The 10 Biggest Crypto Hacks and Exploits of 2022 Stole $2.1 Billion

The 10 Biggest Crypto Hacks and Exploits of 2022 Stole .1 Billion

It’s been a turbulent year for the cryptocurrency industry – market prices have taken a big plunge, crypto giants have collapsed and billions have been stolen in crypto exploits and hacks.

It wasn’t even halfway through October when Chainalysis declared 2022 to be the “biggest year ever for hacking activity.”

As of December 29, the 10 biggest exploits of 2022 have stolen $2.1 billion from crypto protocols. Below are those exploits and hacks, ranked from smallest to largest.

10: Beanstalk Farms Leverage – $76M

Stablecoin protocol Beanstalk Farms suffered a $76 million exploit on April 18 from an attacker who used a flash loan to buy governance tokens. This was used to pass two proposals that introduced malicious smart contracts.

The exploit was originally believed to have cost around $182 million when the Beanstalk was drained of all civilians, but in the end the attacker only managed to get away with less than half.

9: Qubit Finance exploit – $80 million

Qubit Finance, a decentralized finance (DeFi) protocol on the BNB Smart Chain, had over $80 million worth of BNB (BNB) stolen on January 28 in a bridge exploit.

The attacker tricked the protocol’s smart contract into thinking they had deposited collateral that allowed them to mint an asset representing bridged Ether (ETH).

They repeated this several times and borrowed more cryptocurrencies against the unbacked bridged ETH, draining the protocol’s funds.

See also  Mum reveals everyday money hacks which saved her more than £650 last year

8: Rari Fuse Exploitation – $79.3M

Another DeFi protocol called Rari Capital was leveraged on April 30 for a sum of approximately $79.3 million.

The attacker exploited a re-entry vulnerability in the protocol’s Rar Fuse liquidity pool smart contracts, causing them to call a function of a malicious contract to empty the pools of all crypto.

In September, Tribe DAO, which includes Rari Capital and other DeFi protocols, voted to refund affected users from the hack.

7: Harmony bridge hack – $100 million

In yet another bridge hack, the Horizon Bridge that links Ethereum, Bitcoin (BTC) and the BNB Chain to Harmony’s layer-1 blockchain was tapped for around $100 million in multiple cryptocurrencies.

Blockchain investigative firm Elliptic pinned the hack on the North Korean cybercriminal syndicate Lazarus Group, as the funds were laundered in a similar fashion to other known Lazarus attacks.

It is understood that Lazarus targeted Harmony employee login credentials, breached the platform’s security system and gained control of the protocol before deploying automated money laundering programs to move their ill-gotten gains.

6: BNB Chain bridge exploitation – $100 million

The BNB chain was paused on October 6 due to “erratic activity” on the network, which was later revealed to be an exploit that siphoned around $100 million from the cross-chain bridge, the BSC Token Hub.

Initially, it was believed that the attacker was able to take around $600 million due to a vulnerability that allowed the creation of approximately two million BNB, the chain’s native token.

Unfortunately for the attacker, they had over $400 million worth of digital assets frozen on the blockchain, with more possibly stuck in cross-chain bridges on the BNB blockchain side.

5: Wintermute hack – $160 million

UK-based crypto market maker Wintermute suffered from a compromised hot wallet that saw roughly $160 million across 70 tokens transferred out of the wallet.

See also  New to Disney Plus in January 2023 - Cinelinx

Analysis by blockchain cybersecurity firm CertiK claimed that a vulnerable private key was attacked that was likely generated by Profanity – an app that allows users to generate vanity crypto addresses, which has a known exploit.

According to CertiK, this allowed the attacker to use a function with the private key that allowed the hacker to change the platform’s exchange contract to the hacker’s own.

Conspiracy theories that claimed the hack was an “inside job” due to how it was carried out were debunked by blockchain security firm BlockSec, which said the claims were “not convincing enough.”

4: Nomad token bridge exploit — 190M

On August 2, the Nomad token bridge, which allows users to exchange cryptocurrencies across multiple blockchains, was siphoned by multiple attackers to the tune of $190 million.

A smart contract vulnerability that failed to validate transaction input was the cause of the exploit.

Several users, seemingly both malicious and benevolent, were able to copy the original attacker’s moves to transfer funds to themselves. Around 88% of the addresses participating in the exploit were identified as “copycats” in a report.

Only about $32.6 million in funds were able to be intercepted and returned to the protocol by white hat hackers.

3: Wormhole Bridge Exploitation – $321 million

The wormhole token bridge was subjected to an exploit on February 2 that resulted in the loss of 120,000 Wrapped Ether (wETH) tokens worth $321 million.

Wormhole allows users to send and receive crypto between multiple blockchains. An attacker found a vulnerability in the protocol’s smart contract and was able to mint 120,000 wETH on Solana (SOL) without collateral and was then able to exchange this for ETH.

At the time, it was marked as the largest exploit of 2022 and is the third largest protocol loss overall for the year.

See also  Destiny cheaters fail to accuse Bungie of hacking their computer

2: FTX wallet hack — $477 million

During the start of FTX’s bankruptcy proceedings on November 11 and 12, a number of unauthorized transactions took place on the exchange, and Elliptic suggested that around $477 million worth of crypto was stolen.

Sam Bankman-Fried said in an interview on November 16 that he believed it was “either a former employee or somewhere someone installed malware on a former employee’s computer” and had narrowed the perpetrator down to eight people before he was locked out of the company’s systems.

Related: The 7 biggest crypto collapses of 2022 the industry would like to forget

According to reports, on December 27, the United States Department of Justice began an investigation into the whereabouts of around $372 million of the missing crypto.

1: Ronin bridge hack – $612M

The largest exploit that took place in 2022 happened on March 23, when Ronin Bridge was exploited for around $612 million – 173,600 ETH and 25.5 million USD Coin (USDC).

Ronin is an Ethereum sidechain built for Axie Infinity, a play-to-earn NFT (nonfungible token) game. Sky Mavis, Axie Infinity’s developers, said the hackers gained access to private keys, compromised validator nodes and approved transactions that drained funds from the bridge.

The US Treasury Department updated its list of Specially Designated Nationals and Blocked Persons (SDN) on April 14 to reflect the possibility that the Lazarus Group was behind the bridge’s exploitation.

The Ronin bridge hack is the biggest cryptocurrency exploit ever.