Ten Crypto Thefts and Failures of 2022.
It’s been a turbulent year for the cryptocurrency industry — market prices have taken a huge dip, crypto giants have collapsed and billions have been stolen in crypto exploits and hacks. It was not even halfway through October when Chainalysis declared 2022 to be the “biggest year ever for hacking activity.” As of Dec. 29, the 10 largest exploits of 2022 have seen $2.1 billion stolen from crypto protocols. Below are those exploits and hacks, ranked from smallest to largest.
10: Beanstalk Farms exploit — $76M
Protocol for stablecoin On April 18, an assault employing a flash loan to purchase governance tokens resulted in a $76 million loss for Beanstalk Farms. Using this, two proposals with harmful smart contracts were passed.
To drain Beanstalk of all its collateral, the vulnerability was initially estimated to have cost roughly $182 million, but in the end, the attacker was only able to escape with less than half that amount.
9: Qubit Finance bridge scam: $80 million
Over $80 million worth of BNB was stolen on January 28 using a bridge hack from Qubit Finance, a decentralized finance (DeFi) protocol on the BNB Smart Chain.
The attacker tricked the smart contract of the protocol into thinking they had placed collateral, which allowed them to manufacture an asset that represented bridging Ether.
They repeatedly did this, depleting the protocol’s money while borrowing several cryptocurrencies against the unbacked bridging ETH.
8: Rari Fuse exploit — $79.3M
On April 30, the Rari Capital DeFi protocol was abused for a total of about $79.3 million.
To empty the pools of all cryptocurrency, the attacker forced the protocol’s Rar Fuse liquidity pool smart contracts to execute a function from a malicious contract by taking advantage of a reentrancy flaw.
Tribe DAO, which incorporates Rari Capital and other DeFi protocols, decided in September to compensate the impacted users.
7: $100M hack of Harmony Bridge
The breach was attributed to the North Korean cybercrime group Lazarus Group by blockchain forensics company Elliptic because the money was laundered similarly to other Lazarus assaults that were previously identified.
It’s believed that Lazarus sought out the login information for Harmony employees, exploited the platform’s security mechanism, and took control of the protocol before implementing automated laundering systems to transport their illicit riches.
6: $100 million BNB Chain bridge scam
The BNB Chain was put on hold on October 6 as a result of “irregular behavior” on the network, which was ultimately identified as an exploit that stole almost $100 million from its cross-chain bridge, the BSC Token Hub.
A flaw that let the production of almost two million BNB, the chain’s native token, was first considered to have allowed the attacker to steal about $600 million.
Unfortunately for the attacker, they had around $400 million worth of frozen digital assets on the blockchain, and probably more were trapped in cross-chain bridges on the BNB blockchain.
5: $160 million Wintermute hack
Wintermute, a British cryptocurrency market maker, had a hot wallet compromise that resulted in the transfer of almost $160 million over 70 tokens.
The app Profanity, which enables users to create vanity crypto addresses and has a known flaw, is thought to be the source of the attack on the susceptible private key, according to an analysis by blockchain cybersecurity company CertiK.
The platform’s swap contract might have been changed to the hacker’s own, claims CertiK, if the attacker had been able to invoke a function with the private key.
Blockchain security company BlockSec refuted conspiracy ideas, saying they weren’t “convincing enough” and that the breach was not an “inside job” owing to how it was conducted.
4. Exploitation of the Nomad Token Bridge- 190M
Various attackers stole $190 million from the Nomad token bridge on August 2, which enables users to exchange cryptocurrencies across multiple blockchains.
The exploit was caused by a flaw in smart contracts that improperly validated transaction inputs.
Multiple users were able to mimic the actions of the initial attacker to direct money to themselves, seeming to be both friendly and evil. According to research, 88% of the addresses involved in the attack were “copycats.”
White hat hackers were only able to intercept and return to the protocol about $32.6 million worth of money.
3. Wormhole bridge exploit: $321 million
On February 2, a bug in the Wormhole token bridge caused the loss of 120,000 Wrapped Ether (wETH) tokens valued at $321 million.
Wormhole enables users to transfer and receive cryptocurrency between different blockchains. A hacker was able to create 120,000 wETH on Solana without any backing thanks to a flaw in the protocol’s smart contract, which he was then able to exchange for real money.
It was noted at the time as the biggest exploit in 2022 and the third-worst protocol loss overall for the year.
2: $477 million stolen from FTX wallets
Elliptic claims that $477 million worth of cryptocurrency was stolen during the FTX bankruptcy procedures, which began on November 11 and 12. Several unlawful transactions occurred at the exchange.
Sam Bankman-Fried stated in an interview on Nov. 16 that he thought it was “either an ex-employee or someplace someone placed malware on an ex-computer” employee and that he had reduced the offender down to eight persons before he was barred from accessing the company’s networks.
1: Ronin bridge theft, $612 million
The Ronin bridge was breached for around $612 million on March 23 — 173,600 ETH and 25.5 million USD — making it the greatest exploit to occur in 2022.
A play-to-earn nonfungible token (NFT) game called Axie Infinity uses Ronin, an Ethereum sidechain. According to Sky Mavis, the creators of Axie Infinity, the hackers were able to obtain secret keys, infiltrate validator nodes, and accept transactions that emptied the bridge of its cash.
On April 14, the Specially Designated Nationals and Blocked Persons (SDN) list maintained by the U.S. Treasury Department was amended to reflect the probability that Lazarus Group was responsible for the bridge’s attack.
The biggest cryptocurrency exploits ever are the ones that happened on the Ronin bridge.
Shiv Kr Chhatwal is a Marketing Intern at NonceBlox Pvt. Ltd. Currently pursuing his undergraduate in commerce and is very curious to learn about Finance, Digital marketing, and management skills.