Here are the 8 biggest

P.

Everywhere you look in cryptocurrencies and blockchain last year, there were obvious problems. However, the eventual fall in cryptocurrency prices or bankruptcy of companies is not the worst problem for digital assets.Beyond the Billions of Dollars Lost in the Earth’s Collapse
Luna 3
Failure of Stablecoins and Crypto Finance Company Celsius
cell
Network, Voyager Digital, FTX Trading, over $3 billion stolen outright 125 hacksaccording to Chainalysis.

Trust is essential to the new financial system, and all the hype and promise surrounding an “immutable” ledger and the elimination of middlemen could do little to slow down the den of thieves that have plagued the crypto market since its inception. The top five thefts stolen in 2022 accounted for $1.48 billion in stolen funds, all of which involved decentralized finance (DeFi), accounting for 49% of the total. rice field.

The protocol has lost 75% of its total value locked in the last 11 months despite being highly praised for its transparency, according to blockchain analytics firm Elliptic. The total value locked in DeFi protocols fell from $166.58 billion at the beginning of the year to $39 billion in mid-December, according to data.

According to Elliptic, blockchain bridges were the main target, accounting for 70% of all losses this year, siphoning nearly $2 billion stolen from decentralized financial protocols. Cross-chain bridges have gained popularity as one of the main ways to connect two blockchains, allowing users to move tokens from one chain to another. But to do so, the blockchain bridge would need to temporarily hold the value of the transaction in each associated token, tempting hackers.

“In retrospect, we cut a lot of corners for convenience,” said Sam Williams, CEO of blockchain security firm Arweave.
AR
referring to the risks inherent in so-called blockchain bridges.

“Private keys in multi-signature wallets are another example of ecosystem vulnerability because of their distribution,” Williams said. Multisig wallets exist to distribute decision-making power among different parties. and make it difficult to hack a single key and damage the ecosystem, but this year saw multiple cross-chain hacks, including Ronin Network and Harmony.
harmony
The bridge allowed hackers to exploit multiple private keys held by a single party to gain access to the bridge’s protocol.

“As an industry, we haven’t done enough to flag low quality designs across the board,” he added.

The 5 biggest crypto heists of 2022 ranged from cross-chain hacks to code exploits, stealing over $3 billion in investor funds.

Ronin Network: $625 million

In the biggest heist of the year, more than $500 million worth of Ethereum and USD coins were stolen from the Ronin Network, the blockchain powering the irreplaceable token-based video game Axie Infinity. According to Ronin, attackers were able to hack nodes, computers that process transactions on the network. The activity went unnoticed until the user was unable to withdraw funds and submitted a report. The U.S. Treasury Department later linked the robbery to the North Korean government-backed hacking group Lazarus Group.

Wormhole Network: $325 million

On February 2nd, an unidentified hacker exploited a wormhole network vulnerability. The Wormhole Network is a bridging protocol that allows users to move cryptocurrencies and NFTs between multiple blockchain pairs. According to Chainalysis, the attacker had a flaw in his Wormhole code that allowed him to create 120,000 wETH. This is Solana’s Ether equivalent to his token.
Sol
Blockchain valued at approximately $325 million at the time it was stolen and did not provide the required collateral. After an ignored attempt to pay the hackers a bounty in exchange for the stolen funds, Wormhole’s parent company, Jump Crypto, replaced them.

Nomads: about $190 million

Hackers used a vulnerability in Nomad’s code on August 1 to craft a message that tricked the cross-chain protocol into sending stored tokens without proper authorization. The bug was so simple that it didn’t even require programming skills to exploit. Soon dozens of imitators joined the robbery. Nomad was able to get back over $20 million after asking users for their money back.

Beanstalk Farms: $182 million

In April, attackers managed to steal over $150 million in cryptocurrency from Ethereum’s Beanstalk Farms.
ethereum
Base stablecoin project. According to blockchain security firm CertiK, the attackers used flash loans obtained through the decentralized protocol Aave.
AAVE
It borrowed approximately $1 billion worth of cryptocurrency and exchanged it to gain a 67% voting stake in Beanstalk. Overwhelmingly, the hacker was able to transfer his Beanstalk tokens to his crypto wallet. Based on the duration of the Aave flash loan, the entire process took him less than 13 seconds.

Wintermute: $160 million

A London-based crypto market maker lost $160 million in a September 20th hack. Founder and CEO Evgeny Gaevoy said the attack was likely caused by Wintermute using a service called Profanity. It generates a “vanity address” for your digital asset account that is easier to work with than a string of about 30 characters of various letters and numbers. This is commonly used. These trading accounts were part of his DeFi business in his Wintermute, which does fast trading on decentralized exchanges like Uniswap and SushiSwap. Using brute force computing, the hackers were able to generate all possible passwords for the company’s vanity address.

Mango market: $112 million

Avraham Eisenberg squeezed liquidity from Solana-based decentralized cryptocurrency exchange Mango Markets in mid-October, holding $112 million worth of tokens as a ransom to force the organization to use Treasury assets. , had the bad debts owed to bail out huge amounts of money financed. Investor early this year. The robbery involved two of his accounts of Eisenberg on the platform using US dollar coins pegged to the dollar. according to mango, took a large position in perpetual futures by selling coins from one account and buying them in another account at a price above the market price. He used his unrealized profits to borrow and withdraw many tokens from his Mango itself, as the price of the token skyrocketed to ten times his on other decentralized exchanges.

BNB

BNB
smart chain

XCN2
: $110 million

Marking the start of the busiest month for cryptocurrency hacking in 2022, hackers were able to siphon an estimated $110 million from Binance’s BSC Token Hub on October 6th. A cross-chain bridge chain between his two Binance-related chains on BNB Smart Chain (BSC) and BNB Beacon – exploited after the scheduled update. According to analysts and on-chain data, hackers successfully exploited a bug in the bridge’s verified proofs to forge authorization messages and deposit funds into accounts. They tried to drain his $560 million bridge so he could create 2 billion BNB tokens, but the hackers could remove his $110 million off-chain. was successful.

Harmony Horizon Bridge: $100 million

Harmony’s main bridge between Ethereum and Binance’s Smart Chain blockchain was hacked in June, stealing $100 million worth of cryptocurrency. The protocol did not disclose how the funds were taken, but the hack occurred in a series of 14 transactions across the chain. Even before the June hack, on-chain investigators were concerned about the bridge’s security mechanisms, as a small number of validators in the multi-signature wallet were vulnerable to exploits.