Blockchain analytics firm Chainalysis said 2022 was “the biggest year ever” in terms of the number of crypto projects hit by attacks and drained of funds — and that was in October. It certainly felt that way.
Just the hacks highlighted here amount to a whopping $2.2 billion, and these hacks represent only a small portion of the total attacks observed in 2023.
The apparent lack of certainty this year has made an already brutal bear market even tougher for many. Chain analysis tells Decrypt that a full account for the year will be included in a final report next year. (The numbers in this piece represent the value of the funds at the time of the event.)
1. FTX: $650 million
It’s been the biggest crypto event – and arguably the biggest news story – of 2022: the super-popular digital asset exchange FTX spectacularly collapsed, losing billions of dollars worth of funds.
It filed for Chapter 11 bankruptcy on Nov. 12, but that wasn’t the end of its woes: the celebrity-endorsed exchange was then hit by a mysterious attack.
Several wallets allegedly belonging to FTX were drained of around $640 million in tokens. The funds were then moved around to other exchanges and converted into different cryptocurrencies.
And it is still not clear who stole the assets. At the collapsed stock exchange’s first court hearing, lawyer for FTX’s new management James Bromley so that a “substantial amount” of the exchange’s assets are missing or stolen.
2. Binance (Binance Smart Chain): $566 million
Hackers hit a blockchain associated with the world’s largest crypto exchange on October 6, making off with $566 million in BNB.
The exploit was aimed at the cross-chain bridge BSC Token Hub. Hackers essentially conjured tokens out of thin air using artificial withdrawal proofs. However, no users of Binance or the blockchain lost money in this attack.
Despite the huge amount of tokens squeezed, the criminals were unable to dump them all – Binance CEO Changpeng Zhao said they were able to prevent around 80% to 90% of the targeted funds from being taken by the hacker.
This is because BSC chain validators froze the network after the attack – but hackers managed to move around $100 million in funds to other chains.
3. Ronin: $552 million
Hackers hit Ronin, a sidechain for the popular NFT game Axie Infinity, in March, pinching an estimated $552 million in Ethereum and USDC. By the time the exploit was revealed by Axie Infinity developer Sky Mavis a week later, the value of the funds stolen had risen to $622 million.
How did they do it? By using “hacked private keys” to falsify transactions and claim the money.
The funds were quickly laundered – as they usually are in hacks – with around $7 million in Ethereum sent to cryptocurrency mixing service Tornado Cash (now banned by US authorities).
The US Treasury later identified wallet addresses allegedly linked to North Korea’s Lazarus hacking group in the attack.
4. Wormhole: $326 million
Decentralized financial protocols were hit hard this year. DeFi is the collective term for apps that automate things banks and brokerages do, and they are still new and experimental. This means that security is an issue, especially with bridgeswhich allows users to transfer funds between chains.
In February, the popular bridge got Wormhole hit with an exploitation. Hackers targeted Solana (where users must first lock Ethereum into a smart contract to receive an equivalent amount in Wrapped Ethereum, or WETH) to mint tokens. 120,000 in WETH tokens, to be exact. At the time, it was $326 million.
WETH is token linked to the price of Ethereum on a 1:1 basis, useful in the DeFi world for moving funds around quickly.
Jump Trading, Wormhole’s parent company and a major player in the Solana ecosystem, was able to step in and save the day by replacing the stolen one and getting the bridge up and running again.
5. Nomad: $190 million
Another bridge got hit in August. Nomad, which allows users to move digital assets between different blockchains, was lost everyone its funds – held in Ethereum, USDC, DAI, FXS and CQT – after hackers exploited a flaw in the upgrade.
After those behind the protocol offered a 10% reward to hackers who returned tokens – without enforcing law enforcement – funds began to trickle back in.
About $22 million was recovered, but the attack prompted the FBI to do so warn investors on how cybercriminals looked up vulnerable DeFi platforms like never before.
Stay up to date on crypto news, get daily updates in your inbox.