Analysts estimate the damage from hacker attacks on crypto projects in 2022 at $3 billion
In total, Chainalysis counted 125 incidents related to attacks on crypto companies in 2022
29.12.2022 - 13:45
336
6 min
0
Pretty much everywhere you looked in crypto and blockchain last year there was some glaring problem. But ultimately falling crypto prices or company bankruptcies aren’t the worst problem for digital assets. Beyond the billions of dollars lost from the collapse of the Terra
Trust is essential to any new financial system and all of the hype and promise surrounding “immutable” ledgers and cutting out the middlemen has done little to slow down the den of thieves that has plagued crypto markets since its inception. In 2022, the five top steals accounted for $1.48 billion of the purloined funds, all involving decentralized finance (DeFi), which comprised 49% of the overall total.
Despite the fact that protocols are praised for their transparency, they lost 75% of total value locked over the last 11 months, according to blockchain analytics firm Elliptic. Data from decentralized finance dashboard DeFi Llama shows that total value locked in DeFi protocols shrank from 166.58 billion in the beginning of the year to $39 billion in mid-December.
Blockchain bridges were the main target, accounting for 70% of all losses this year and siphoning nearly $2 billion stolen from decentralized finance protocols, according to Elliptic. Cross-chain bridges became popular as one of the main ways to connect two blockchains, allowing users to move tokens from one chain to another. But in order to do so, blockchain bridges have to temporarily hold the value of the transaction in each of the tokens involved, making them tempting to hackers.
“In retrospect, there were a lot of cutting corners for expediency,” says Sam Williams, CEO of blockchain security firm Arweave
“Private keys to multi-signature wallets, says Williams, were another example of ecosystem vulnerabilities because of their distribution. Multi-signature wallets exist to spread decision-making power across different parties, making it harder to hack one key to damage the ecosystem. But across several cross-chain hacks this year, including that of the Ronin Network and the Harmony
“As an industry, we did not do well enough in calling out poor quality designs across the board,” he added.
The five largest crypto heists of 2022 range from cross-chain hacks to code exploits, stealing over $3 billion of investor funds.
Ronin Network: $625 million
In the biggest heist of the year, over half a billion dollars worth of ether and USD coin was stolen from the Ronin Network, a blockchain that supports the non-fungible-token-based video game Axie Infinity. According to Ronin, the attackers were able to hack nodes, the computers that process network transactions. The activity went unnoticed until a user was unable to withdraw funds and filed a report. The U.S. Treasury Department later linked the heist to North Korean state-backed hacking collective Lazarus Group.
Wormhole Network: $325 million
On February 2, an unknown hacker exploited a vulnerability in Wormhole Network, a bridging protocol that allows users to move cryptocurrencies and NFTs between multiple pairs of blockchains. According to Chainalysis, the attacker appears to have found a fault in Wormhole’s code that allowed them to create 120,000 wETH—an equivalent of ether tokens on the Solana
Nomad: approximately $190 million
A hacker took advantage of a weakness in Nomad’s code on August 1 by crafting a message that tricked the cross-chain protocol into sending stored tokens without proper authorization. The bug was so simple that it didn’t even require any programming skills to exploit it. Soon enough, dozens of copycats joined the heist. Nomad was able to recoup over $20 million after pleading with users to return the funds.
Beanstalk Farms: $182 million
In April, an attacker managed to drain over $150 million worth of crypto from Beanstalk Farms, an Ethereum
Wintermute: $160 million
The London-based crypto market maker lost $160 million in a September 20 hack. Founder and CEO Evgeny Gaevoy said that the attack likely originated with a service Wintermute had used called Profanity, which generates “vanity addresses” for digital-asset accounts to make them easier to work with than the roughly 30-character strings of varied letters and numbers that are typically used. These trading accounts were part of Wintermute’s DeFi business, with which it makes rapid trades on decentralized exchanges like Uniswap and SushiSwap. It appears that hackers were able to use brute-force computing to generate all the possible passwords to a company vanity address.
Mango Markets: $112 million
Avraham Eisenberg squeezed the liquidity out of Solana-based decentralized crypto exchange Mango Markets in mid-October, holding $112 million worth of tokens in ransom to force the organization to use the assets in its treasury to finance bad debt taken on to bail out a large investor earlier this year. The heist involved Eisenberg’s two accounts on the platform with the dollar-pegged USD coin, according to Mango, which took large positions in perpetual futures on the coin selling from one account and buying in another at an above-market price. As the token’s price spiked tenfold in other decentralized exchanges, he used the unrealized profit to borrow and withdraw a number of tokens from Mango itself.
BNB +0.1% Smart Chain XCN2 -5.6% : $110 million
Marking the beginning of 2022’s busiest month for crypto hacks, hackers were able to siphon an estimated $110 million from Binance’s BSC Token Hub on October 6. The cross-chain bridge between two Binance-affiliated chains—BNB Smart Chain (BSC) and BNB Beacon Chain—was exploited following a scheduled update. According to analysts and on-chain data, the hackers successfully exploited a bug in the bridge’s verified proofs that allowed them to forge approval messages and deposit the funds into their account. They were able to mint 2 billion BNB tokens as they attempted to drain the bridge of $560 million, but the hackers only successfully removed $110 million off-chain.
Harmony Horizon Bridge: $100 million
Harmony’s main bridge between the Ethereum and Binance Smart Chain blockchains was hacked in June, with hackers taking $100 million worth of cryptocurrencies. Though the protocol did not reveal how the funds were taken, the hack occurred over a series of 14 transactions across the chain. Even before the June hack, on-chain sleuths were concerned over the bridge’s safety mechanisms as a small number of validators on its multi-signature wallet made it vulnerable for exploits.
This material is taken from the website forbes.com.
Useful material?
Market
Due to supply shortages, the asset’s pre-market exchange rate was climbing above $1000
Dec 16, 2024
Incidents
Reports about the hacking of the exchange with calls to withdraw assets began to spread on December 13
Dec 13, 2024
Crypto regulations
Stablecoins from issuer Circle will not be affected by the changes
Dec 12, 2024
Crypto regulations
The platform will launch after meeting the preconditions of the local exchange authority
Dec 9, 2024
Market
The $1,1 billion figure was reached after the bitcoin correction
Dec 6, 2024
Crypto regulations
By early January, all open positions and loans of local users will be closed and repaid automatically
Dec 5, 2024