Security breaches and other incidents of compromise have been major roadblocks to the widespread adoption of cryptocurrency. High-profile thefts on cryptocurrency exchanges and platforms have made both new and experienced investors hesitant to invest their hard-earned money in what seem to be vulnerable crypto platforms.
Although it has been claimed that blockchain projects are secure, a series of brutal attacks, especially in 2022, have effectively disproved this myth. According to Chainalysis, more than $1.6 billion has been stolen from users as of 2022.
This article provides a timeline of some of the most significant crypto hacks of 2022, closely analyzing the details of each hack as well as their overall impact on the industry.
What are Crypto Hacks?
Cryptocurrency hacks happen when cybercriminals gain unauthorized access to and steal cryptocurrencies. These attacks can be carried out through both simple phishing schemes that trick people into visiting fake coin exchanges and complex software tools that break into real cryptocurrency exchanges.
Some of the most common crypto hacking techniques include:
Bridge Hack
This occurs when hackers target users’ cryptocurrencies as they are transferred from one blockchain to another. Each cryptocurrency transaction is recorded on a specific blockchain, and cross-chain bridges are protocols that allow for the transfer of cryptocurrencies from one blockchain to another.
While cross-chain bridges are important for blockchain interoperability, they can also be vulnerable to hacking. Cybercriminals can target these bridges in a number of ways, such as exploiting vulnerabilities in the bridge’s code or using leaked cryptographic keys.
In some cases, cross-chain bridge systems can even be tricked into converting counterfeit coins into real, valuable currencies on other blockchains.
Wallet Hack
Wallets are applications that allow users to access, manage, and transfer their cryptocurrencies. These programs can be installed on devices such as smartphones or computers and can either be “hot” (always connected to the internet) or “cold” (offline).
Hackers can gain access to users’ crypto holdings through a hot wallet in order to steal their funds.
Exchange Hack
Many cryptocurrency enthusiasts store and manage their currency on exchanges. While exchanges are beneficial, they also come with some risks. Hackers often target exchanges with phishing emails, exploits, and social engineering attacks because they hold large amounts of cryptocurrency on behalf of their users. If an exchange is hacked, the coins stored in their “hot wallets” may be stolen.
Top 13 Cryptocurrency Hacks of 2022
Crypto.com
A hacker disabled the 2FA (two-factor authentication) on the cryptocurrency exchange Crypto.com and stole ether (ETH) and bitcoin (BTC) from customer accounts in late January. Initially, Kris Marszalek, CEO of Crypto.com, denied that customer funds had been stolen before admitting the hack a few days later. In response to the exploit, the company said it is implementing “multi-factor authentication.”
This cryptocurrency exchange was the first to be hacked in 2022, compromising a large number of client accounts. In addition, the hack forced the exchange to disable certain services for 13 to 14 hours. The precise cause of the breach is still unknown.
Qubit Finance
On January 28, Qubit Finance, a DeFi protocol, reported an attack and the theft of 206,809 Binance Coins (BNB) from its QBridge protocol. The tokens were worth $80 million in total.
According to Certik, the attacker used a deposit option in the QBridge contract to create 77,162 qXETH, a type of cryptocurrency used to represent Ethereum bridged through Qubit.
The hacker convinced the platform that they had made a deposit. They traded the assets for BNB and vanished once the procedure had been repeated a certain number of times.
Wormhole
In February, a hacker targeted the Wormhole cross-chain bridge. The hacker exploited flaws in the protocol’s validation system to generate a large amount of wETH (wrapped Ethereum). The attacker escaped with $325 million.
IRA Financial Trust
In February, hackers broke into the Gemini crypto exchange and got access to the master key. This resulted in a $37 million loss for IRA Financial Trust, a platform for crypto-based retirement and pension plans.
IRA Financial Trust chose the legal path.
It filed a lawsuit against Gemini, the platform where customer funds were stored, for being responsible for the hack (due to its negligence).
Cashio
Hackers stole $48 million from Cashio after the Solana Protocol experienced an “infinite mint” glitch in March.
Fake accounts took advantage of an “infinite mint glitch” to establish worthless collateral for the CASH stablecoin. According to CoinGecko data, the coin’s peg fell to zero.
The Ronin Network
In March, over $620 million in USDC and ETH were stolen from the Ronin Network, Axie Infinity’s side chain (based on Ethereum).
The attacker used compromised private keys to create bogus withdrawals from the Ronin bridge contract in two transactions. The exploit was discovered on March 23 after a user tried unsuccessfully to withdraw 5,000 ether (ETH) a week later.
The hacker made off with 25.5 million USDC and 173,600 ETH. The heist is regarded as the Ronin Network’s largest DeFi hack.
Beanstalk Farms
Beanstalk Farms is an Ethereum-based stablecoin protocol. The protocol made use of a native governance token known as STALK. Transferring assets out of Beanstalk Farms would require approval from most STALK holders.
A hacker used a flash loan to purchase a majority stake in STALK in April. They then proposed a large-scale fund transfer, which they approved with their STALK tokens. The hacker is thought to have made around $80 million, but the hack caused the stablecoin to crash, resulting in total losses of $182 million.
Fei Protocol
A “reentrancy” bug in the lending protocol’s code allowed a hacker to obtain a loan while also withdrawing the collateral. It’s worth noting that the Fei stablecoin is still pegged to the US dollar. The April 30 hack led to a loss of $80 million.
Harmony Bridge
In June, the North Korean-linked Lazarus group gained access to two of the Binance and Ethereum bridges’ five security keys, allowing them to authorize transactions that siphoned assets from the bridge. The hackers made off with $100 million. Harmony now requires four of the five validator keys to agree on transactions.
Nomad Bridge
The Nomad Bridge hack was a cross-chain bridge attack that occurred in August. The hack resulted in Bitcoin losses of approximately $190 million. Hackers took advantage of a flaw in the protocol to withdraw more money than they had deposited. This hack involved hundreds of people. This may not have been a coordinated attack.
Wintermute
Wintermute, a prominent UK-based cryptocurrency market maker, lost approximately $162 million in September after its DeFi operations were hacked. However, its centralized finance and over-the-counter operations were unaffected.
According to Certik, the hack was not caused by a smart contract vulnerability but by the use of a vulnerable private key to attack the platform, which was either leaked or brute-forced. Certik also speculated that a flaw in the popular profanity-themed address generator most likely caused the hack.
What made the incident worse was that the market maker owed several platforms $200 million in DeFi debt, the largest of which was a $92 million Tether (USDT) loan issued by TrueFi. Wintermute, on the other hand, was able to repay its TrueFi loan on October 14, just one day before it was due to mature.
Mango Markets
On October 11, the Solana-based DeFi platform, Mango Markets, was exploited for approximately $114 million when price oracle data was manipulated, thereby allowing the hacker to steal massive, undercollateralized crypto loans.
The person had deposited $5 million in USDC on the platform, which he used to open a large long position in MNGO-PERP. The price of MNGO then skyrocketed, inflating the collateral value of his account. He then used this to take massive debt positions on the platform.
Later, the attacker proposed how the community should be run. They wanted Mango to use its remaining funds to pay off bad debts according to the rules, but the community refused.
The exploiter was then asked to return $67 million of the stolen tokens while keeping the remaining $47 million as a bug bounty.
BNB Chain
BNB Chain’s cross-bridge was exploited at the beginning of October, resulting in the minting of additional BNB tokens on the network. Although the exploit was initially estimated to be worth about $600 million, it was revealed on Reddit that the attacker drained between $100 and $110 million.
The individual went on to say that the exploit was carried out on the BSC Token Hub, which serves as a link between the BNB Beacon Chain and the BNB Chain. The exploit was caused by a flaw in the bridge’s smart contract, which allowed hackers to forge transactions and send money back to their cryptocurrency wallets.
In Conclusion
- The recent collapse of FTX has reminded people in the market that even well-established and mainstream companies can suddenly fail.
- The possibility that FTX may have been hacked, potentially leading to the loss of millions of dollars worth of cryptocurrency, has only added to the overall sense of chaos and uncertainty in the digital currency market.
- It is important for those who plan to continue using cryptocurrency to take precautions to protect themselves from the associated risks.
If you would like to read more articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, and Instagram.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”