The 5 Biggest Crypto Hacks of 2022
The crypto world has always been fraught with risk due to a lack of regulation and adherence to decentralization. Hacking and fraud run rampant in the ecosystem, creating an entire industry of chain trackers dedicated to tracking down lost funds and coders exploiting flaws in protocols.
In 2022, exploits focused on decentralized finance, with around 97% of the $1.3 billion stolen in the first three months of the year coming from DeFi platforms. By the end of the year, cybercriminals had hacked over $3 billion from crypto, with $718 million stolen from decentralized finance protocols in October alone – the worst month ever.
One of the top goals was chain bridging, or software that allows funds to be moved across different blockchains.
Here are some of the biggest hacks of 2022:
Ronin Network: $625 million
Andreessen Horowitz-backed Axie Infinity was one of the year’s early crypto successes – a “play-to-earn” game where users earned NFTs and tokens. The model received criticism for its exploitative design, with many of the players located in countries such as Vietnam and the Philippines, there Axie Infinity became their full-time jobs.
That wasn’t the end of it Axie’s regret, however. The developers built the game’s economy on the Ethereum blockchain, which was not suitable for the microtransactions. They built a new sidechain forked from Ethereum, called Ronin, which would be more efficient. In March, the bridge between Ronin and Ethereum was hacked for over $620 million, which the team did not notice until a user reported that they were unable to withdraw funds.
The game has yet to recover, and the play-to-earn model still has a dubious reputation.
Wormhole Bridge: $325 million
Wormhole is another cross-chain bridge, which allows users to transfer funds between, say, Ethereum and Solana. In February, hackers stole over $320 million in wETH, or wrapped Ether, which allows Ether to be exchanged for other tokens and used on other blockchains.
The hack is one of the largest from a DeFi protocol and highlighted the dangers of operating in the space, with cybercriminals exploiting a Wormhole security flaw. The team offered a $10 million reward to return the funds, which was only a fraction of what the hackers got away with.
Nomad Bridge: $190 million
While a similar protocol, the Nomad Bridge attack in August differed from Wormhole because it was not carried out by a specific group, but instead by hundreds of individuals.
Nomad described itself as a “security-first” cross-chain protocol, with backers including Polychain Capital and Coinbase Ventures. After users discovered a software bug that allowed people to withdraw more money than they had deposited, other exploiters swooped in. Although hackers ended up returning about $9 million, it still represented less than 5% of the total loss.
Beanstalk Farms: $182 million
Beanstalk is a DeFi protocol that offers an algorithmic stablecoin, or crypto token that aims to maintain a stake — in this case, $1. The project works by encouraging users to contribute funds to a central pool, which balances the token.
An attacker exploited the voice control system to siphon off about $182 million in April, using a “flash loan” where users can borrow large amounts of money in a short period of time – a popular exploit used by cybercriminals.
Honorable Mention—Mango Markets: $114 million
Although there were bigger hacks in 2022 including the crypto market maker Wintermute for $162 million in September, the exploitation of the Solana trading platform Mango Markets was known for the attacker’s audacity. A developer named Avraham Eisenberg revealed himself as the hacker on Twitter, infamous writing“I was involved with a team that ran a very profitable trading strategy last week.”
He ended up returning much of the stolen funds, although he had a handsome windfall of $47 million. The action set off a debate in crypto, with many fighting that his exploits were legitimate under the DeFi principle that “code is law.”
Like Eisenberg wrote on Twitter, “I believe all of our actions were legal actions in the open market, using the protocol as designed.” He lamented that the stock exchange became insolvent as a result.
Our new weekly Impact Report newsletter examines how ESG news and trends are shaping the roles and responsibilities of today’s leaders. Subscribe here.