North Korean Hackers’ $308M DMM Bitcoin Heist Tops 2024, AI Poses Greater Risks Ahead

It was no surprise.
Blockchain security experts had been warning loudly since last year: attacks targeting private keys and smart contract ownership would wreak havoc on crypto projects in 2024.

Private keys control access to crypto wallets and require secure storage. If compromised, hackers can steal funds directly from wallets. Despite these warnings, some companies failed to implement adequate safeguards. The result? North Korean hackers stole a staggering $1.34 billion in cryptocurrency this year, according to blockchain forensics firm Chainalysis.

Luciano Ciattaglia, VP of services at blockchain security firm Hacken, called these breaches “avoidable mistakes,” citing improper security practices such as insufficient encryption and centralized storage by third-party private key management platforms.

This year, private key leaks accounted for 81% of the $2.3 billion lost to crypto theft, says blockchain security firm Cyvers. Here’s a breakdown of the top five crypto hacks of 2024:

1. DMM Bitcoin ($308 million in May)
   Japanese exchange DMM Bitcoin suffered the year’s largest hack, losing 4,502.9 BTC ($308M). Security experts suspect North Korean hackers gained access to the platform’s private keys, employing laundering techniques linked to the notorious Lazarus Group. Unable to recover, DMM Bitcoin shut down in November, transferring assets to SVI VC Trade.
2. PlayDapp ($290 million in February)
   Blockchain gaming app PlayDapp faced a smart contract hijack, with attackers minting over 1.6 billion PLA tokens. Swift action by PlayDapp froze the stolen tokens, averting catastrophic losses. The platform has since transitioned to a new token contract.
3. WazirX ($235 million in July)
   Despite employing robust security measures, Indian exchange WazirX fell victim to hackers who exploited multisig wallet vulnerabilities. They used complex methods to trick administrators, resulting in $235M stolen across cryptocurrencies. Indian police arrested a suspect linked to the attack.
4. Radiant Capital ($62.5 million)
   DeFi lending protocol Radiant Capital endured two attacks in 2024. The January breach exploited smart contract weaknesses, while October’s attack involved malware that compromised private keys. Both incidents are attributed to North Korean hackers.
5. Munchables ($62.5 million in March)
   Internal threats hit NFT project Munchables when an insider introduced vulnerabilities in the smart contract, enabling a $62.5M Ether theft. Fortunately, $60.5M was later recovered after the attacker returned the private keys.

Looking Ahead: Challenges Amplified by AI and Quantum Computing

The increasing sophistication of attacks poses serious challenges. AI, in particular, is expected to make phishing scams more convincing and enable attackers to identify smart contract vulnerabilities faster. Quantum computing advancements could further amplify these threats.

BitGalactic’s Perspective:
The DMM Bitcoin heist is a chilling reminder of how ill-prepared the crypto industry is against state-sponsored cybercrime. BitGalactic emphasizes the urgent need for decentralized, quantum-resistant key management systems and robust AI defense mechanisms. As 2025 looms, proactive investment in next-gen cybersecurity should be a top priority for any crypto project seeking to thrive in this high-stakes environment.