Skip to main content

The 10 largest crypto hacks and exploits in 2022 saw $2.1B stolen

Just the top 10 major cryptocurrency exploits garnered over $2 billion for malicious actors in a year that was marred with bankruptcies and collapses.

It's been a turbulent year for the cryptocurrency industry — market prices have taken a huge dip, crypto giants have collapsed and billions have been stolen in crypto exploits and hacks.

It was not even halfway through October when Chainalysis declared 2022 to be the “biggest year ever for hacking activity.”

As of Dec. 29, the 10 largest exploits of 2022 have seen $2.1 billion stolen from crypto protocols. Below are those exploits and hacks, ranked from smallest to largest.

10: Beanstalk Farms exploit — $76M

Stablecoin protocol Beanstalk Farms suffered a $76 million exploit on April 18 from an attacker using a flash loan to buy governance tokens. This was used to pass two proposals that inserted malicious smart contracts.

The exploit was initially thought to have cost around $182 million as Beanstalk was drained of all its collateral but in the end, the attacker only managed to get away with less than half that.

9: Qubit Finance bridge exploit — $80M

Qubit Finance, a decentralized finance (DeFi) protocol on BNB Smart Chain, had over $80 million worth of BNB (BNB) stolen on Jan. 28 in a bridge exploit.

The attacker duped the protocol's smart contract into believing they had deposited collateral that allowed them to mint an asset representing bridged Ether (ETH).

They repeated this multiple times and borrowed multiple cryptocurrencies against the unbacked bridged ETH, draining the protocol’s funds.

8: Rari Fuse exploit — $79.3M

Another DeFi protocol called Rari Capital was exploited on April 30 for the sum of roughly $79.3 million.

The attacker exploited a reentrancy vulnerability in the protocol’s Rar Fuse liquidity pool smart contracts, making them call a function to a malicious contract to drain the pools of all crypto.

In September, Tribe DAO, which includes Rari Capital and other DeFi protocols, voted to reimburse affected users from the hack.

7: Harmony bridge hack — $100M

In yet another bridge hack, the Horizon Bridge that links Ethereum, Bitcoin (BTC), and BNB Chain to Harmony’s layer-1 blockchain was drained of around $100 million in multiple cryptocurrencies.

Blockchain forensics firm Elliptic pinned the hack on North Korean cybercriminal syndicate Lazarus Group, as the funds were laundered in a similar way to other known Lazarus attacks.

Lazarus is understood to have targeted Harmony employee login credentials, breaching the platform’s security system and gaining control of the protocol before deploying automated laundering programs to move their ill-gotten gains.

6: BNB Chain bridge exploit — $100M

The BNB Chain was paused on Oct. 6 due to “irregular activity” on the network, which later was revealed as an exploit that drained around $100 million from its cross-chain bridge, the BSC Token Hub.

Initially, it was thought the attacker was able to take around $600 million due to a vulnerability that allowed the creation of roughly two million BNB, the chain’s native token.

Unfortunately for the attacker, they had roughly over $400 million worth of digital assets frozen on the blockchain and more was possibly stuck in cross-chain bridges on the BNB blockchain side.

5: Wintermute hack — $160M

United Kingdom based crypto market-maker Wintermute suffered from a compromised hot wallet that saw approximately $160 million across 70 tokens transferred out of the wallet.

Analysis from blockchain cybersecurity firm CertiK claimed a vulnerable private key was attacked that was likely generated by Profanity — an app that allows users to generate vanity crypto addresses, that has a known exploit.

According to CertiK, this allowed the attacker to use a function with the private key that allowed the hacker to change the platform’s swap contract to the hacker’s own.

Conspiracy theories alleging the hack was an “inside job” due to how it was carried out were debunked by blockchain security firm BlockSec, who said the allegations were “not convincing enough.”

4: Nomad token bridge exploit — 190M

On Aug. 2, the Nomad token bridge, which allows users to swap cryptocurrencies across multiple blockchains, was drained by multiple attackers to the tune of $190 million.

A smart contract vulnerability that failed to properly validate transaction inputs was the cause of the exploit.

Multiple users, seemingly both malicious and benevolent, were able to copy the original attacker’s moves to funnel funds to themselves. Around 88% of addresses taking part in the exploit were identified as “copycats” in a report.

Only around $32.6 million worth of funds were able to be intercepted and returned to the protocol by white hat hackers.

3: Wormhole bridge exploit — $321M

The Wormhole token bridge suffered an exploit on Feb. 2 that resulted in the loss of 120,000 Wrapped Ether (wETH) tokens worth $321 million.

Wormhole allows users to send and receive crypto between multiple blockchains. An attacker found a vulnerability in the protocol’s smart contract and was able to mint 120,000 wETH on Solana (SOL) unbacked by collateral and was then able to swap this for ETH.

At the time it was marked as the largest exploit in 2022 and is the third-largest protocol loss overall for the year.

2: FTX wallet hack — $477 million

During the start of FTX’s bankruptcy proceedings on Nov. 11 and 12, a series of unauthorized transactions took place at the exchange, with Elliptic suggesting that around $477 million worth of crypto was stolen.

Sam Bankman-Fried said in a Nov. 16 interview that he believed it was “either an ex-employee or somewhere someone installed malware on an ex-employee’s computer” and had narrowed the perpetrator down to eight people before he was shut out of the company’s systems.

Related: 7 biggest crypto collapses of 2022 the industry would like to forget

According to reports, on Dec. 27 the United States Department of Justice launched an investigation into the whereabouts of around $372 million of the missing crypto.

1: Ronin bridge hack — $612M

The largest exploit to take place in 2022 happened on March 23, when the Ronin bridge was exploited for around $612 million — 173,600 ETH and 25.5 million USD Coin (USDC).

Ronin is an Ethereum sidechain built for Axie Infinity, a play-to-earn nonfungible token (NFT) game. Sky Mavis, Axie Infinity’s developers, said the hackers gained access to private keys, compromised validator nodes and approved transactions that drained funds from the bridge.

The U.S. Treasury Department updated its Specially Designated Nationals and Blocked Persons (SDN) list on April 14 to reflect the possibility that Lazarus Group was behind the bridge’s exploit.

The Ronin bridge hack is the largest cryptocurrency exploit to ever take place.



from https://ift.tt/IHpO1wu
https://ift.tt/1mgRe5y

Comments

Popular posts from this blog

How to play and earn in CryptoKitties

CryptoKitties is a blockchain-based game where players can buy, sell and breed digital cats with unique attributes. Reminiscent of Tamagotchi and Pokémon, the wildly popular digital pets and creatures of the 1990s, CryptoKitties is a blockchain-based game where players can collect, trade and breed digital virtual cats. CryptoKitties was the first Ethereum-based game, and its popularity underscored many of the network’s scaling issues. This digital cat-breeding blockchain game caused quite a bit of congestion on the Ethereum blockchain, peaking in 2020. However, the game’s creators were able to address these issues. What is CryptoKitties? Launched in 2017, CryptoKitties was built by Dapper Labs, the company that uses blockchain technology to bring nonfungible tokens (NFTs) and new forms of digital engagement to fans around the world. CryptoKitties is also considered one of the world’s first-ever blockchain games. In the game, each one of the digital collectible cats possesses a

Bitcoin dominance falls under 40%

While Bitcoin critics claim this means that BTC is losing its first-mover competitive advantage, others are anticipating the “altcoin season” is just around the corner, or might even be already underway. Bitcoin’s market dominance has continued to fall, bottoming out below 40% this week. That’s very close to the all-time low of 36.7% in Jan 2018 according to data from Tradingview. Bitcoin ( BTC ) market dominance refers to the ratio between BTC’s market cap and the total crypto market cap. It's not the first time dominance has dipped in 2021. Back in May, Cointelegraph reported that BTC had dipped to represent just 40.3% of the combined crypto asset capitalization, according to Coinmarketcap, and it neared the same level again in September.  Bitcoin critic and Europac chairman Peter Schiff tweeted about the event on Dec 29th, saying that it’s indicative that BTC is “losing its first-mover competitive advantage.” With over 16,000 alternative cryptos to choose from Bitcoin

Five Bitcoin Price Charts Analyzing The Dramatic Q1 2022 Conclusion

There are only hours remaining until the Q1 2022 close in Bitcoin price action. With the important quarterly candle set to close tonight, let’s look at what technicals might say about the direction of the next quarter. Q1 2022 Comes To A Close For Bitcoin The first quarter of a year, often sets the tone for the year to come. In investments, a poor Q1 performance is indicative of a bad year ahead. Considering the fact that Bitcoin price is now above $45,000 after touching $32,000 this quarter, it is tough to say the performance has been “poor” by anything other than crypto standards. Related Reading | Bitcoin Weekly Momentum Flips Bullish For First Time In 2022 The cryptocurrency has recovered nearly 40% from the low, leaving a long wick behind. Such a long wick suggests that before the quarter came to a close, buyers stepped up in a major way. Buyers were able to step up in a larger capacity in Q1 2022 than bears were able to in the final quarter of last year. The bearish wick to cl