Over the last decade, hackers have been targeting blockchain platforms. The volume of transactions and funds processed on these platforms has made them a target for theft and fraud. This article highlights some cryptocurrency cyber hacks that have occurred in the last decade.
Wormhole bridge attack
Most blockchains developed after Ethereum have been focused on resolving the issues that have been identified in it. Solana is one of them, and it claims to provide faster and cheaper transactions.
Regardless of the challenges with Ethereum, it is one of the most widely used networks, which implies that newer chains are developing ways to link to it. This is how the concept of cross-chain bridges came about.
The Wormhole Bridge was designed to connect Ethereum to Solana. A wormhole is a protocol that facilitates the seamless transfer of tokens and NFTs between Ethereum and Solana, providing the latter with cross-chain functionality.
Two smart contracts handle the transactions automatically, allowing the bridge to function properly. One contract is available on the Ethereum side, while the other is operational on the Solana side.
The hackers exploited a loophole in the smart contract on the Solana side of the bridge, creating 120,000 WETH-wrapped ether. They were able to redeem the WETH for Ether on the Ethereum side of the bridge.
When the attack occurred in the first week of February 2022, the project’s developers took the bridge offline for maintenance. According to CertiK, a blockchain cybersecurity organization, Ether, SOL, and USDC were taken. The hackers stole $251 million in Ether, about $47 million in Solana, and at least $4 million in USDC.
Some crypto thought leaders have previously criticized the concept of bridges.
The founder of Ethereum, Vitalik Buterin, believes that bridges are ineffective and will not stand the test of time due to security vulnerabilities.
Coinrail
In June 2018, Coinrail, a notable South Korean Exchange, announced that it had been hacked. The exchange immediately suspended transactions during that period after it lost over $40 million worth of cryptocurrencies to the attackers. Most of the stolen coins were “NPXS token from the Pundi X project, ATC from Aston, and the NPER project’s NPER token.”
After the attack, BTC’s value dropped by 11%.
CoinDesk reported that the hacker was unable to liquidate the stolen funds.
“Data from Etherscan.io shows the address tried to sell some 26 million NPXS tokens at IDEX, a decentralized Ethereum asset exchange, right after it received 2.6 billion NPXS from another address that is also now labeled as a suspicious account – Fake_Phishing1431.
Coinrail and Pundi X claimed that IDEX froze the assets sent from the Fake_Phishing1432 address upon investigation and the NPXS tokens were not liquidated.”
BitMart
BitMart was hacked in December 2021, resulting in losses of about $200 million. The coins were stolen by the exploitation of loopholes in the platform’s hot wallet. The majority of the stolen tokens were BSC-based coins and meme coins. BitMart believes that the massive breach was triggered by stolen private keys.
The exchange promised to compensate customers who had lost their funds. As of January 2022, their users were still complaining that BitMart was yet to refund their stolen tokens. Some users said that the exchange was not transparent with them about the attack and the refund process.
Cream Finance
Cream Finance has a history of hacks, from $36 million via its Iron Bank in February 2021 to $29 million in August 2021. Cream Finance, a lending and borrowing protocol on Ethereum, lost $130 million in ether and ERC-20 tokens to hackers in October 2021. The attackers were successful because they used an innovative flash loan system to game the platform. PeckShield believes the attack was successful due to a bug in a price oracle.
Cream Finance announced the hack on their Twitter page. According to Cream Finance,
“With the help of friends from Yearn Finance and others in the community, we were able to identify the vulnerabilities and patch them. In the meantime, we’ve paused our v1 lending markets on Ethereum and we’re in the process of putting together a post-mortem review.”
Bithumb
Bithumb is no stranger to attacks and theft attempts. In 2019, the exchange suffered a single attack that resulted in the loss of 3.07 million EOS and 20.2 million XRP.
During that time, the stolen coins were valued at $13 million. The attacker gained access to the hot wallet through a series of transactions.
Shortly after the hack, some of the stolen XRP and EOS were laundered to numerous wallet addresses. The crypto exchange believes that the breach was initiated by an insider because there was no proof that the attacker gamed the system from outside the exchange.
At the time of the attack, Bithumb announced that it was collaborating with other exchanges and government agencies to investigate the attack and find the culprit. After the hack, the remaining funds in the hot wallet were instantly transferred to the cold wallet.
Poly Network
In 2021, crypto enthusiasts woke up to the news that Poly Network had lost over $600m in assets to a hacker. Assets worth $85m, $264m, and $250m of assets were stolen from Polygon, Ethereum, and Binance Smart Chain wallets respectively.
The news of the hack sparked the interest of the crypto community, and the victim asked the hacker to refund the stolen assets. In return, they would be given a bounty of $500,000 and a job within the organization.
Surprisingly, the hacker was open to dialogue with their victim, claiming that they did not steal the tokens with malicious intents. The hacker was dubbed ‘Mr. White Hat’, and they went on to state that they noticed a vulnerability in the network and decided to point it out before Poly Network covered it.
Mr. White Hat returned the funds, according to Poly Network.
“To extend our thanks and encourage Mr. White Hat to continue contributing to security advancement in the blockchain world together with Poly Network, we cordially invite Mr. White Hat to be the Chief Security Advisor of Poly Network,” the firm said in a statement.
“Poly Network previously promised to reward Mr. White Hat with a $500,000 bug bounty, but he did not accept it and has publicly stated that he has considered offering it to the technical community who have made contributions to blockchain security,” Poly Network added.
“We fully respect Mr. White Hat’s thoughts, and to express our gratitude, we will still transfer this $500,000 bounty to a wallet address approved by Mr. White Hat for him to use it at his own discretion for the cause of cybersecurity and supporting more projects and individuals.”
Some crypto enthusiasts believe that the hacker may have realized that it was near impossible to liquidate that amount of cryptocurrencies without attracting attention. Others believed that Mr. White Hat was altruistic. To some, this was a publicity stunt by the network.
Badger Finance
Badger Finance lost over $120 million to a hacker in December 2021. The DeFi platform stated that the attack was successful because the hacker used “a maliciously injected snippet” from Cloudflare. As part of their strategy, the attackers were able to create a compromised API key, which they used in injecting the malicious code into the platform’s architecture.
Out of the $130 million that the hacker stole, $9 million was recovered by the protocol because the hacker had not transferred the latter when the attack was spotted by Badger Finance.
The development team has plugged the loophole and is currently working with crypto security and analytics organizations like Mandiant and Chainalysis to stop it from repeating itself.
Coincheck
Coincheck, a Japanese exchange was attacked in 2018 and lost 523 million NEM coins. The hacker successfully drained the hot wallet.
According to Fortune,
“Coincheck hasn’t disclosed how their system was breached beyond saying that it wasn’t an inside job. The company did own up to a security lapse that allowed the thief to seize such a large sum. Coincheck also lacked multi-signature security, a measure requiring multiple sign-offs before funds can be moved.”
In Conclusion,
- The crypto space is not a stranger to hacks.
- Common methods used by hackers are linked to hot wallet exploitation.
- Some platforms have been hacked on multiple occasions.
- Sometimes, the stolen funds are recovered by the platform.
- In some cases, the users of the platforms are compensated for their losses.
- Crypto platforms are always looking for ways to secure their architecture from hackers
If you would like to read more news articles like this, visit our Website. You can also follow DeFi Planet on Twitter, Facebook, Instagram, and LinkedIn.
