This year’s apparent lack of safety has made surviving the bear market even more challenging for many people.
The catastrophic failure of the widely used digital asset exchange FTX, with the loss of billions of dollars in cash, was the most significant cryptocurrency event of 2022 and perhaps the most important news story of the year.
In addition to filing for Chapter 11 bankruptcy on November 12, the celebrity-backed exchange was the target of an unknown cyberattack.
About $640 million worth of tokens were stolen from many wallets believed to belong to FTX. The money was then transferred to other cryptocurrency exchanges and changed into other digital currencies.
Unfortunately, the thief or thieves responsible for the missing funds remain unknown. New FTX management’s attorney, James Bromley, said during the collapsed exchange’s first court hearing that a significant proportion of the exchange’s assets are either lost or stolen.
On October 6, hackers stole $566 million worth of BNB from a blockchain affiliated with the largest cryptocurrency exchange in the world.
This vulnerability affected the inter-chain bridge BSC Token Hub. The hackers basically created tokens out of thin air by forging withdrawal proofs. However, the assault against Binance did not result in user losses on the Binance blockchain.
Although a large number of tokens were stolen, the perpetrators could not get away with them all; according to Binance CEO Changpeng Zhao, the exchange was able to keep between 80% to 90% of the stolen assets safe.
It is because, after the assault, validators on the BSC chain halted the network, but hackers did transfer around $100 million to other chains.
$552,000,000 for Ronin
In March, hackers stole an estimated $552 million in Ethereum and USDC from Ronin, a sidechain for the widely played NFT game Axie Infinity. One week after Axie Infinity creator Sky Mavis announced the flaw, the total worth of the stolen cash had reached $622 million.
What strategy did they employ? The “hacked private keys” were used to make fake transactions and steal money.
Approximately $7 million in Ethereum was transmitted to cryptocurrency mixing provider Tornado Cash for fast laundering.
$326 million Wormhole
It was a terrible year for decentralized financial protocols. DeFi is a catch-all word for the still-evolving category of applications that banks and brokerages use to automate routine tasks. It implies there is a safety concern, especially with bridges, which enable users to move cash across different blockchains.
The famous bridge, Wormhole, was vulnerable to an attack in February. Tokens were minted by hackers who focused on Solana (where users lock Ethereum within a smart contract in exchange for a similar amount of Wrapped Ethereum, or WETH). About $120,000’s worth of WETH tokens. That equated to around $326 million back in the day.
In the DeFi ecosystem, WETH, a token tied to the price of Ethereum at a ratio of 1:1, facilitates rapid monetary transfers.
Wormhole’s parent business, Jump Trading, a prominent participant in the Solana ecosystem, stepped in to replace the stolen goods and restore bridge service.
Nomad, $190 million
In August, there was a second attack on a bridge. All of Nomad’s Ethereum, USDC, DAI, FXS, and CQT were stolen by hackers who took advantage of a flaw in the update. Nomad is a service that allows users to exchange digital assets across multiple blockchains.
The money began trickling back in when the protocol’s backers promised a 10% incentive to hackers who returned the tokens (without imposing law enforcement).
Although around $22 million was recovered from the incident, it led the FBI to issue a warning to investors about the increased interest of cyber criminals in exploiting weak DeFi systems.
The $100M Harmony Bridge Hack
Another $100 million in various cryptocurrencies were stolen via a breach of the Horizon Bridge, which connects Ethereum, Bitcoin, and BNB Chain to Harmony’s layer-1 blockchain.
Because the money was laundered in a manner consistent with known Lazarus Group operations, blockchain forensics company Elliptic has concluded that the breach was carried out by that group of North Korean cybercriminals.
It is believed that Lazarus stole employee login credentials for the Harmony platform, compromised the site’s security, and took control of the protocol before using automated laundering programs to transfer funds.
The Wintermute $160M Hack
Approximately $160 million in 70 different tokens were stolen from the hot wallet of United Kingdom-based crypto-exchange Wintermute.
CertiK, a blockchain security company, conducted an analysis and found that a private key presumably produced by Profanity, an app that lets users construct vanity crypto addresses, was exploited.
Using the private key, the attacker could then perform a function that, according to CertiK, would enable the attacker to replace the swap contract on the platform with the attacker’s own.
BlockSec, a blockchain security company, disproved rumors that the attack was an “inside job” because of the method by which it was executed.
$182 million Beanstalk Farms
Beanstalk Farms is an Ethereum-based stablecoin system. Tokens called STALK were utilized in this technology. It would need the consent of the majority of STALK holders in order for any assets to be transferred out of Beanstalk Farms.
A hacker purchased a controlling stake in STALK via a flash loan (a very short-term crypto loan) in April. They then utilized STALK tokens to propose a huge transfer of cash and approve it. An estimated $80 million in profits were made by the hacker, but the attack led the stablecoin to fall, leading to total losses of $182 million.