List of Crypto Hacks in the Month of February — ImmuneBytes

15 min readFeb 22, 2024

😈On Feb 1, 2024, an address on Ethereum fell victim to a phishing attack and lost ~47.23 $stETH worth ~$109K.

Victim: 0x09e5249ca0fd21874ae47c092a069a8d8539caa4



Hack Txn 1:

Hack Txn 2:

To know phishing techniques adopted by crypto scammers and how to avoid falling for them, read these deep-insight articles on crypto phishing.

Zero-Value Token Transfer Phishing Attack
What is an Ice Phishing Blockchain Attack?
The Beginner’s Guide to Phishing Attacks

😈On Feb 4, 2024, due to an arbitrary DELEGATECALL.vulnerability in the proxy contract, a victim lost ~$11.4K worth of $USDC.

The victim was a @ibdotxyz user who was targeted with a malicious contract.

The Hope Money exploiter had manipulated Hope Money on the Ethereum Mainnet for 528 ETH, worth approximately $835,000, on October 18, 2023.


Phishing Txns:

Attacker (Hope Money Exploiter):

Hack Txn:

👿On Feb 5, 2024, a victim lost $468,227 worth of Lido ETH and Coinbase ETH on Ethereum

Victim: 0xb2cbe33dc64380e7afda17f6bbcd594cfa540ff7
Scammer: 0xe72681aee64b958e1f9df7db9eea98d1296bc36c

👿On Feb 7, 2024, an address on Ethereum lost $236,850 worth of $pufETH to phishing scams.

Victim: 0x19cb508a49a474c33d5d7b9446ffcd19aab81eb2


  • 0xf672775e124E66f8cC3FB584ed739120d32bBaad
  • 0x7f3CDdc92519dE28C5Fcf1bC57C26F3Ee512Bb35

Phishing Txns:

Phishing Txns:

👿On Feb 8, 2024, an address on Ethereum lost $236,276 worth of Aave WBTC and USDC.

Victim: 0x407a71481374e59d5a950ecba11e201c8df06b32

Scammer: 0xb3b52ff66b9ace60bf1fad2bfa7bdd20bac5252b

👿On Feb 8, 2022, Superfluid, an Ethereum-based money streaming protocol, was exploited for $13M worth of crypto assets.

Hack Txn:

An exploiter manipulated a smart contract vulnerability in the Superfluid’s host contract by creating distribution indexes to spoof several accounts holding Super-tokens.

This was made possible by passing in faulty calldata.

Later, the attacker moved funds from Superfluid user wallets to exchanges on Polygon and swapped them for ETH.

Although the exploited #smartcontract was pre-audited by a prominent smart contract auditing firm but, this incident proved that it was not enough to avoid this exploit.

What has Transpired So Far?

Attacker’s address:

👿Crypto gaming and NFT platform PlayDapp, which collectively lost ~$290M worth of PLA tokens in two separate attacks-on Feb 9 and Feb 12, 2024-has informed the community that it has paused its PLA smart contract to conduct a migration based on the snapshot.


In two separate exploits on Feb 9 and again on Feb 12, the exploiter managed to mint 200 million PLA tokens (worth ~$36.5 million) and 1.79 billion PLA tokens (worth $253.9 million), respectively.

The Hack Aftermath

As per the initial analysis, an unauthorized wallet possibly used a private key compromise to mint ~1.83 Billion PLA tokens in the two attacks.

However, PlayDapp tried contacting the exploiter through an on-chain transaction, offering a $1 million bounty in return for stolen funds.

Instead of responding to the offer, the hacker decided to mint 1.59 billion more PLA tokens valued at $253.9 million on Feb. 12 and simultaneously started laundering the funds through crypto exchanges.

Since the total circulating supply of PLA tokens was a mere 577 million before the breach, the exploiter struggled to sell the 1.8 billion newly minted tokens at anything close to their market value before the hacks.

The prices of the PLA token took a steep fall in response to the exploit.

In an effort to contain the exploit and stop the hacker from laundering the stolen funds, PlayDapp contacted numerous central exchanges and asked them to suspend deposits and withdrawals of PLA tokens.

It is also chalking out a strategy with blockchain forensic firms and law enforcement agencies to track the stolen funds. It is also holding discussions with the exchanges to launch airdrops for the migration of stolen funds.

The actual reason behind the intrusion is being investigated and will be known after the completion of the investigation.

😈In an exploit on Feb 13, 2024, the crypto casino platform @Duelbits suffered a massive exploit in which it lost ~$4.6m worth of crypto assets.

The hack has happened in @Duelbits wallets on $ETH and $BNB chains.

There has been no official statement from Duelbits on the hack so far, but the most likely reason behind the exploit is speculated to be a private key compromise or the loss of wallet access control.

The stolen funds comprise, but not limited to, $USDT, $APE, and $SHIB tokens.

The exploiter has managed to bridge stolen assets from BNB chain to Ethereum after swapping $USDT, $APE, and $SHIB to $ETH.

This was obviously an attempt to obfuscate the stolen funds trail. While swapping BNB for BSC-USD the exploiter came across a situation where the bridging to the Ethereum chain could not happen due to the lack of gas fees.

To overcome this, the hacker used the FixedFloat service, which allows quick cryptocurrency exchanges.

Attacker Address:

Exploit Txn:

The Vulnerability

Learn how to keep your private keys safe here: Compromised Private Keys: Threats and Remedies

👿Miner (@minerercx), a token based on an experimental token standard ERC-X, was exploited for ~168.8 ETH (~$463.4k) on Feb 14, 2024.

The attacker stole funds in multiple transactions by exploiting a vulnerability in the #smartcontract.

The ERC-X token prices took a nosedive of -87% as a result of the exploit.

What Miner is Doing About the Exploit?

The root cause lies with the _update function, which was awarding free tokens every time someone transferred tokens to themselves.

Being aware of this vulnerability, the attacker decided to manipulate this flaw and started sending tokens to himself in multiple transactions.

As soon as the tokens were sent, the _balances[from] function came into play and accurately calculated the attacker’s balance after subtracting the tokens the attacker sent but, due to the flaw, it was immediately overwritten by _balances[to], which erroneously added the sent value to the attacker’s balance, resulting in doubling of tokens in the account.

Attacker Address: 0xbff51c9c3d50d6168dfef72133f5dbda453ebf29

In an officially released statement, The Miner Team stated that they are re-auditing the vulnerable contract, and after its completion, the contract would be redeployed.

It also informed the community that the remaining liquidity of ~130 ETH will be used as LP for redeployment and that they are planning to take a pre-exploit snapshot of the current holders.

The Miner team has also left an on-chain message for the hacker to negotiate a deal for returning the funds in exchange for 30% (~$120k) of the stolen funds but, the attacker is yet to respond to this message.

On Chain Message:

👿On Feb 15, 2024, in two separate incidents, @particle_trade-a permissionless leverage trading protocol on BSC and defi protocol @dualpools , were exploited for ~$139k and ~$41k, respectively.

Initial reports are emerging that the @particle_trade exploit happened because of unchecked user input.

In an officially released statement, @particle_trade confirmed the exploit and stated that the exploit happened to Particle’s previously deprecated NFT contract and that Particle’s current protocol was not impacted in this security incident.

On the other hand, @dualpools has yet to acknowledge the hack officially.

Breakup of Stolen Funds for @dualpools Exploit

  • 50074554968631063877 BNB
  • 0.171600491149762551 ВТСВ
  • 3.992080348227829799 ETH
  • 6,378.808120780430189153 ADA
  • 911.577466008813446041 BSC-USD

@dualpools Hack Txn:

For Ethereum Chain

@dualpools Attacker address:


Malicious contract Used for @dualpools Exploit

What is FixedFloat?

😈Cryptocurrency exchange @FixedFloat was exploited for ~$4.85m on #Ethereum and ~$21.1m on BTC on Feb 16 and 17, 2024, respectively.

The stolen assets include 409 BTC and ~1,728 $ETH

Useful Read: What Happened to Stolen Funds? Bitcoin’s Lightning Network: An Inkling Shot at Mass Adoption

  • Victim Address: 0x4E5B2e1dc63F6b91cb6Cd759936495434C7e972F
  • Attacker Address: 0x85c4fF99bF0eCb24e02921b0D4b5d336523Fa085

The Hack

  • Victim Address: bc1qns9f7yfx3ry9lj6yz7c9er0vwa0ye2eklpzqfw
  • Attacker Address: bc1q2skp47p9f5mr4n4m27k66v0l68gh3xdd7ad4e5

FixedFloat is an automated crypto exchange that uses the Lightning Network for Bitcoin transactions.

The exchange does not require users’ registration or Know Your Customer (KYC) verifications.

The drainer already transferred most of the stolen $ETH to #eXch on #Ethereum. The stolen BTCs have been moved by the hacker to 3 different addresses.

  • Bc1qmrqgrusknj7zzhh5r975a7d6espsukgts805ns (~200 BTC)
  • Bc1q04yvaefxyan4fuygsv4nr08pxet8ae426dxxf3 (~170.85 BTC)
  • Bc1qp6gjx8par8e83lfqnem5q049x2qfpydfg27tjf (~38.45 BTC)

The exact reason for the exploit is being investigated. There has yet to be an official acknowledgment from FixedFloat at the time of writing this.

Initially, Team FixedFloat had ruled out the possibility of the attack when a massive outflow of funds was reported.

Is this the first breach at LastPass?

They attributed outflow to “minor technical problems” and switched its services to maintenance mode.

At the time of writing this, the official website still shows an under-maintenance message.

😈In another crypto security incident, the password manager @LastPass users suffered a breach in which 22 users lost $6.2 million worth of crypto assets. The breach is known to have happened between Feb 19 and 20, 2024.

The stolen funds on EVM have already been swapped and bridged to Bitcoin via THORChain.

How did the Hack Happen?

The list of affected users and domains can be found at

This is the fourth time that LastPass’ security was breached by malicious actors.

In the last breach, which happened in Oct 2023, the losses were to the tune of $4.4 million, and it involved 80 crypto wallets belonging to 25 victims.

Before that, in Dec 2021, @LastPass users faced security incidents related to credential stuffing.

Also, in June 2015, LastPass acknowledged a breach in which email addresses, password reminders, server-per-user salts, and authentication hashes were compromised.

In Dec 2022, @LastPass informed its users about unauthorized access to its third-party cloud-based storage service, which was being used by LastPass to store archived backups of production data.

Why do the LastPass users continue to bear the brunt?

This exploiter had stolen some source code and technical information from LassPass’s development environment in an earlier breach in Aug 2022.

This stolen information was used to target other LastPass employees, and the attacker ended up getting credentials and private keys, which were used in the exploit of Dec 2022.

LassPass, in a post-mortem report for the exploit, had assured its users that the attacker could only get his hands on basic customer account information and a backup of customer vault data from the encrypted storage container, where sensitive information like usernames and passwords, secure notes, and form-filled data was fully encrypted and secured.

What steps should LastPass users take to avoid/mitigate the fund losses?

Team LastPass was pretty sure that it was nearly impossible for the hacker to crack the master password required for decrypting the encrypted data through a brute force attack or any other password-cracking tool or algorithm.

But, clearly, they were proved wrong by the exploiter on Oct 25, 2023, when they stole away $4.4m of assets.

Users, who had ever used @LassPass to save their seed phrases or keys, were strongly urged by security researchers and experts to migrate their crypto assets.

They were also asked to strictly avoid reusing their master passwords on other websites as it might land them in a situation where a threat actor could use dumps of compromised credentials available on the Internet to attempt a breach of their crypto wallets.

It seems some of the LastPass users did not heed this advice, and hence, the breach continues unabated.

If you are a @LastPass user, consider taking the following steps urgently:

Hack Txns:

  • Rotate your keys by regenerating the seed phrase using a set of new seed keywords.
  • Move your crypto assets to a new address secured with this new seed phrase.
  • Do not use your LastPass password/seed phrase ever on any website
  • File a report on at

😈On Feb 22, 2024, two wallets on Ronin Network belonging to Jeff Zirlin @Jihoz_Axie, co-founder of @Ronin_Network, were compromised in what appears to be a private key compromise.

The total loss in the theft was 3088693.24 RON tokens worth around 💰$10 million at the time of the hack.

Jeff clarified through a post from his official X (formerly Twitter) handle that the hack was limited to his personal wallets, and it had no impact on the Ronin bridge or Sky Mavis, which is a blockchain-based video game development studio, also co-founded by Jeff.

Total Loss: ~3088693.24 RONS

The stolen funds were first moved to the hacker’s address: 😈0x39f817976c51a91b60145febad81067e69713105 on the Ronin chain and were later bridged to Ethereum and finally to the Tornado Cash.

Private keys should be kept protected all the time as hackers are always looking to steal them from you through malicious apps, social engineering, phishing, and scamming.

Learn how you can protect your keys from falling into the hands of hackers by reading
Crypto Security Essentials: Secure Encryption Key Management

To get into more technicalities about private and public crypto keys, read
Public and Private Keys: A Must Know In Cryptography!

😈Defi protocol Blueberry Protocol Foundation @blueberryFDN came under attack on Feb 23, 2024, when multiple lending markets were collectively exploited for ~💰457.68 ETH ($1.34M) (TX Profit) 1 bWETH (Leftover value).

The total gas fee used was 0.093022519261676367 ETH.

Hack Txn:

Fortunately, all of the drained funds were front-run by a validator MEV bot @coffeebabe_eth
, and the stolen funds of ~366.65 ETH (excluding the validator fee of ~91.04 ETH) have been returned to a multisig address.

What is Coffeebabe.eth?

The markets affected by the exploit are BTC, OHM, and USDC.

What is front-running in crypto?

While the hack is being investigated, the protocol has been paused to avoid any further fund loss. The front end was already down as a result of the exploit.

Is the front-running attack the same as the sandwich attack?

The users were asked to withdraw their funds if they could establish an indirect connection with the exploited contract.

Team @blueberryFDN is also trying to get in touch with the white-hat managing MEV bot @coffeebabe_eth
to return ~91.04 ETH of the validator fee.

It is a white-hat hacker known by the pseudonym ‘coffeebabe.eth’, who has thwarted exploits by the crypto hackers on at least one more occasion.

In July 2023, the same white-hat hacker saved Curve protocol @CurveFinance from a ~$5.5M exploit (2800 ETH) by front-running the exploit transaction.

Find all the information in an in-depth article here:
Front-Running Attacks in Blockchain: The Complete Guide

Find all your answers here: What are Sandwich Attacks in Blockchain?

😈Decentralized betting platform @RiskOnBlast on @Blast_L2 ecosystem executed an exit scam on Feb 25, 2024, when it duped its investors of $1.3M.

What is @Blast_L2?

The scam was cleverly executed after raising funds on the pretext of an IDO, which was capped at 420 ETH.

The social media handles have been deleted, and the website is not accessible anymore.

The IDO was being promoted for over a week, and users were continuously lured by posting info about partnerships with different crypto exchanges and using scarcity marketing tactics.

The accumulated funds were stolen from over 750 wallets and were bridged to exchanges ChangeNow ($500,000), MEXC ($360,000), and Bybit ($187,000).

RiskOnBlast has recently raised over $1M in a seed funding round around a week ago. It was one of the 47 projects shortlisted (out of 3000 applications) to receive additional funding in Blast’s Big Bang competition.

Blast is an Ethereum layer-2 project that has garnered over $1 billion in capital in the last few months, after going live.

This was the first rug pull of the Blast ecosystem. Blast is now being criticized for not taking enough due diligence checks before promoting the RiskOnBlast project through its official X handle, terming its potential as “undeniable.”

😈On Feb 27, 2023, MyAlgo, a wallet on the Algorand chain, acknowledged that it was exploited for a massive ~$9.6M worth of crypto assets.

The exploits were carried out between Feb 19 and 21, and while acknowledging the hack, MyAlgo advised its users to withdraw funds as a precautionary measure.

In the exploit, 19.5 million ALGO and 3.5 million USDC were stolen from 25 different wallets.

Again on Mar 5, 2023, due to a compromised company wallet that was linked to @AlgodexOfficial’s liquidity rewards program and was used for providing extra liquidity to the ALGX token, the hacker stole away ~$55k worth of ALGX tokens from the liquidity reward pool.

The user assets and ALGX liquidity were not impacted by the exploit.

The exact reasons behind the compromise for the Feb 27 exploit were never officially revealed, but it is assumed to be along the lines of the Mar 5 exploit.

😈On Feb 27, 2023, BNB-based protocol @launchzoneann lost ~$700k worth of crypto assets. It was found that the LaunchZone deployer had made an approval to an unverified contract 473 days before the hack.

The attacker (probably aware of this approval) called a function on the unverified contract, which lacked access control.

This allowed the exploiter to transfer 9,886,961 LZ of LaunchZone’s funds to the Biswap LZ-BUSD pool.

Access Control Vulnerabilities in Solidity Smart Contracts

The attacker then swapped 50 BUSD in the same pool to extract 9,886,999.87 LZ.

Later the exploiter manipulated LaunchZone’s contract to perform a bad swap and drained the pool. Finally, the stolen LZ tokens were swapped for for 87,911.041 BUSD.

The approval given by the LaunchZone deployer raises suspicion about this exploit actually being a rug pull.

😈On Feb 27, 2023, the SwapX project on the BNB chain lost around $1M due to a lack of effective access control on the approval function, which allowed hackers to approve their malicious contract and force conduct transactions on the victim’s behalf.

The hack was never officially confirmed by the SwapX team.

Permit2 ERC20 token approvals and their pitfalls.

😈On Feb 27, 2021, @furucombo, a transaction batching protocol used in defi, was exploited for ~$14M by using a malicious contract.

Furucombo users would often use the Aave defi protocol for carrying out their transactions. The malicious contract first tricked Furucombo into believing that it was the new version of Aave (Aave v2) and then took advantage of poorly configured permissions in Furucombo user accounts.

The victims had given ERC20 token permission to the Furucombo protocol, which allowed it to perform transactions without needing any additional approvals from the users.

When users interacted with the malicious contract (pretending to be Aave v2), the malicious contract drained out tokens for which users had already given approval to Furucombo.

How the Hack Happened?

This hack would not have happened if:

  • Furucombo had a mechanism of whitelisting critical smart contracts it would interact with or have relied upon to carry out any transaction.
  • If users had not given unbridled permission to Furucombo to carry out transactions without needing approvals.

😈On Feb 28, 2024, the defi protocol @SenecaUSD was exploited for ~1,900 $ETH worth ~$6.5M. The Attacker was funded by @FixedFloat

The Hack Aftermath

Exploited Address:

On Ethereum

Hack Txns:

On Arbitrum

The hack happened due to a vulnerability in the smart contract.

Using a lack of input validation, the exploiter called performOperations function externally using a constructed call data. This enabled them to call any contract with arbitrary data.

Using this privilege, the exploiter transferred assets from addresses that had granted approvals to the vulnerable contracts directly to themself by calling the ‘transferfrom’ function.

Return of Funds by the Hacker

Team Seneca has confirmed the hack and has asked its users to revoke the following approvals:

  • PT-ezETH 0x529eBB6D157dFE5AE2AA7199a6f9E0e9830E6Dc1
  • apxETH 0xD837321Fc7fabA9af2f37EFFA08d4973A9BaCe34
  • PT-weETH 0xBC83F2711D0749D7454e4A9D53d8594DF0377c05
  • PT-rsETH 0x65c210c59B43EB68112b7a4f75C8393C36491F06
  • PT-weETH 0x11446bbb511e4ea8B0622CB7d1437C23C2f3489b
  • stEUR 0x7C160FfE3741a28e754E018DCcBD25dB04B313AC
  • PT-aUSDC 0x4D7b1A1900b74ea4b843a5747740F483152cbA5C
  • wstETH 0x2d99E1116E73110B88C468189aa6AF8Bb4675ec9
  • PT-rsETH 0x2216E32006BB80d20f7906b88876964F9AF68aFb

Team Seneca has offered a 20% bounty to the exploiter in return for stolen funds.

The address provided for returning funds:

Team Seneca threatened to pursue legal action against the exploiter in case he failed to return funds.

As per the latest update (Feb-29–2024 05:11:59 AM +UTC), the hacker has returned $5.3M (1537 ETH) at, which was specified by
@SenecaUSD for receiving stolen funds.

The remaining stolen funds 300 ETH (worth $1.04M) were split equally at the following addresses by the hacker.

😈On Feb 29, 2024, Shido blockchain’s Ethereum staking contract has been exploited for ~$35m worth 4,353,473,223.864904 $SHIDO.

This number of SHIDO tokens drained out by the exploiter happens to be around half of the current circulating token supply of the token, which is 9 billion.

Due to the exploit, the SHIDO token prices quickly plummeted by 94% within the first 30 minutes.

How the Hack Was Executed?

The ownership of the contract was changed to a new address (0x1982), which immediately after acquiring the ownership, upgraded the StakingV4Proxy contract using a hidden withdrawToken() function, which was ultimately called to drain out ~4.3B SHIDO tokens.

Exploiter Address:

Exploited Contract:

Response to the Hack

Ownership transfer Txn:

StakingV4Proxy upgrade by New Owner Txn:

Is this the first Shido Exploit?

Draining Funds Txn:

What is Shido?

How exactly the hacker was able to change ownership of the contract, raises suspicion about this exploit actually being a rug pull.

The exploiter was funded with 0.78075984 ETH via @AcrossProtocol by address which was funded via Layerswap and another address.

AcrossProtocol Funding Txn:

Shido has officially acknowledged the hack and has informed the community that it has asked the exploiter to accept a bounty and return the stolen funds.

The team Shido also stated that the measures to prevent such exploits have been put in place and assured that all those who have staked SHIDO, will have their tokens returned.

On June 23, 2023, Shido was exploited on the BNB chain due to a configuration error, which resulted in a loss of 976 BNB, worth approximately $238,500.

Shido is a Layer 1 POS blockchain, which has launched its testnet and is planning to launch its mainnet in the coming week, as per the update released on its X handle.

The native SHIDO token is an Ethereum-based ERC-20 token, which users have staked on the project’s DEX, which is offering an annual yield of 8% as per the info available on its website.

Originally published at on February 22, 2024.




Build a hack-proof solution with the industry’s leading blockchain security company.