The year 2022 is bound to be influential for the cryptocurrency world. With more than 22,000 digital assets in circulation and growing, the potential for malicious actors to exploit this emerging market is huge.
In 2022, decentralized finance protocols faced immense volatility. Referred to as ‘DeFi,’ these applications use automation to provide financial services that banks and brokerages traditionally offered; however, security is a major concern — especially when it comes to the links users rely on for transferring funds across different blockchains.
Cryptocurrency hacks are becoming common as hackers turn out to be more sophisticated in their methods, and technology continues to evolve. This blog post will look at the top crypto hack of 2022 and explore how it occurred.
Where does Crypto security stand today?
Despite the drastic price drops of cryptocurrencies this year, hackers still exploit digital currencies as their go-to form of payment. Already in 2022, investors have lost more than $3 billion to hackers through a whopping 125 hacks — possibly making it the biggest year on record for hacking since 2021, according to blockchain analytics company Chainalysis.
October has already set a record for cyber-attacks, with $718 million stolen from 11 DeFi protocols. This is the biggest month of hacking activity that we’ve seen in this historic year.
The main reason why crypto companies get hacked is because of poor security measures. While cryptocurrency exchanges have beefed up their security protocols, these are still insufficient to prevent attacks. Crypto companies must regularly audit smart contracts, monitor threats, and implement strong security measures to protect themselves from hackers. This is no longer a nice-to-have feature; it’s a must.
The 9 biggest crypto hacks of 2022
1. Ronin Network — $625 million
In March of 2022, the Ronin Network — which hosts the widely popular Axie Infinity blockchain gaming application — faced one of its biggest cyberattacks.
In a matter of minutes, a malicious offender was able to acquire 173,600 Ether ($ETH) and 25.5 million USDC, which was converted into $625 million during that period.
Taking advantage of compromised private keys, the hacker fraudulently extracted all money from Ronin Bridge in a mere two transactions. The Ronin Network was subject to the largest DeFi hack to date.
Read our detailed post-mortem of the hack.
2. Binance (Binance Smart Chain) — $566 million descaled to $100 million
On October 6, malicious hackers targeted one of the world’s largest cryptocurrency exchanges and managed to steal an astounding $566 million in $BNB.
In this malicious hack, hackers targeted the BSC Token Hub cross-chain bridge with fabricated withdrawal proofs in an attempt to create tokens out of thin air. Fortunately, no users of Binance and its blockchain suffered any financial losses due to this incident.
Despite the massive amount of tokens stolen, Binance CEO Changpeng Zhao reported that their security measures had allowed them to stop around 80–90% of the targeted funds from being taken by hackers.
As a result of the attack, BSC chain validators froze their network — although hackers still managed to transfer around $100 million in funds onto other chains.
3. Wormhole — $326 million
In February, the well-known bridge Wormhole became a target of malicious hackers. The attack was concentrated on its leg in Solana, which requires users to first lock Ethereum into a contract to receive Wrapped Ethereum ($WETH) tokens at equivalent value. Astonishingly, 120,000 $WETH tokens were minted — that’s equal to $326 million at the time.
$WETH is a token that directly corresponds to the price of Ethereum, making it an ideal choice for those needing fast transactions in DeFi.
Elliptic, an analytics company, identified the vulnerability due to Wormhole’s lack of proper maintenance and validation for guardian accounts. This enabled the attacker to generate 120,000 $ETH without any Ethereum backing them up.
In a single stroke, the hacker converted 93,750 $WETH into Ethereum and the remaining funds to Solana, resulting in an estimated loss of $326 million. To prevent a large surge in inflation that would have damaged user faith in Wormhole, Jump Crypto (Wormhole's parent company) chose to replenish the 120,000 ETH missing.
Read our detailed take on Wormhole’s hack.
4. Nomad Bridge — $190 Million
In August, the cross-chain bridge Nomad experienced a security exploit and had almost all of its funds (over $190 million) drained from its platform.
When Nomad altered their code, the assault began. The Nomad Bridge incident was not perpetrated by one entity or organization but rather involved an expansive network of hundreds of addresses.
At precisely 9:32 P.M. UTC on August 1, something peculiar occurred; roughly 100 Wrapped $BTC ($WBTC) vanished from the platform, creating the very beginnings of what we now recognize as a security exploit.
With this vulnerability, malicious actors withdrew more money than they had originally deposited. The attackers continued exploiting the bridge until an estimated $190 million worth of cryptocurrency was stolen.
Nomad hadn’t noticed until it was too late.
5. Beanstalk Farms — $182 million
In April, a malicious attack on Beanstalk Farms — an advanced DeFi network aiming to manage the supply and demand of various digital assets — resulted in over $182 million worth of cryptocurrencies being stolen.
PeckShield discovered that the offender manipulated Beanstalk’s majority-rules governance system to move out a staggering $182 million.
By exploiting the flash loan, the attacker seized majority command of the protocol and reportedly made a remarkable $80 million in profits, and this proved to be the downfall of $BEAN stablecoin, and it plummeted from its $1 peg, resulting in a staggering loss of $182 million worth in Total Value Locked (TVL).
The stolen funds were circulated through Tornado Cash to disguise the source of their origin.
6. Wintermute — $162 million
In September, the United Kingdom-based crypto market maker Wintermute incurred an enormous loss of $162 million when hackers infiltrated their DeFi operations. Fortunately, their centralized finance and OTC activities remained untouched.
According to security company Certik, the hack resulted from an exposed private key and not because of any vulnerability within the smart contracts. It is speculated that this crucial information had been leaked or had undergone brute-force attacks. The most probable source of this hack was a security flaw within the renowned Profanity vanity address generator.
Evgeny Gaevoy, CEO of Wintermute, noted that the tool was not employed for “vanity” but instead to construct a private address to save transaction costs. It appears as though this particular attack was caused by human error.
7. Elrond — $113 million
In June, Elrond ($EGLD) was targeted by hackers who exploited a vulnerability in Maiar’s decentralized exchange. The attack resulted in the loss of approximately 1.65 million $EGLD tokens.
According to a team of researchers, the attackers took advantage of three wallets and a smart contract to steal an estimated $113 million worth of $EGLD from the exchange.
The hackers quickly sold 800,000 coins for an astonishing $54 million on the same decentralized exchange, while the remainder of the tokens were either exchanged on regulated exchanges or traded in Ethereum.
8. Mango Markets - $100 million
On October 11, Mango Markets — a DeFi platform developed on the Solana blockchain — experienced an attack costing them over $114 million. The malicious attacker manipulated the price of oracle data to acquire large crypto loans that were significantly under-collateralized.
The hacker deposited $5 million $USDC on the platform to open an impressive long position in $MNGO-PERP.
Soon after, the cost of $MNGO skyrocketed and elevated his account’s collateral worth. Leveraging this newfound value, he could take dramatically large debt positions on the Mango borrowing and lending platform.
A counteroffer was proposed to see the exploiter return $67 million of them while keeping $47 million as a bug bounty. The proposal was then put to a vote.
Although this incident can be classified more as a market manipulation than an actual hack or exploit, its substantial losses to the platform deemed it worth including in our list.
9. Horizon Bridge - $100 million
Horizon, an interoperability platform that bridges the Harmony, Binance Smart Chain, and Ethereum blockchain networks together, offers a unique opportunity for digital assets to move freely between different blockchains.
A mere few days after the initial Elrond exploit, malicious hackers conducted yet another attack on Horizon Bridge, resulting in a hefty $100 million loss.
PeckShield reported that an astonishing $98 million worth of tokens were exchanged for ether on the Harmony, impacting over 50,000 customer wallets. What’s more, the cybercriminals even managed to move a shocking sum of $35 million through Tornado Cash.
We were able to retrieve 78 million $AAG tokens from this hack with the help of our Core Protocol. Read the story.
Hackers become increasingly daring and creative in their attacks as the cryptocurrency sector expands. The hacks listed above should warn of the importance of security measures and the need for tighter regulations.
We cannot afford to be complacent; instead, we must continuously implement new security measures and create up-to-date solutions to minimize the risk of attacks. Ultimately, it’s up to us to protect ourselves and our digital assets; the future of crypto-asset management depends on it. If we can take adequate steps toward protecting our protocols, we can ensure a safe environment for all crypto users.
Restoring trust in web3 security. Lossless incorporates a new layer of blockchain transaction security, protecting projects and their communities from malicious exploits and associated financial loss.
Lossless protocol implements an additional layer of blockchain transaction security for ERC-20 standard tokens, mitigating the financial impact of smart contract exploits and private key theft. Lossless protocol utilizes community-driven threat identification tools and a unique stake-based reporting system to identify suspicious transactions, providing real-time protection.