Each year, massive sums of money are lost due to crypto hacks and attacks. 2022 was termed the “biggest year ever for hacking activity”. Below are some of the notable crypto hacks of 2022.
RONIN NETWORK
Date of hack: 23rd March 2022
Reported loss: $625 million
According to Ronin Network, an attacker took over control of the validator nodes on the Ronin blockchain operated by Sky Mavis and Axie DAO. The validators play a crucial role in securing the chain by moderating activity. Unfortunately, the attacker gained entry through a backdoor.
To recognize a Deposit or Withdrawal event, five out of the nine validator signatures are necessary. However, the attacker gained control of four Ronin Validators operated by Sky Mavis and a third-party validator run by Axie DAO.
WORMHOLE BRIDGE
Date of hack: 2nd February 2022
Reported loss: $320 million
NOMAD BRIDGE
Date of hack: 1st August 2022
Reported loss: $190 million
BEANSTALK FARMS
Date of hack: 17th April 2022
Reported loss: $182 million
According to analysis from blockchain security firm CertiK, the Beanstalk attacker used a flash loan obtained through the decentralized protocol Aave to borrow close to $1 billion in cryptocurrency assets and exchanged these for enough beans to gain a 67 percent voting stake in the project.
WINTERMUTE
Date of hack: 20th September
Reported loss: $160 million
The Wintermute attack was enabled by a defect in Profanity’s algorithm. In a departure from the usual smart contract exploits, this defect allowed an attacker to directly target compromised private keys of Wintermute users.
Mudit Gupta, chief security officer at Polygon, guessed in a tweet that the hack was a result of a hot wallet compromise due to the Profanity bug uncovered by 1inch contributors a week ago. 1inch had warned that wallet addresses generated using the Profanity tool were at risk of compromise.
ELROND NETWORK
Date of hack: 5th June 2022
Reported loss: $113 million
Decentralized exchange Maiar was hacked in early June, with the hacker exploiting loopholes in a smart contract to steal 1.65 million EGLD (Elrond egold) worth an estimated $113 million. According to reports, the hacker managed to sell off 800,000 of the stolen tokens for a sum of $54 million. While the rest were either bridged to ETH or USDC, or being stored in a number of different wallets.
However, founder and CEO of Elrond Network Beniamin Mincu claimed that a significant portion of stolen funds were recovered.
FTX
Date of hack: 11th November 2022
Reported loss: $600 million
On November 11, 2022, FTX experienced a security breach resulting in a reported loss of $600 million. According to Dyma Budorin, the co-founder and CEO of the blockchain security auditing firm Hacken, wallets on the platform were drained of over $663 million in tokens. It is suspected that $477 million of those funds were stolen, with the remaining amount moved into secure storage by FTX.
Hacken conducted an investigation of blockchain transactions related to the hack and discovered that the attacker had gained access to all of the cold wallet storages. The perpetrator attempted to send USDT stablecoin on the Tron blockchain multiple times, but these efforts were unsuccessful due to a lack of TRX, the Tron network’s native token, in the wallet to pay transaction fees. Ultimately, the attacker used their verified personal account on Kraken, a cryptocurrency exchange, to send 500 TRX to the compromised wallet address in order to cover the transaction.
BINANCE
Date of hack: 6th October 2022
Reported loss: $570 million
The hack happened because of a bug in the smart contract where hackers could forge transactions and transfer funds into their wallets. The hacker transferred 1 million BNB tokens twice.
HARMONY BRIDGE
Date of hack: 24th June 2022
Reported loss: $100 million
In June 2022, Harmony Horizon project fell victim to a malicious attack that saw them lose nearly $100 million. North Korean state-backed hacking group, Lazarus Group was closely linked to the attack.
London-based blockchain analysis provider Elliptic linked the attack to Lazarus Group, alleging that the hack and the subsequent laundering of the stolen crypto assets were consistent with the activities of the North Korean hackers.
The hacker(s) managed to siphon $100 million in crypto assets, including Ethereum, BNB, Tether, USDC, and Dai.
MANGO MARKET
Date of hack: 11th October 2022
Reported loss: $100 million
Solana-based DeFi trading platform Mango Markets lost over a hundred million dollars to hackers who manipulated the price of native MNGO token, temporarily increasing the value of their collateral and then taking out a loan from the Mango treasury.
