Although some people think that blockchain hacking is not possible and that cryptocurrencies cannot be hacked, according to CointelegraphIn just 10 examples of the biggest cryptocurrency hacks in 2022, which were accompanied by bankruptcies and a fall in the value of cryptocurrencies, more than $2 billion was stolen.
2022 was a tumultuous year for the crypto industry, with market prices plummeting, crypto giants collapsing, and billions of dollars stolen in crypto hacks; But the good news is that the pulse of the cryptocurrency market is still beating and it has not lost its breath.
It wasn’t until the middle of October 2022 (May 1401) that Chainanalysis announced that 2022 was the biggest year for hackers and apparently, the 10 biggest hacks of 2022 caused the theft of 1.2 billion dollars from crypto protocols. Next, we’ve ranked the top 10 crypto hacks and exploits from smallest to largest.
10. Beanstalk hack for $76 million
On April 18, 2022, the Beanstalk stablecoin protocol was exploited by a hacker who, by using a quick loan and infiltrating the governance mechanism by gaining control of 66% of STALK tokens, was able to take over two-thirds of the voting power and present his proposal and vote for it. and execute it. In fact, the attacker used this opportunity and confirmed his two proposals, which were followed by malicious smart contracts.
Initially, this exploit was believed to have led to the theft of $182 million; But in the end, the attacker was able to escape with less than half of that amount. It should be mentioned that as a result of this attack, the value of each BEAN unit went from one dollar to 0.02 dollars.
9. Qubit Finance hack for $80 million
Qubit Finance, the DeFi protocol on Binance Smartchain, was the target of an attack on January 28, 2022 (8 February 1400), which stole more than $80 million in BNB.
Attackers were able to borrow from the protocol by exploiting the smart contract vulnerability in the X-Bridge interchain bridge, which is used to transfer tokens between Ethereum and Binance, and by placing fake collateral. They repeated this process several times and emptied the protocol box.
8. Hacking the Rari Fuse platform and stealing 3.79 million dollars
Another Protca Difai named Rari Capital was targeted by attacks on April 30, 2022 (10 May 1401), which resulted in a total of $79.3 million in financial losses.
Exploiting a re-entry vulnerability in the Rari Fuse protocol’s liquidity pool smart contracts, the hacker forced them to call a function on the malicious smart contract to drain the pool of all coins.
September 2022 (September 1401), the decentralized DAO protocol, which includes the Rari Capital protocol and several other DeFi protocols, agreed to refund users affected by the hack.
7. Hacking the Harmony bridge and stealing 100 million dollars
In another hack that happened again in one of the bridges, Horizon Bridge, which connects Ethereum, Bitcoin and BNB Chain to Harmony’s first layer blockchain, suffered an attack that resulted in the theft of 100 million dollars in the form of several cryptocurrencies.
Blockchain analytics company Elliptic attributed the hack to North Korean cybercriminals called the Lazarus Group; Because the stolen amount was similar to another attack of this money laundering group.
Members of the Lazarus group are said to have targeted the login credentials of Harmony employees, thereby penetrating the platform’s security system and taking control of the protocol before running an automated money laundering process to transfer the stolen cryptocurrencies.
6. Hacking BNB Chain bridge and stealing 100 million dollars
The BNB Chain network was shut down on October 6, 2022 (14 October 1401) due to unusual activity, which was later revealed to be an exploit that led to the theft of $100 million from its on-chain bridge, the BSC Token Hub.
Initially, it was thought that the attacker could steal around $600 million due to the vulnerability that allowed the creation of 2 million BNB tokens; But unfortunately for the attacker, about more than $400 million worth of digital assets were blocked on the blockchain, and another portion was stuck in cross-chain bridges on the BNB blockchain side.
5. The $160 million Wintermute hack
British cryptocurrency market maker Wintermute suffered an attack that led to the theft of $160 million in 70 tokens. Analysis by blockchain cybersecurity firm CertiK suggests that the private key vulnerability was attacked and possibly created by Profanity. Profanity is a program that allows the user to generate special crypto addresses (Vanity) and unfortunately these addresses have a known vulnerability.
According to CertiK’s report, the vulnerability allows a hacker to use a function with a private key that allows the exchange of the platform’s contract to be changed to the hacker’s own contract. Conspiracy theorists believe that the hacking of this platform was done by insiders because the blockchain security company BlockSec revealed how it was done; But the company responded that the allegations were not convincing enough.
4. Hacking the Nomad bridge and stealing 190 million dollars
August 2, 2022 (11 August 1401) The Nomad bridge, which allows users to move cryptocurrencies between multiple blockchains, was drained by several hackers and digital assets worth $190 million were stolen. The reason for the exploit was a vulnerability in the smart contract that failed to validate transaction inputs and ultimately led to the theft of assets.
Various users, from malicious users to contributors, could copy the movements of the original attackers and thus divert the funds to themselves. In a report, it was stated that about 88% of the addresses involved in the exploit were so-called “Copycat”.
The term copycat refers to users who copy malicious codes used by original hackers and only change the target token and the amount of the token and the address of the recipient. However, only about $32.6 million of the stolen funds were traced back to the protocol by white hat hackers.
3. Wormhole bridge hack and theft of 321 million dollars
Wormhole bridge was exploited on February 2, 2022 (13 Behan 1400), resulting in the theft of 120,000 Warpped Ether tokens worth $321 million. Wormhole bridge allows users to exchange cryptocurrencies between several different blockchains.
The attacker was able to carry out his attack by finding a vulnerability in the smart contract protocol and forging 120,000 wETH tokens on the Solana bridge without collateral and then converting it to ETH. At the time, this hack was recognized as the biggest heist of 2022, and now, as 2022 ends, it is ranked third.
2. Hacking FTX wallet and stealing 477 million dollars
At the time of the beginning of FTX bankruptcy on November 11 and 12, 2022 (November 20 and 21, 1401), a series of non-virtual transactions were carried out in this exchange, and according to the investigation of the security company Eliptic, about 477 million dollars of cryptocurrency was stolen through it.
Sam Bankmanfried On November 16, 2022 (Aban 25, 1401), he said in an interview that he believed that the theft was “either the work of a former employee or the attacker managed to install his malware somewhere on the computer of one of the former employees” and before he himself was fired from the company Shud had introduced 8 suspects.
According to reports, on December 27, 2022 (6D 1401), the United States Department of Justice began an investigation into the missing $372 million cryptocurrency after the arrest of Sam Benkmanfried.
1. The $612 million Ronin bridge hack
The biggest hack of the crypto world in 2022 happened on March 23 (April 3, 1401); When the Ronin Bridge was exploited and around $612 million in 173,000 ETH and 25.5 million in USD Coin was stolen.
Ronin Bridge is an Ethereum sidechain built for Axie Infinity; A game where you can earn Non-Featured Token (NFT). Sky Mavis, the developer of Axie Infinity, said hackers gained access to private keys and tricked validation nodes into confirming transactions that drained funds from the bridge.
United States Department of the Treasury List of Blocked Persons and Specially Designated Nationals (Specially Designated Nationals and Blocked Persons List) updated itself on April 14, 2022 (April 25, 1401) and raised the possibility that the North Korean hacking group, the Lazarus Group, was responsible for the hack. Currently, the Ronin bridge hack is considered to be the biggest hack in the cryptocurrency world that has ever happened.
In general, don’t forget that hacking and penetration depends on the scenario and the type of attack execution, and what may ultimately be hacked can be the user who uses that technology and makes the hacker achieve his nefarious goals.
What do you think about crypto hacks in 2022?