Blockchain analysis firm Chainalysis said 2022 was “the biggest year ever” in terms of the number of crypto projects hit with attacks and drained of funds—and that was in October. It certainly felt like it. "After four hacks yesterday, October is now the biggest month in the biggest year ever for hacking activity, with more than half the month still to go. So far this month, $718 million has been stolen from #DeFi protocols across 11 different hacks". — Chainalysis (@chainalysis) October 12, 2022 Just the hacks highlighted here add up to an enormous $2.2 billion, and these hacks represent only a small portion of the total attacks observed in 2022. The seeming lack of security this year has made an already brutal bear market even tougher for many. Chainalysis tells Decrypt that a full accounting of the year will be included in a wrap-up report next year. (Figures in this piece represent the value of the funds at the time of the incident.) 1. Binance (Binance Smart Chain): $566 million Hackers hit a blockchain associated with the world’s biggest crypto exchange on October 6, making away with $566 million in BNB. The exploit targeted the cross-chain bridge BSC Token Hub. Hackers essentially conjured tokens out of nothing using artificial withdrawal proofs. No users of Binance or its blockchain lost funds in this attack, though. Despite the huge amount of tokens pinched, the criminals weren’t able to pocket them all—Binance CEO Changpeng Zhao said they were able to prevent around 80% to 90% of the targeted funds from being taken by the hacker. This is because BSC chain validators froze the network following the attack—but hackers did manage to move around $100 million in funds to other chains. 2. Ronin: $552 million Hackers hit Ronin, a sidechain for the popular NFT game Axie Infinity, in March, pinching an estimated $552 million in Ethereum and USDC. When the exploit was disclosed by Axie Infinity developer Sky Mavis one week later, the value of the funds stolen had risen to $622 million. How’d they do it? By using “hacked private keys” to forge transactions and claim the funds. The funds were laundered quickly—as they typically are in hacks—with around $7 million in Ethereum sent to cryptocurrency mixing service Tornado Cash (now banned by U.S. government). The U.S. Treasury later identified wallet addresses allegedly tied to North Korea’s Lazarus hacking group in the attack. 3. Wormhole: $326 million Decentralized finance protocols got hit hard this year. DeFi is the catch-all term for apps that automate things banks and brokerages do, and they are still new and experimental. This means security is an issue, particularly with bridges, which allow users to transfer funds between chains. In February, the popular bridge Wormhole got hit with an exploit. Hackers targeted its leg on Solana (where users must first lock Ethereum into a smart contract to get an equivalent amount in Wrapped Ethereum, or WETH) to mint tokens. 120,000 in WETH tokens, to be exact. At the time, that was $326 million. WETH is token pegged to the price of Ethereum on a 1:1 basis, useful in the DeFi world for moving around funds quickly. Jump Trading, Wormhole’s parent company and a major player in the Solana ecosystem, was able to step in and save the day by replacing what was stolen and getting the bridge up and running again. 4. Nomad: $190 million Another bridge got hit in August. Nomad, which lets users move digital assets between different blockchains, lost all its funds—held in Ethereum, USDC, DAI, FXS, and CQT—after hackers took advantage of a bug in the upgrade. After those behind the protocol offered a 10% reward to hackers who returned the tokens—without enforcing law enforcement—funds started to trickle back in. About $22 million was recovered but the attack prompted the FBI to warn investors about how cyber criminals were eying up vulnerable DeFi platforms like never before. By Mat Di Salvo, Dec 23, 2022, https://decrypt.co/117695/year-of-the-hacks-biggest-exploits-and-hacks-of-2022
News DeFi: Biggest Crypto Exploits and Hacks of 2022 Last year was bad, but 2022 was much worse, "the biggest year ever for hacking."
vya4slav's Recent Blog Posts
Withdrawals from Binance, the world's largest crypto exchange, have surged as concerns over its proof-of-reserves report spook traders. The exchange has endured $902 million of net outflows (…
1 year ago
A judge in the Bahamas has denied disgraced FTX founder Sam Bankman-Fried's request for bail, calling the former billionaire a flight risk. The decision came hours after Bankman-Fried notified…
1 year ago
Robinhood Markets (HOOD) faces potential headline risk from imminent SEC market structure proposals, a cautious stock market outlook and potential fallout from the FTX collapse hitting crypto trading…
1 year ago
After weeks of speculation, the U.S. Department of Justice has officially filed criminal charges against Sam Bankman-Fried, the former CEO and founder of FTX. Bankman-Fried was arrested on Monday in…
1 year ago
Coinbase (COIN) said that total worldwide law enforcement and agency requests increased 66% to 12,320, according to its latest transparency report, released Monday. The report, the exchange's…
1 year ago