FTX Hack

The catastrophic failure of the widely used digital asset exchange FTX, with the loss of billions of dollars in cash, was the most significant cryptocurrency event of 2022 and perhaps the most important news story of the year.

In addition to filing for Chapter 11 bankruptcy on November 12, the celebrity-backed exchange was the target of an unknown cyberattack.

About $640 million worth of tokens were stolen from many wallets believed to belong to FTX. The money was then transferred to other cryptocurrency exchanges and changed into other digital currencies.

Unfortunately, the thief or thieves responsible for the missing funds remain unknown. New FTX management’s attorney, James Bromley, said during the collapsed exchange’s first court hearing that a significant proportion of the exchange’s assets are either lost or stolen.

$566,000,000 for Binance (Binance Smart Chain)

On October 6, hackers stole $566 million worth of BNB from a blockchain affiliated with the largest cryptocurrency exchange in the world.

This vulnerability affected the inter-chain bridge BSC Token Hub. The hackers basically created tokens out of thin air by forging withdrawal proofs. However, the assault against Binance did not result in user losses on the Binance blockchain.

Although a large number of tokens were stolen, the perpetrators could not get away with them all; according to Binance CEO Changpeng Zhao, the exchange was able to keep between 80% to 90% of the stolen assets safe.

It is because, after the assault, validators on the BSC chain halted the network, but hackers did transfer around $100 million to other chains.

$552,000,000 for Ronin

In March, hackers stole an estimated $552 million in Ethereum and USDC from Ronin, a sidechain for the widely played NFT game Axie Infinity. One week after Axie Infinity creator Sky Mavis announced the flaw, the total worth of the stolen cash had reached $622 million.

What strategy did they employ? The “hacked private keys” were used to make fake transactions and steal money.

Approximately $7 million in Ethereum was transmitted to cryptocurrency mixing provider Tornado Cash for fast laundering.

U.S. Treasury investigators subsequently found cryptocurrency wallet addresses that they believed belonged to the Lazarus cyber organization in North Korea.

$326 million Wormhole

It was a terrible year for decentralized financial protocols. DeFi is a catch-all word for the still-evolving category of applications that banks and brokerages use to automate routine tasks. It implies there is a safety concern, especially with bridges, which enable users to move cash across different blockchains.

The famous bridge, Wormhole, was vulnerable to an attack in February. Tokens were minted by hackers who focused on Solana (where users lock Ethereum within a smart contract in exchange for a similar amount of Wrapped Ethereum, or WETH). About $120,000’s worth of WETH tokens. That equated to around $326 million back in the day.

In the DeFi ecosystem, WETH, a token tied to the price of Ethereum at a ratio of 1:1, facilitates rapid monetary transfers.

Wormhole’s parent business, Jump Trading, a prominent participant in the Solana ecosystem, stepped in to replace the stolen goods and restore bridge service.

Nomad, $190 million

In August, there was a second attack on a bridge. All of Nomad’s Ethereum, USDC, DAI, FXS, and CQT were stolen by hackers who took advantage of a flaw in the update. Nomad is a service that allows users to exchange digital assets across multiple blockchains.

The money began trickling back in when the protocol’s backers promised a 10% incentive to hackers who returned the tokens (without imposing law enforcement).

Although around $22 million was recovered from the incident, it led the FBI to issue a warning to investors about the increased interest of cyber criminals in exploiting weak DeFi systems.

The $100M Harmony Bridge Hack

Another $100 million in various cryptocurrencies were stolen via a breach of the Horizon Bridge, which connects Ethereum, Bitcoin, and BNB Chain to Harmony’s layer-1 blockchain.

Because the money was laundered in a manner consistent with known Lazarus Group operations, blockchain forensics company Elliptic has concluded that the breach was carried out by that group of North Korean cybercriminals.

It is believed that Lazarus stole employee login credentials for the Harmony platform, compromised the site’s security, and took control of the protocol before using automated laundering programs to transfer funds.

The Wintermute $160M Hack

Approximately $160 million in 70 different tokens were stolen from the hot wallet of United Kingdom-based crypto-exchange Wintermute.

CertiK, a blockchain security company, conducted an analysis and found that a private key presumably produced by Profanity, an app that lets users construct vanity crypto addresses, was exploited.

Using the private key, the attacker could then perform a function that, according to CertiK, would enable the attacker to replace the swap contract on the platform with the attacker’s own.

BlockSec, a blockchain security company, disproved rumors that the attack was an “inside job” because of the method by which it was executed.

$182 million Beanstalk Farms

Beanstalk Farms is an Ethereum-based stablecoin system. Tokens called STALK were utilized in this technology. It would need the consent of the majority of STALK holders in order for any assets to be transferred out of Beanstalk Farms.

A hacker purchased a controlling stake in STALK via a flash loan (a very short-term crypto loan) in April. They then utilized STALK tokens to propose a huge transfer of cash and approve it. An estimated $80 million in profits were made by the hacker, but the attack led the stablecoin to fall, leading to total losses of $182 million.

The post Top 8 of 2022’s Worst Crypto Exploits appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.

The Lazarus Group is suspected of being the organization that was behind the Ronin Bridge scam. In March, a hacker gained access to the Ronin sidechain, which is connected to the main Ethereum blockchain but allows the developers of the play-to-earn game Axie Infinity, Sky Mavis, to support faster and cheaper transactions. As a result of the hack, 173,600 ETH and 25.5 million USDC were stolen, which had a market value of $625 million at the time. It is one of the most significant breaches in the history of crypto. In June, blockchain analytics company Elliptic discovered that the 100 million dollar Horizon Bridge attack could be traced back to Lazarus.

The Japanese National Police Agency did not identify any of the firms that were hacked or the sums that were taken, but it did identify the hacking gang. It’s something that the agency doesn’t usually tell the public before making an arrest because it could lead to another attack.

The post Lazarus, North Korean Hackers, Attacks Japanese Crypto Firms appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.