As the crypto market experiences unprecedented turbulence and company collapses, 2022 proved to be a record-breaking year for cryptocurrency hacks.
From January to November 2022, hackers managed to steal a shocking $4.3 billion in cryptocurrency, an incredible 37% increase compared with 2021’s numbers, according to Privacy Affairs cybersecurity group’s data. In a recent report, Solidus Labs reveals that approximately 15 crypto-related scams are launched every hour by malicious actors.
The following are the most damaging hacks of 2022.
Axie Infinity’s Ronin Network ($625 million)
In March, hackers made the biggest breach of the year when they stole more than $600 million from Ronin Network – an Ethereum-linked sidechain used for the NFT game Axie Infinity. Exploiters had utilized hacked private keys to unlawfully withdraw funds on the 23rd of March. The hack was discovered only a week later after one user attempted to withdraw 5,000 ETH but was unable to do so.
In response to the incident, Sky Mavis, the company behind the bridge, confessed that they may have sacrificed safety for speed during the development process. After that, the company initiated a $150 million investment round led by Binance to compensate users who were affected. The round was further supported by Paradigm, Animoca Brands, Dialectic, Accel, and Andreesen Horowitz firms.
Wormhole Bridge ($320 million)
In February, Wormhole – a bridge between Solana and other blockchains that is notably amongst the largest ones of its kind – was subjected to an attack by hackers. After exploiting a weakness in the validation system, hackers successfully stole a counterfeit Wrapped Ethereum.
The cybercriminals employed the chain to transfer the Wrapped Ethereum into ETH. Later, Jump Crypto, Wormhole’s parent company, replenished all 120 000 ETH that had been lost after the attack.
Nomad Bridge ($190 million)
In August, DeFi bridge Nomad experienced a devastating hack of nearly $190 million due to 960 fraudulent transactions and 1,175 withdrawals. Exploiting an inherent bug in the protocol made it possible for users to take out more funds than they put into their accounts.
Word of the exploit quickly spread, inciting users to rush and take advantage of it. This prompted a frenzy with the public trying to submit unauthorized transactions, resulting in an instant depletion of all user funds held within the bridge’s smart contract.
Approximately $32 million was later restored by white hackers, according to Nomad. The funds were collected through the Anchorage Digital bank’s recovery wallet.
Beanstalk Farms ($182 million)
In April, a hacker took advantage of the Ethereum-based stablecoin protocol Beanstalk to execute an elaborate attack that resulted in a huge $182 million loss. The malicious actor made use of flash loans to purchase a majority stake in STALK – the native governance token for the protocol – and subsequently proposed a tremendous transfer of finances and validated the transaction by using their own majority decision.
After four long months, the stablecoin protocol eventually became operational again, with Beanstalk Farms officially “unpausing “its services in August – exactly one year since it first made its debut.
Wintermute ($160 million)
In September, Wintermute liquidity provider, one of the largest crypto liquidity providers offering market-making services for exchanges like Binance and Coinbase, revealed a security breach that cost them an estimated $160 million.
It has been speculated that the hack could be an inside job; however, no evidence or responsible party has been discovered.