1 year ago
It's been a turbulent twelvemonth for the cryptocurrency manufacture — marketplace prices person taken a immense dip, crypto giants person collapsed and billions person been stolen successful crypto exploits and hacks.
It was not adjacent halfway done October erstwhile Chainalysis declared 2022 to beryllium the “biggest twelvemonth ever for hacking activity.”
As of Dec. 29, the 10 largest exploits of 2022 person seen $2.1 cardinal stolen from crypto protocols. Below are those exploits and hacks, ranked from smallest to largest.
10: Beanstalk Farms exploit — $76M
Stablecoin protocol Beanstalk Farms suffered a $76 cardinal exploit connected April 18 from an attacker utilizing a flash indebtedness to bargain governance tokens. This was utilized to walk 2 proposals that inserted malicious astute contracts.
The exploit was initially thought to person outgo astir $182 million as Beanstalk was drained of each its collateral but successful the end, the attacker lone managed to get distant with little than fractional that.
9: Qubit Finance span exploit — $80M
Qubit Finance, a decentralized concern (DeFi) protocol connected BNB Smart Chain, had over $80 cardinal worth of BNB (BNB) stolen connected Jan. 28 successful a span exploit.
The attacker duped the protocol's astute declaration into believing they had deposited collateral that allowed them to mint an plus representing bridged Ether (ETH).
They repeated this aggregate times and borrowed aggregate cryptocurrencies against the unbacked bridged ETH, draining the protocol’s funds.
8: Rari Fuse exploit — $79.3M
Another DeFi protocol called Rari Capital was exploited connected April 30 for the sum of roughly $79.3 million.
The attacker exploited a reentrancy vulnerability successful the protocol’s Rar Fuse liquidity excavation astute contracts, making them telephone a relation to a malicious declaration to drain the pools of each crypto.
In September, Tribe DAO, which includes Rari Capital and different DeFi protocols, voted to reimburse affected users from the hack.
7: Harmony span hack — $100M
In yet different span hack, the Horizon Bridge that links Ethereum, Bitcoin (BTC), and BNB Chain to Harmony’s layer-1 blockchain was drained of astir $100 million successful aggregate cryptocurrencies.
Blockchain forensics steadfast Elliptic pinned the hack connected North Korean cybercriminal syndicate Lazarus Group, arsenic the funds were laundered successful a akin mode to different known Lazarus attacks.
Lazarus is understood to person targeted Harmony worker login credentials, breaching the platform’s information strategy and gaining power of the protocol earlier deploying automated laundering programs to determination their ill-gotten gains.
6: BNB Chain span exploit — $100M
The BNB Chain was paused connected Oct. 6 owed to “irregular activity” connected the network, which aboriginal was revealed arsenic an exploit that drained astir $100 cardinal from its cross-chain bridge, the BSC Token Hub.
Initially, it was thought the attacker was capable to instrumentality astir $600 cardinal owed to a vulnerability that allowed the instauration of astir 2 cardinal BNB, the chain’s autochthonal token.
Unfortunately for the attacker, they had astir implicit $400 cardinal worthy of integer assets frozen connected the blockchain and much was perchance stuck successful cross-chain bridges connected the BNB blockchain side.
5: Wintermute hack — $160M
United Kingdom based crypto market-maker Wintermute suffered from a compromised blistery wallet that saw astir $160 cardinal crossed 70 tokens transferred retired of the wallet.
Analysis from blockchain cybersecurity steadfast CertiK claimed a vulnerable backstage key was attacked that was apt generated by Profanity — an app that allows users to make vanity crypto addresses, that has a known exploit.
According to CertiK, this allowed the attacker to usage a relation with the backstage cardinal that allowed the hacker to alteration the platform’s swap declaration to the hacker’s own.
Conspiracy theories alleging the hack was an “inside job” owed to however it was carried retired were debunked by blockchain information steadfast BlockSec, who said the allegations were “not convincing enough.”
4: Nomad token span exploit — 190M
On Aug. 2, the Nomad token bridge, which allows users to swap cryptocurrencies crossed aggregate blockchains, was drained by aggregate attackers to the tune of $190 million.
A astute declaration vulnerability that failed to decently validate transaction inputs was the origin of the exploit.
Multiple users, seemingly some malicious and benevolent, were capable to transcript the archetypal attacker’s moves to funnel funds to themselves. Around 88% of addresses taking portion successful the exploit were identified arsenic “copycats” successful a report.
Only around $32.6 cardinal worthy of funds were capable to beryllium intercepted and returned to the protocol by achromatic chapeau hackers.
3: Wormhole span exploit — $321M
The Wormhole token bridge suffered an exploit connected Feb. 2 that resulted successful the nonaccomplishment of 120,000 Wrapped Ether (wETH) tokens worthy $321 million.
Wormhole allows users to nonstop and person crypto betwixt aggregate blockchains. An attacker recovered a vulnerability successful the protocol’s astute declaration and was capable to mint 120,000 wETH connected Solana (SOL) unbacked by collateral and was past capable to swap this for ETH.
At the clip it was marked arsenic the largest exploit successful 2022 and is the third-largest protocol nonaccomplishment wide for the year.
2: FTX wallet hack — $477 million
During the commencement of FTX’s bankruptcy proceedings connected Nov. 11 and 12, a series of unauthorized transactions took spot astatine the exchange, with Elliptic suggesting that astir $477 cardinal worthy of crypto was stolen.
Sam Bankman-Fried said successful a Nov. 16 interview that helium believed it was “either an ex-employee oregon determination idiosyncratic installed malware connected an ex-employee’s computer” and had narrowed the perpetrator down to 8 radical earlier helium was unopen retired of the company’s systems.
Related: 7 biggest crypto collapses of 2022 the manufacture would similar to forget
According to reports, connected Dec. 27 the United States Department of Justice launched an investigation into the whereabouts of astir $372 cardinal of the missing crypto.
1: Ronin span hack — $612M
The largest exploit to instrumentality spot successful 2022 happened connected March 23, erstwhile the Ronin span was exploited for astir $612 million — 173,600 ETH and 25.5 cardinal USD Coin (USDC).
Ronin is an Ethereum sidechain built for Axie Infinity, a play-to-earn nonfungible token (NFT) game. Sky Mavis, Axie Infinity’s developers, said the hackers gained access to backstage keys, compromised validator nodes and approved transactions that drained funds from the bridge.
The U.S. Treasury Department updated its Specially Designated Nationals and Blocked Persons (SDN) database connected April 14 to reflect the possibility that Lazarus Group was down the bridge’s exploit.
The Ronin span hack is the largest cryptocurrency exploit to ever instrumentality place.
English (US) 