It's been a turbulent year for the cryptocurrency industry: market prices have plummeted, cryptocurrency giants have collapsed, and billions have been stolen in cryptocurrency hacks and exploits.
I hadn't even gotten there until mid-October when declared chainalysis 2022 will be the "biggest year for hacking activity."
As of December 29, the top 10 exploits of 2022 have resulted in the theft of $2.1 billion from cryptographic protocols. Below are those exploits and hacks, ranked from lowest to highest.
10: Leveraging Beanstalk Farms: $76 million
Beanstalk Farms Stablecoin Protocol suffered a $76 million exploit on April 18 of an attacker who used a flash loan to buy government tokens. This was used to pass two proposals that inserted malicious smart contracts.
The exploit was initially believed to have cost around $182 million as Beanstalk ran out of all of their collateral, but in the end, the attacker only managed to get away with less than half.
9: Qubit Finance Bridge Exploitation: $80 Million
Qubit Finance, a decentralized finance (DeFi) protocol on BNB Smart Chain, had over $80 million worth of BNB (bnb) stolen on January 28 in a bridge exploit.
The attacker tricked the protocol's smart contract into believing that they had posted collateral allowing them to mint an asset representing Bridged Ether (ETH).
They repeated this multiple times and borrowed multiple cryptocurrencies against the unbacked bridged ETH, depleting the protocol's funds.
8: Rari Fuse exploit โ $79.3M
Another DeFi protocol called Rari Capital was exploited on April 30 for the sum of approximately $79.3 million.
The attacker took advantage of a reentrancy vulnerability in the protocol's Rar Fuse liquidity pool smart contracts, by having them call a function to a malicious contract to drain the pools of all cryptocurrencies.
In September, Tribe DAO, which includes Rari Capital and other DeFi protocols, voted in favor. refund affected users of the hack.
7: Harmony Bridge Trick: $100 Million
In another bridging hack, the Horizon Bridge linking Ethereum, Bitcoin (BTC), and the layer 1 blockchain of BNB Chain to Harmony was drained of about $100 million in multiple cryptocurrencies.
Blockchain Forensics Firm Elliptic covered the trick in the North Korean cybercriminal syndicate Lazarus Group, as the funds were laundered in a similar way to other known Lazarus attacks.
It is understood that Lazarus targeted the login credentials of Harmony employees, breached the platform's security system, and gained control of the protocol before implementing automated laundering programs to move their illicit proceeds.
6: BNB Chain Bridge Feat: $100 Million
The BNB chain was halted on October 6 due to "irregular activity" on the network, later revealed to be a feat which drained around $100 million from his cross-chain bridge, the BSC Token Hub.
Initially, it was thought that the attacker could take around $600 million due to a vulnerability that allowed the creation of approximately two million BNB, the chain's native token.
Unfortunately for the attacker, they had approximately $400+ million in digital assets frozen on the blockchain and possibly more were trapped in cross-chain bridges on the BNB side of the blockchain.
5: Wintermute Trick: $160 Million
UK-based crypto exchange creator Wintermute suffered a compromised hot wallet which saw approximately $160 million in 70 tokens transferred from the wallet.
Analysis from blockchain cybersecurity firm CertiK claimed a vulnerable private key was attacked which was likely spawned by Profanity, an app that allows users to generate vanity crypto addresses, which has a known exploit.
According to CertiK, this allowed the attacker to use a feature with the private key that allowed the hacker to exchange the platform's exchange contract for the hacker's.
Conspiracy theories claiming the hack was an "inside job" due to how it was carried out were discredited by blockchain security firm BlockSec, who said the allegations were "not convincing enough."
4: Nomad Token Bridge Mining: 190 Million
On August 2, several attackers drained Nomad's token bridge, which allows users to trade cryptocurrencies on various blockchains. to the tune of $190 million.
A smart contract vulnerability that was unable to properly validate transaction inputs was the cause of the exploit.
Multiple users, apparently both malicious and benevolent, were able to copy the original attacker's moves in order to funnel funds to themselves. Around 88% of addresses taking part in the exploit were identified as "copycats" in a report.
Only about $32.6 million in funding they could be intercepted and returned to the protocol by white hat hackers.
3: Wormhole Bridge Exploitation: $321 Million
The Wormhole Token Bridge suffered a feat on February 2 that resulted in the loss of 120,000 Wrapped Ether (wETH) tokens worth $321 million.
Wormhole allows users to send and receive crypto between various blockchains. An attacker found a vulnerability in the protocol's smart contract and was able to mint 120,000 wETH on Solana (SUN) without collateral backing and was later able to exchange this for ETH.
At the time, it was marked as the largest exploit in 2022 and is the third largest overall protocol loss for the year.
2: FTX wallet hack: $477 million
During the initiation of FTX's bankruptcy proceedings on November 11 and 12, a series of unauthorized transactions took place on the exchange, with Elliptic suggesting that around $477 million worth of crypto was stolen.
Sam Bankman-fried said in an interview on November 16 that he believed it was โa former employee or someone somewhere installed malware on a former employee's computerโ and had narrowed the perpetrator down to eight people before he was banned from company systems.
Related: The 7 Biggest Crypto Crashes Of 2022 That The Industry Would Like To Forget
On December 27, the United States Department of Justice reportedly started an investigation about the whereabouts of around $372 million of the missing crypto.
1: Ronin Bridge Hack: $612 Million
The biggest feat to take place in 2022 occurred on March 23, when the Ronin Bridge was blown up for around $612 million: 173,600 ETH and 25.5 million USD Coin (USDC).
Ronin is an Ethereum sidechain built for Axie Infinity, a play-to-win non-fungible token (NFT) game. Sky Mavis, the developers of Axie Infinity, said the hackers accessed to private keys, compromised validator nodes, and approved transactions that drained funds from the bridge.
The US Treasury Department updated its list of Blocked Persons and Specially Designated Nationals (SDNs) on April 14 to reflect the possibility that Lazarus Group was behind the bridge feat.
The Ronin Bridge hack is the largest cryptocurrency exploit to ever take place.
Post navigation
