Blockchain analysis firm Chainalysis said 2022 was “the biggest year ever” in terms of the number of crypto projects hit with attacks and drained of funds—and that was in October. It certainly felt like it. "After four hacks yesterday, October is now the biggest month in the biggest year ever for hacking activity, with more than half the month still to go. So far this month, $718 million has been stolen from #DeFi protocols across 11 different hacks". — Chainalysis (@chainalysis) October 12, 2022 Just the hacks highlighted here add up to an enormous $2.2 billion, and these hacks represent only a small portion of the total attacks observed in 2022. The seeming lack of security this year has made an already brutal bear market even tougher for many. Chainalysis tells Decrypt that a full accounting of the year will be included in a wrap-up report next year. (Figures in this piece represent the value of the funds at the time of the incident.) 1. Binance (Binance Smart Chain): $566 million Hackers hit a blockchain associated with the world’s biggest crypto exchange on October 6, making away with $566 million in BNB. The exploit targeted the cross-chain bridge BSC Token Hub. Hackers essentially conjured tokens out of nothing using artificial withdrawal proofs. No users of Binance or its blockchain lost funds in this attack, though. Despite the huge amount of tokens pinched, the criminals weren’t able to pocket them all—Binance CEO Changpeng Zhao said they were able to prevent around 80% to 90% of the targeted funds from being taken by the hacker. This is because BSC chain validators froze the network following the attack—but hackers did manage to move around $100 million in funds to other chains. 2. Ronin: $552 million Hackers hit Ronin, a sidechain for the popular NFT game Axie Infinity, in March, pinching an estimated $552 million in Ethereum and USDC. When the exploit was disclosed by Axie Infinity developer Sky Mavis one week later, the value of the funds stolen had risen to $622 million. How’d they do it? By using “hacked private keys” to forge transactions and claim the funds. The funds were laundered quickly—as they typically are in hacks—with around $7 million in Ethereum sent to cryptocurrency mixing service Tornado Cash (now banned by U.S. government). The U.S. Treasury later identified wallet addresses allegedly tied to North Korea’s Lazarus hacking group in the attack. 3. Wormhole: $326 million Decentralized finance protocols got hit hard this year. DeFi is the catch-all term for apps that automate things banks and brokerages do, and they are still new and experimental. This means security is an issue, particularly with bridges, which allow users to transfer funds between chains. In February, the popular bridge Wormhole got hit with an exploit. Hackers targeted its leg on Solana (where users must first lock Ethereum into a smart contract to get an equivalent amount in Wrapped Ethereum, or WETH) to mint tokens. 120,000 in WETH tokens, to be exact. At the time, that was $326 million. WETH is token pegged to the price of Ethereum on a 1:1 basis, useful in the DeFi world for moving around funds quickly. Jump Trading, Wormhole’s parent company and a major player in the Solana ecosystem, was able to step in and save the day by replacing what was stolen and getting the bridge up and running again. 4. Nomad: $190 million Another bridge got hit in August. Nomad, which lets users move digital assets between different blockchains, lost all its funds—held in Ethereum, USDC, DAI, FXS, and CQT—after hackers took advantage of a bug in the upgrade. After those behind the protocol offered a 10% reward to hackers who returned the tokens—without enforcing law enforcement—funds started to trickle back in. About $22 million was recovered but the attack prompted the FBI to warn investors about how cyber criminals were eying up vulnerable DeFi platforms like never before. By Mat Di Salvo, Dec 23, 2022, https://decrypt.co/117695/year-of-the-hacks-biggest-exploits-and-hacks-of-2022
News DeFi: Biggest Crypto Exploits and Hacks of 2022 Last year was bad, but 2022 was much worse, "the biggest year ever for hacking."
vya4slav's Recent Blog Posts
Russian President Vladimir Putin criticized the monopoly in global financial payment systems and called for an independent and blockchain-based settlement network on Nov 24, speaking at the…
1 year ago
Coinbase Chief Executive Brian Armstrong on Saturday condemned Sam Bankman-Fried’s account of how FTX found itself in an $8 billion hole. Armstrong said there is no way billions of dollars…
1 year ago
Private equity giant Apollo Global bought Verizon Media—a group that includes Yahoo Finance, Yahoo Sports, AOL, TechCrunch, Engadget, and Autoblog—in May 2021 for $5 billion. Now its revenue strategy…
1 year ago
Binance CEO Changpeng Zhao announced that the crypto exchange had paused withdrawals linked to a recent attack on Ankr. "Initial analysis is developer private key was hacked, and the…
1 year ago
DeFi protocol Ankr, which called itself the first ‘node-as-a-service’ platform, has suffered a multi-million dollar exploit due to a bug in its code that allowed for unlimited minting of its token…
1 year ago