Here are the eight biggest
It was a record year for crypto hacks. Decentralized finance was your main target, accounting for two-thirds of all hacks.
simply everywhere you looked in crypto and blockchain last year there was an obvious problem. But at the end of the day, falling crypto prices or corporate bankruptcies aren’t the worst problem for digital assets. Beyond the billions of dollars lost from the collapse of Terra
Trust is essential to any new financial system, and all the hype and promise surrounding “immutable” ledgers and cutting out middlemen has done little to slow down the den of thieves that has plagued the crypto markets since their inception. In 2022, the top five thefts accounted for $1.48 billion of the neglected funds, all of which involved decentralized finance (DeFi), accounting for 49% of the overall total.
Despite protocols being praised for their transparency, they lost 75% of the total value locked in the past 11 months, according to blockchain analytics firm Elliptic. Data from decentralized finance dashboard DeFi Llama shows that the total value locked in DeFi protocols shrank from $166.58 billion at the start of the year to $39 billion in mid-December.
Blockchain bridges were the main target, accounting for 70% of all losses this year and retrieving nearly $2 billion stolen from decentralized financial protocols, according to Elliptic. Cross-chain bridges became popular as one of the main ways to connect two blockchains, allowing users to move tokens from one chain to another. But to do so, blockchain bridges must temporarily hold the value of the transaction in each of the tokens involved, making them tempting for hackers.
“In hindsight, there were a lot of cutting corners for expediency,” says Sam Williams, CEO of blockchain security firm Arweave
“Private keys for multi-signature wallets,” says Williams, “were another example of ecosystem vulnerabilities due to their distribution. Multi-signature wallets exist to spread decision-making power across different parties, making it harder to hack one key to damage the ecosystem But across multiple chain hacks this year, including Ronin Network and Harmony
“As an industry, we didn’t do a good enough job of calling out poor quality design across the board,” he added.
The top five crypto heists of 2022 range from cross-chain hacking to code exploits, stealing over $3 billion of investor funds.
Ronin Network: $625 million
In the biggest heist of the year, over half a billion dollars worth of ether and USD coins were stolen from the Ronin Network, a blockchain that supports the non-fungible token-based video game Axie Infinity. According to Ronin, the attackers were able to hack nodes, the computers that process network transactions. The activity went unnoticed until a user was unable to withdraw money and submitted a report. The US Treasury Department later linked the robbery to the North Korean state-backed hacking collective Lazarus Group.
Wormhole Network: $325 million
On February 2, an unknown hacker exploited a vulnerability in the Wormhole Network, a bridging protocol that allows users to move cryptocurrencies and NFTs between multiple blockchain pairs. According to Chainalysis, the attacker appears to have found a bug in Wormhole’s code that allowed them to create 120,000 wETH – the equivalent of ether tokens on Solana
Nomad: approximately $190 million
A hacker exploited a weakness in Nomad’s code on August 1 by crafting a message that tricked the cross-chain protocol into sending stored tokens without proper authorization. The bug was so simple that it didn’t even require any programming skills to exploit it. Soon enough, dozens of copycats joined the heist. Nomad was able to raise over $20 million after asking users to return the funds.
Beanstalk Farms: $182 million
In April, an attacker managed to drain crypto from Beanstalk Farms, an Ethereum worth $150 million.
Wintermute: $160 million
The London-based crypto market maker lost $160 million in a hack on September 20. Founder and CEO Evgeny Gaevoy said the attack likely originated with a service Wintermute had used called Profanity, which generates “vanity addresses” for accounts with digital assets to make them easier to work with than the roughly 30-character strings of various letters and numbers . which is commonly used. These trading accounts were part of Wintermute’s DeFi business, with which it makes fast trades on decentralized exchanges such as Uniswap and SushiSwap. It appears that hackers were able to use brute-force computing to generate every possible password for a company’s vanity address.
Mango Markets: $112 million
Avraham Eisenberg squeezed liquidity out of Solana-based decentralized crypto exchange Mango Markets in mid-October, holding $112 million worth of tokens in ransom to force the organization to use its treasury assets to fund bad debt raised to bail out a major investor earlier this year. The robbery involved Eisenberg’s two accounts on the platform with the dollar-pegged USD coin, according to Mango, who took large positions in perpetual futures on the coin selling from one account and buying in another at an above market price. When the price of the token rose tenfold in other decentralized exchanges, he used the unrealized profit to borrow and extract a number of tokens from Mango itself.
GDP Smart chain
XCN2: 110 million dollars
Marking the start of 2022’s busiest month for crypto hacks, hackers were able to extract an estimated $110 million from Binance’s BSC Token Hub on October 6. The cross-chain bridge between two Binance-affiliated chains – BNB Smart Chain (BSC) and BNB Beacon Chain – was exploited after a planned update. According to analysts and data from the chain, the hackers exploited a flaw in the bridge’s verified proof that allowed them to forge approval messages and deposit the money into their account. They were able to mint 2 billion BNB tokens when they attempted to clear the bridge for $560 million, but the hackers only removed $110 million off-chain.
Harmony Horizon Bridge: $100 million
Harmony’s main bridge between the Ethereum and Binance Smart Chain blockchains was hacked in June, with hackers taking $100 million in cryptocurrencies. Although the protocol did not reveal how the funds were taken, the hack occurred over a series of 14 transactions across the chain. Even before the June hack, chain scouts were concerned about the bridge’s security mechanisms as a small number of validators on the multi-signature wallet made it vulnerable to exploits.