Blockchain analysis firm Chainalysis said 2022 was “the biggest year ever” in terms of the number of crypto projects hit with attacks and drained of funds—and that was in October. It certainly felt like it. "After four hacks yesterday, October is now the biggest month in the biggest year ever for hacking activity, with more than half the month still to go. So far this month, $718 million has been stolen from #DeFi protocols across 11 different hacks". — Chainalysis (@chainalysis) October 12, 2022 Just the hacks highlighted here add up to an enormous $2.2 billion, and these hacks represent only a small portion of the total attacks observed in 2022. The seeming lack of security this year has made an already brutal bear market even tougher for many. Chainalysis tells Decrypt that a full accounting of the year will be included in a wrap-up report next year. (Figures in this piece represent the value of the funds at the time of the incident.) 1. Binance (Binance Smart Chain): $566 million Hackers hit a blockchain associated with the world’s biggest crypto exchange on October 6, making away with $566 million in BNB. The exploit targeted the cross-chain bridge BSC Token Hub. Hackers essentially conjured tokens out of nothing using artificial withdrawal proofs. No users of Binance or its blockchain lost funds in this attack, though. Despite the huge amount of tokens pinched, the criminals weren’t able to pocket them all—Binance CEO Changpeng Zhao said they were able to prevent around 80% to 90% of the targeted funds from being taken by the hacker. This is because BSC chain validators froze the network following the attack—but hackers did manage to move around $100 million in funds to other chains. 2. Ronin: $552 million Hackers hit Ronin, a sidechain for the popular NFT game Axie Infinity, in March, pinching an estimated $552 million in Ethereum and USDC. When the exploit was disclosed by Axie Infinity developer Sky Mavis one week later, the value of the funds stolen had risen to $622 million. How’d they do it? By using “hacked private keys” to forge transactions and claim the funds. The funds were laundered quickly—as they typically are in hacks—with around $7 million in Ethereum sent to cryptocurrency mixing service Tornado Cash (now banned by U.S. government). The U.S. Treasury later identified wallet addresses allegedly tied to North Korea’s Lazarus hacking group in the attack. 3. Wormhole: $326 million Decentralized finance protocols got hit hard this year. DeFi is the catch-all term for apps that automate things banks and brokerages do, and they are still new and experimental. This means security is an issue, particularly with bridges, which allow users to transfer funds between chains. In February, the popular bridge Wormhole got hit with an exploit. Hackers targeted its leg on Solana (where users must first lock Ethereum into a smart contract to get an equivalent amount in Wrapped Ethereum, or WETH) to mint tokens. 120,000 in WETH tokens, to be exact. At the time, that was $326 million. WETH is token pegged to the price of Ethereum on a 1:1 basis, useful in the DeFi world for moving around funds quickly. Jump Trading, Wormhole’s parent company and a major player in the Solana ecosystem, was able to step in and save the day by replacing what was stolen and getting the bridge up and running again. 4. Nomad: $190 million Another bridge got hit in August. Nomad, which lets users move digital assets between different blockchains, lost all its funds—held in Ethereum, USDC, DAI, FXS, and CQT—after hackers took advantage of a bug in the upgrade. After those behind the protocol offered a 10% reward to hackers who returned the tokens—without enforcing law enforcement—funds started to trickle back in. About $22 million was recovered but the attack prompted the FBI to warn investors about how cyber criminals were eying up vulnerable DeFi platforms like never before. By Mat Di Salvo, Dec 23, 2022, https://decrypt.co/117695/year-of-the-hacks-biggest-exploits-and-hacks-of-2022
News DeFi: Biggest Crypto Exploits and Hacks of 2022 Last year was bad, but 2022 was much worse, "the biggest year ever for hacking."
vya4slav's Recent Blog Posts
Cybersecurity company Kaspersky reported that ransomware negotiations and payments may soon come to rely less on Bitcoin as a means of payment. The Russian-founded firm attributed this…
2 years ago
El Salvador is doubling down on its bet on cryptocurrencies even in the midst of a bear market. The first country to declare Bitcoin as legal tender is now working on a Digital Asset Issuance Law,…
2 years ago
The Sandbox, an Ethereum-based metaverse game, is kicking off its three-part LAND sale on Thursday in collaboration with popular brands like Tony Hawk, Snoop Dog, and Playboy, among others, the…
2 years ago
Crypto markets wobbled on Monday, with major assets feeling continuing nervousness over the potential for further market contagion following the collapse of the FTX exchange. In a story…
2 years ago
Uniswap Labs, the development team behind the decentralized exchange Uniswap, said in a newly-released privacy policy that it collects certain on-chain data from its users to continually make…
2 years ago