[ad_1]
This year has been a turbulent year for the cryptocurrency industry. Market prices have plummeted, crypto giants have collapsed, and billions of dollars have been stolen in cryptocurrency exploits and hacks.
It wasn’t even mid-October when Chainalysis declared 2022 to be “the biggest year ever for hacking activity.”
As of December 29, the 10 biggest exploits of 2022 have stolen $2.1 billion from crypto protocols. Below are the exploits and hacks ranked from least to greatest.
10: Beanstalk Farms exploit — $76 million
Beanstalk Farms, a stablecoin protocol, was exploited for $76 million on April 18th by attackers using flash loans to buy governance tokens. This was used to pass his two proposals to insert malicious smart contracts.
The exploit was originally thought to have cost about $182 million Beanstalk ran out of all collateral, but in the end less than half of it escaped the attackers.
9: Qubit Finance Bridge Exploit — $80 Million
Qubit Finance, a decentralized finance (DeFi) protocol on the BNB smart chain, had $80 million worth of BNB (BNB) stolen in a bridge exploit on January 28th.
Attackers tricked the protocol’s smart contract into believing that they had deposited collateral that could create an asset representing Bridge Ether (ETH).
They have done this over and over, borrowing multiple cryptocurrencies against the unbacked bridge ETH and depleting the protocol’s funds.
8: Rari Fuse exploit — $79.3 million
Another DeFi protocol called Rari Capital was exploited for around $79.3 million on April 30th.
The attackers exploited a reentrancy vulnerability in the protocol’s Rar Fuse liquidity pool smart contract by calling a function on the malicious contract to empty the pool of all crypto.
In September, the Tribe DAO, which includes Rari Capital and other DeFi protocols, voted to refund users affected by the hack.
7: Hacking the Harmony Bridge — $100 Million
In yet another bridge hack, Horizon Bridge, which links Ethereum, Bitcoin (BTC), and BNB chains to Harmony’s Layer 1 blockchain, exfiltrated nearly $100 million in multiple cryptocurrencies.
Blockchain forensics firm Elliptic has identified that North Korean cybercrime syndicate Lazarus Group has been hacked.
Lazarus targeted the login credentials of Harmony employees to compromise the platform’s security systems and gain control of the protocol before deploying an automated laundering program to transfer ill-gotten gains It is understood that
6: BNB Chain Bridge Exploit — $100 Million
The BNB chain was suspended on October 6th due to “irregular activity” on the network. This was later revealed as an exploit that drained around $100 million from his BSC Token Hub, a cross-chain bridge.
Initially, it was believed that the vulnerability that allowed the creation of around 2 million BNB, the native token of the chain, would allow the attackers to obtain around $600 million.
Unfortunately for the attackers, around $400 million worth of digital assets were frozen on the blockchain, and many more could have been trapped in a cross-chain bridge on the BNB blockchain side.
5: Wintermute Hack — $160 Million
Wintermute, a UK-based cryptocurrency market maker, said its hot wallet was compromised, with approximately $160 million in 70 tokens being transferred from the wallet.
An analysis by CertiK, a blockchain cybersecurity firm, found that the vulnerable private key was likely generated by Profanity, an app that allows users to generate vanity cryptographic addresses, that is known There is an exploit for
According to CertiK, this allowed attackers to use features with private keys that allowed hackers to change the platform’s swap contract to their own.
Due to the way the hack was carried out, a conspiracy theory claiming the hack was an “inside job” was debunked by BrockSec’s BrockSec, who said the claim was “not compelling enough.”
4: Nomad Token Bridge Exploit — 190M
On August 2nd, the Nomad token bridge, which allows users to exchange cryptocurrencies across multiple blockchains, was hit by multiple attackers for $190 million.
The exploit was due to a smart contract vulnerability that failed to properly validate transaction inputs.
Multiple users (both seemingly malicious and well-meaning) were able to copy the original attacker’s moves and funnel their own money. About 88% of the addresses that participated in the exploit were identified as “copycats” in the report.
Only about $32.6 million worth of funds were able to be intercepted and returned to the protocol by white hat hackers.
3: Wormhole Bridge exploit — $321 million
Wormhole Token Bridge was exploited on February 2nd, resulting in the loss of 120,000 Wrapped Ether (wETH) tokens worth $321 million.
Wormholes allow users to send and receive crypto across multiple blockchains. The attacker discovered a vulnerability in the protocol’s smart-her contract, allowing him to create 120,000 wETH on uncollateralized Solana (SOL), which he then exchanged for ETH.
At the time, it was marked as the biggest exploit of 2022 and the third largest protocol loss for the entire year.
2: FTX Wallet Hacked — $477 Million
When FTX’s bankruptcy proceedings opened on November 11 and 12, a series of illicit transactions took place on the exchange, with Elliptic suggesting that around $477 million worth of cryptocurrency had been stolen. .
In an interview on November 16, Sam Bankman-Fried narrowed down the culprits to eight, believing it to be “either the ex-employee or where someone installed malware on the ex-employee’s computer.” He said he was locked out of it. company system.
Related: The 7 Biggest Crypto Collapses of 2022 The Industry Wants To Forget
According to reports, on December 27, the U.S. Department of Justice investigated the whereabouts of approximately $372 million in missing cryptocurrencies.
1: Ronin bridge hack — $612 million
The largest exploit to occur in 2022 occurred on March 23, exploiting the Ronin Bridge for approximately $612 million (173,600 ETH and 25.5 million USD Coins (USDC)).
Ronin is an Ethereum sidechain built for Axie Infinity, a play-and-earn non-fungible token (NFT) game. Axie Infinity developer Sky Mavis said hackers gained access to private keys, compromised validation nodes, and approved transactions that drained funds from the bridge.
The US Treasury Department updated its list of Specially Designated Nationals and Blocked Persons (SDN) on April 14 to reflect that the Lazarus Group may have been behind the bridge’s exploits.
The Ronin bridge hack is the largest cryptocurrency exploit in history.
[ad_2]
Source link
