicious attack was detected involving the #JHY token on #BSC, resulting in a loss of about $11.2k. The attacker ‘exploited the token’s reward mechanism, draining rewards from the dividend tracker contract’.
Impact: $11,200
DCF Flash Loan- December 15, 2024
Flashloan exploit
Description: Decentralised Finance on the #BSC chain suffered a flashloan. The transaction involved a flash loan where the borrower used the borrowed funds to manipulate a DeFi protocol by migrating and adjusting a trove (collateralized debt position). Through the ‘MigrateTroveZap’ contract, they closed an existing trove, withdrew significant collateral, and repaid the loan within the same transaction. The borrower profited from the exploit by gaining assets without upfront collateral - a typical flashloan method.
Impact: $8,800
Contract vulnerability
Description: Announcements on X suggested the detection of a suspicious attack involving the #BTC24H #Lock on #Polygon. According to the announcement, the Lock contract’s ‘claim’ function failed to check if msg.sender was an eligible claimant, therefore anyone could claim BTC24H tokens following the introduction of the contract.
Impact: $85,700
TheGemPad- December 17, 2024
Security vulnerability
Description: Multichain launchpad ‘TheGemPad’ announced information following a security lock breach incident. Though unclear how the attacker breached the security locks, other posts on X suggest that numerous chains were attacked, and the attacker drained digital assets from the GemPad lock and swapped them to ETH and BNB.
Impact: $1,800,000
HarryPotterObamaSonic10Inu 2.0 - December 18, 2024
Access Control
Description: Announcements on X suggested the detection of attempted exploits on a series of transactions on Ethereum, specifically targeting funds in the liquidity pool of the HarryPotterObamaSonic10Inu 2.0 token. The exploiter took advantage of ineffective access control of the 0x433e() method of the operator contract to add and remove liquidity in large quantities to cause dramatic price fluctuations. The attacker then deposited the profit into Tornado Cash.
Impact: $243,000
SlurpyCoin - December 18, 2024
Flashloan exploit
Description: A flashloan exploit was detected in Slurpycoin on the Binance Smart Chain (BSC). The attacker exploited the token’s buyback mechanism and made approximately $3,000 through sandwich arbitrage strategies. Notably, this exploitation appears closely related to an earlier attack on July 2 targeting the MRP token, which resulted in a $10,000 loss. Users and projects are encouraged to exercise caution and implement stronger security measures to prevent similar vulnerabilities.
Impact: $3,000
Moonhacker Vault on Optimism - December 24, 2024
Flashloan exploit
Description: Announcements on X suggested the detection of a large flashloan exploit on the MoonHacker contract. The Moonhacker vault was seemingly exploited due to two critical vulnerabilities: an unprotected executeOperation function and improper validation of input addresses. The attacker used a flash loan from Aave to repeatedly call repayBorrow and redeem functions on the vault, draining its USDC collateral. By specifying their own wallet as the approval address instead of the intended mUSDC contract, they gained unauthorized access to the funds.
Impact: $320,000
FEGtoken - December 29, 2024
Security vulnerability
Description: Analysis indicates that the incident was likely caused by a composability issue linked to the integration with the Wormhole cross-chain bridge, a system enabling token and message transfers across different blockchains. The FEG Token project released a statement on X, offering a white hat bounty to the Exploiter.
Impact: $1,000,000
December’s major crypto incidents, by type and total loss ($):
Individual cases:
Reported incidents of individual losses throughout December have amounted to approximately $3.39 million. The most prominent of these scams were phishing scams, primarily via malicious links, spoofing addresses and fake popups. On par with phishing scams were Pig-butchering and Romance Scams , where victims are exploited both emotionally and then financially. These cases in December saw huge losses, including a $1.2 million loss in just one case. The third most prominent type of scam among report individual cases were malware links, involving fake software, such as ‘Zoom’, used to unknowingly compromise victims’ devices and steal credentials.
Trends in individual cases: December saw phishing attacks as the most common attack method, having caused significant losses. High-Value targets were frequently targeted through social engineering, such as compromising X accounts, and fake airdrops. Naturally, Romance and Pig-butchering scams were highly profitable for threat actors, as seen throughout Q4 of 2024. Fortunately, the most prominent scams of the month can be some of the simplest to prevent - remaining vigilant against fake links, pop-ups, and impersonations, particularly during airdrop promotions and software downloads, could majorly reduce financial losses for unsuspecting victims.
Miscellaneous Community cases:
On 8 December, the Cardano Community announced on X that the Cardano Foundation’s X account had been hacked. The announcement reassured followers that an investigation was underway and the issue would be resolved. The Cardano Foundation announced that the issue had been resolved on 13 December.
On 10 December, Haven Protocol reported a hack exploiting a flaw in "range proof validation," allowing attackers to mint unauthorized XHV. While audits show 263 million XHV in circulation, exchanges report over 500 million, pointing to the exploit. The team warned the community ‘PLEASE DO NOT BUY ANY HAVEN ASSETS ON ANY EXCHANGES’. On December 12, the Haven Protocol project announced the closure of the project.
Individual Losses by Type:
Key takeaways
December 2024 saw a notable decline in overall DeFi exploit volumes, marking the quietest month of the quarter with approximately $3.6 million in reported losses. This figure is a stark contrast to the preceding months, where the DeFi space saw over $180 million losses in the previous months. While this reduction signals improved security measures across protocols, persistent vulnerabilities, and evolving attack techniques remain significant concerns.
Several key trends emerged from this month’s incidents:
💡 Diverse Attack Vectors Persist Attacks in December showcased a broad range of exploit types, from contract vulnerabilities and withdrawal flaws to flash loan exploits and private key leaks. Notably, business logic flaws and reentrancy attacks were common, underscoring the need for rigorous smart contract audits and improved protocol design.
🫥 Individual Scams Remain a Major Threat In addition to protocol-level exploits, phishing, romance scams, and malware attacks continued to impact individual users. These scams caused over $3.39 million in losses and remain highly effective for attackers, particularly through social engineering tactics. The ongoing prevalence of these scams highlights the critical importance of user education and awareness.
💸 High-Value Targets and Community Impact Some of the most impactful incidents targeted well-known protocols and tokens, including Clipper DEX, TheGemPad, and Vestra DAO. These attacks have a ripple effect on the broader DeFi community, affecting user confidence and project credibility. Notably, Cardano’s X account hack and Haven Protocol’s closure emphasize the reputational risks associated with security breaches.
🔐 DeFi Security is Improving, but Gaps Remain The gradual reduction in total value hacked (TVH) volumes suggests that security measures are improving across the DeFi ecosystem. However, persistent vulnerabilities in protocol logic, access controls, and wallet management continue to be exploited. Proactive security practices, such as multi-signature wallets, routine audits, and real-time monitoring, remain essential.
December 2024 Hacks: Final Thoughts
While the drop in exploit volumes is encouraging, the DeFi community cannot afford to become complacent. Threat actors continue to evolve their strategies, finding new ways to exploit even minor protocol weaknesses. The rise of social engineering scams targeting individuals adds another layer of complexity, underscoring the need for holistic security strategies that address both technical vulnerabilities and human factors.
Moving forward, collaboration between security researchers, developers, and users will be vital in building resilient protocols and ensuring a safer DeFi ecosystem.
End of Year Findings
The year 2024 witnessed significant financial losses in the cryptocurrency sector due to hacks and frauds, with estimates indicating over $6 billion in total losses—a 40% increase compared to 2023. A substantial portion of these losses stemmed from access control vulnerabilities, which accounted for 81% of the total. In the decentralized finance (DeFi) space, there were 339 reported security incidents, representing 82.68% of all security breaches, with losses amounting to approximately $1.029 billion. Notably, North Korean-affiliated groups were responsible for $1.34 billion in cryptocurrency thefts across 47 incidents, comprising two-thirds of global cryptocurrency hacks.
Despite the overall increase in annual losses, December 2024 experienced a decline in hacking incidents, with approximately $24.7 million lost across 25 attacks—a 71% decrease from November. This reduction made December one of the months with the lowest losses in 2024. These statistics underscore the persistent and evolving security challenges within the cryptocurrency ecosystem, highlighting the critical need for enhanced security measures and vigilance to protect digital assets.
While we strive for accuracy in our content, we acknowledge that errors may occur. If you find any mistakes, please reach out to us at contact@nominis.io Your feedback is appreciated!