News DeFi: Biggest Crypto Exploits and Hacks of 2022 Last year was bad, but 2022 was much worse, "the biggest year ever for hacking."

Blockchain analysis firm Chainalysis said 2022 was “the biggest year ever” in terms of the number of crypto projects hit with attacks and drained of funds—and that was in October. It certainly felt like it. "After four hacks yesterday, October is now the biggest month in the biggest year ever for hacking activity, with more than half the month still to go. So far this month, $718 million has been stolen from #DeFi protocols across 11 different hacks". — Chainalysis (@chainalysis) October 12, 2022 Just the hacks highlighted here add up to an enormous $2.2 billion, and these hacks represent only a small portion of the total attacks observed in 2022. The seeming lack of security this year has made an already brutal bear market even tougher for many. Chainalysis tells Decrypt that a full accounting of the year will be included in a wrap-up report next year. (Figures in this piece represent the value of the funds at the time of the incident.) 1. Binance (Binance Smart Chain): $566 million Hackers hit a blockchain associated with the world’s biggest crypto exchange on October 6, making away with $566 million in BNB. The exploit targeted the cross-chain bridge BSC Token Hub. Hackers essentially conjured tokens out of nothing using artificial withdrawal proofs. No users of Binance or its blockchain lost funds in this attack, though. Despite the huge amount of tokens pinched, the criminals weren’t able to pocket them all—Binance CEO Changpeng Zhao said they were able to prevent around 80% to 90% of the targeted funds from being taken by the hacker. This is because BSC chain validators froze the network following the attack—but hackers did manage to move around $100 million in funds to other chains. 2. Ronin: $552 million Hackers hit Ronin, a sidechain for the popular NFT game Axie Infinity, in March, pinching an estimated $552 million in Ethereum and USDC. When the exploit was disclosed by Axie Infinity developer Sky Mavis one week later, the value of the funds stolen had risen to $622 million. How’d they do it? By using “hacked private keys” to forge transactions and claim the funds. The funds were laundered quickly—as they typically are in hacks—with around $7 million in Ethereum sent to cryptocurrency mixing service Tornado Cash (now banned by U.S. government). The U.S. Treasury later identified wallet addresses allegedly tied to North Korea’s Lazarus hacking group in the attack. 3. Wormhole: $326 million Decentralized finance protocols got hit hard this year. DeFi is the catch-all term for apps that automate things banks and brokerages do, and they are still new and experimental. This means security is an issue, particularly with bridges, which allow users to transfer funds between chains. In February, the popular bridge Wormhole got hit with an exploit. Hackers targeted its leg on Solana (where users must first lock Ethereum into a smart contract to get an equivalent amount in Wrapped Ethereum, or WETH) to mint tokens. 120,000 in WETH tokens, to be exact. At the time, that was $326 million. WETH is token pegged to the price of Ethereum on a 1:1 basis, useful in the DeFi world for moving around funds quickly. Jump Trading, Wormhole’s parent company and a major player in the Solana ecosystem, was able to step in and save the day by replacing what was stolen and getting the bridge up and running again. 4. Nomad: $190 million Another bridge got hit in August. Nomad, which lets users move digital assets between different blockchains, lost all its funds—held in Ethereum, USDC, DAI, FXS, and CQT—after hackers took advantage of a bug in the upgrade. After those behind the protocol offered a 10% reward to hackers who returned the tokens—without enforcing law enforcement—funds started to trickle back in. About $22 million was recovered but the attack prompted the FBI to warn investors about how cyber criminals were eying up vulnerable DeFi platforms like never before. By Mat Di Salvo, Dec 23, 2022, https://decrypt.co/117695/year-of-the-hacks-biggest-exploits-and-hacks-of-2022

vya4slav's Recent Blog Posts

The European Union is set to be the first major jurisdiction in the world to agree how to regulate the digital asset sector, via its Markets in Crypto Assets regulation (MiCA). Under the…
2 years ago
Credit card giant Mastercard today announces that it’s welcoming seven new startups into its global startup engagement program, Mastercard Start Path. Since its inception in 2014,…
2 years ago
Theft has become a major issue in the NFT space, especially with so-called “wallet drainer” exploits ripping millions of dollars’ worth of assets from unsuspecting collectors—and there’s no way to…
2 years ago
Crypto exchange Binance has plunged $500 million into Elon Musk’s takeover of social media platform Twitter, with a view to giving crypto a “seat at the table.” Now, Binance CEO Changpeng ‘CZ’ Zhao…
2 years ago
Web3 is unlocking a new set of tools that enable artists to build compounding online support around shared values. “We raised $30,000 in minutes,” said CowgirlDAO founder Molly Dickson of her…
2 years ago