2022 will go down in crypto history as one of the worst years ever because of the most intense bear market and tons of crypto hacks. There was allegedly more than $3 billion hacked in 2022, which brought enormous mistrust in the industry along with the FTX collapse.
Some hacks were relatively small, amounting to several million dollars. However, some were colossal, totalling a loss of hundreds of millions of dollars. The biggest crypto hacks included cross-chain bridges, DeFi protocols, and more. Let’s have a look at the five largest ones.
1. Hackers stole $625 million from Ronin Network
The Ronin Network suffers a $625 million hack, making it the largest crypto hack ever.
The hacker found a gas-free RPC node to gain access to the additional validator and used hacked private keys to forge fake withdrawals, draining 173,600 $ETH and 25.5M $USDC from the bridge.
— CoinGecko (@coingecko) March 30, 2022
This wasn’t just the largest hack of 2022, but the biggest crypto hack of all time! This cryptocurrency theft occurred on March 29th, when $625 million worth of crypto assets were stolen from the Ronin sidechain hosting Sky Mavis’ Axie Infinity game.
In order to host its wildly successful play-to-earn game Axie Infinity, Sky Mavis created Ronin. But things went downhill from there when the team couldn’t protect the Ronin Network from the attackers, who turned out to be the Lazarus hacking group from North Korea.
Also read: Argentina with Lionel Messi made it – but ARG token did not
Hackers broke into Sky Mavis’s network by sending a phishing email to a departing worker. Private keys for Ronin blockchain validator nodes were located and stolen from the company’s internal servers. Hackers stole validator keys and used them to take over the entire Ronin Network, transferring over 173,000 Ethereum (ETH) and 25.5 million USDC. Users with stolen funds were allegedly reimbursed in full.
2. FTX was hacked in the midst of the collapse
FTX is a great exception to the crypto hacks of 2022. While mostly decentralized projects were hacked in 2022, the bankrupt centralized exchange FTX was hacked after filing for bankruptcy. Shortly after its former CEO Sam Bankman-Fried (SBF) filed for Chapter 11 bankruptcy protection, the exchange’s wallets allegedly lost between $370 million and $400 million.
Due to reporting errors, some readers thought that the hack involved the same suspicious transfer of $400 million from FTX that had been ordered by the Securities Commission of the Bahamas for safekeeping the assets. John Ray III, the new CEO of FTX, testified that the hack and another large asset transfer mandated by Bahamian regulators were unrelated.
FTX office yesterday vs today #ftx #ftt #binance pic.twitter.com/0Zk7U4NIvm
— Investro.com (@investrocom) November 9, 2022
Reportedly, the Securities Commission of the Bahamas has its own $400 million in addition to the $400 million that was hacked from FTX. SBF speculated in an interview that a “former employee” or other bad actors may have stolen the private keys to FTX’s cryptocurrency wallets, though the identity of the hacker remains unknown.
John Ray III also revealed in his prepared testimony that FTX had adopted very poor security controls. Moreover, they stored private keys to their wallets in an unencrypted manner, both of which could have contributed to the hack. FTX allegedly used QuickBooks for its accounting, a tool that is not suited for a multi-billion dollar company.
3. Wormhole lost $325 million in an exploit
Wormhole is a protocol for establishing bridges between different blockchains. It became the target of the largest bridge exploit of the year in February. Users of Wormhole can choose to lock their Ethereum (ETH) in exchange for a pegged asset known as Wormhole ETH (wETH).
A hacker exploited a vulnerability in Wormhole on February 2nd. He forged security signatures on the bridge to create 120,000 wETH, worth $325 million at that time. All of the funds stored on Wormhole were depleted when the hacker traded the newly created wETH for real ETH on the Ethereum network.
Read more: Jim Cramer heavily criticizes crypto – bottom signal?
As a result of the incident, bridge operations were suspended, and for a while, it looked like Wormhole was finished. Gone for good. However, a few days after the hack, Wormhole announced that it had replaced all of the stolen ETH and reopened the bridge, shocking everyone.
The trading and VC firm that incubated Wormhole, Jump Crypto, has confirmed that it has replaced the 120,000 ETH that was stolen from the bridge with its own funds. This is something else.
4. Nomad – another bridge hack
Nomad, a connection point between the Ethereum, Avalanche, Moonbeam, and other blockchains was hacked on August 7th for a total of $190 million. This was the second largest cross-chain bridge hack of 2022. The breach happened because an update from Nomad’s developers was handled with several mistakes. Big mistakes.
Their wrongdoing allowed anyone to withdraw funds from the bridge without going through the trust contract check, rendering the bridge insecure. Once word of the update problem spread, more than 300 addresses flooded in to steal from Nomad.
Lucky for Nomad, some of the email addresses belonged to ethical hackers who gave the money back. Reportedly, more than $22 million was returned back to the crypto bridge company.
5. Beanstalk hacked for around $180 million
In April of 2022, the largest governance hack of the year targeted Beanstalk Farms, a stablecoin protocol. Beanstalk’s DAO, which is in charge of making decisions for the stablecoin project, had a security flaw that was exploited by an unnamed hacker. The native governance token, known as BEAN, allows anyone to submit a proposal that can be implemented in a single day.
BEAN chart, source: link
Someone with bad intentions proposed a plan in which the community would transfer cryptocurrency from the Beanstalk treasury to the attacker’s cryptocurrency wallet. After the vote was taken, the funds were transferred immediately.
You may also read: What is “unhosted” wallet – regulators attack your privacy
The perpetrator used a “flash loan,” which does not require collateral if paid back in the same transaction. The hacker used this to buy millions of dollars worth of bean tokens, guaranteeing that they would have enough to win the vote.
Unbeknownst to the core developers of Beanstalk, the hacker used this technique to steal around $80 million in BEAN tokens. The hacker then sold off those bean tokens on the platform, increasing Beanstalk’s loss even further. Reportedly, Beanstalk lost around $182 million in protocol revenue as a result of the incident.
Other hacks and final thoughts
This is not all. There are other hacks worth millions of dollars. Some different notable crypto hacks are an exploit of Mango Markets worth $114 million, Horizon for $100 million, and many others. So yes, 2022 was really challenging for those who participated in the crypto space, with around $3 billion lost in total in hacks.
Comments
Post has no comment yet.