10 biggest DeFi hacks in 2022
The number of attacks on DeFi protocols is increasing with each passing year. However, it is not surprising given that a significant amount of money is locked in them, and the developers continue to be careless about the money storage security.
Today, the total value of assets locked in DeFi is over $50 billion. These funds are distributed among numerous networks and protocols. So, it's not surprising that the contracts are a lucrative target for hackers, given the amount of money frozen there.
According to PeckShield, there were 135 attacks in 2022 during which DeFi protocols lost a total of more than $2.3 billion. This is 50% more than in 2021.
The top 10 DeFi protocol hacks as of December 2022 are listed below.
1. Ronin Bridge ($620 million)
On March 29, 2022, an attacker hacked private keys to more than $620 million in crypto. He withdrew the money and moved stolen funds using a Tornado Cash mixer. The exchange's overall losses amounted to 173,600 ETH and 25.5 million USDC.
The hack is believed to have been carried out by hackers from the Lazarus group, who are linked to the North Korean government.
The hack is believed to have been carried out by hackers from the Lazarus group, who are linked to the North Korean government.
Source: Twitter
2. Wormhole Bridge ($326 million)
On February 2, 2022, a hacker exploited a vulnerability in the WETH contract and minted 2 million WETH. He swapped these tokens for other cryptocurrencies on the Serum decentralized exchange, and transferred the funds via Tornado Cash.
The hacker managed to escape with all the money while remaining anonymous.
The hacker managed to escape with all the money while remaining anonymous.
Source: Twitter
3. Nomad Bridge ($190 million)
The Nomad bridge is a protocol enabling users to move digital assets between different blockchains, including Ethereum, Avalanche, Evmos, Milkomeda, and Moonbeam. An unknown hacker discovered that transactions can be made without confirmation from the Nomad smart contract.
Immediately after he began withdrawing money, hundreds of people followed his example, since this method was so simple: they just copied and pastes the hacker's transaction calldata and replaced the original address with their own.
In a couple of hours, the TVL of the project fell from $190 million to $16,000.
Immediately after he began withdrawing money, hundreds of people followed his example, since this method was so simple: they just copied and pastes the hacker's transaction calldata and replaced the original address with their own.
In a couple of hours, the TVL of the project fell from $190 million to $16,000.
Source: Coinmarketcap
4. Beanstalk farms ($182 million)
In April, an attacker managed to withdraw $182 million from the Beanstalk protocol. Unlike the attacks mentioned before, this one was unique. The hacker took advantage of a voting system weakness in the protocol. He raised enough tokens to hold and pass a vote to send himself $182 million in crypto.
He managed to get the required number of tokens using the bXZ lending protocol. After the hacker paid off his creditors, he got about $76 million in actual profit.
He managed to get the required number of tokens using the bXZ lending protocol. After the hacker paid off his creditors, he got about $76 million in actual profit.
Source: Twitter
5. Wintermute ($160 million)
Wintermute is a decentralized finance platform that was hacked for $160 million at the end of September this year.
According to Wintermute CEO, the hack was caused by a serious bug in Profanity, an Ethereum address generation tool. Although he offered the attacker to return the money for a 10% reward, this never happened.
Source: Twitter
6. Maiar Exchange ($113 million)
In June, a hacker stole 1.65 million EGLD tokens from the Maiar decentralized exchange's wallets by taking advantage of a security loophole. He immediately sold 800,000 tokens on the exchange, converted the remaining funds to ETH and transferred them to other exchanges.
In a single day, ELGD's price fell by 92% – from $62 to $5. It is noteworthy that ELGD soon recovered to its previous levels, and the token is currently trading at just above $40.
Source: Twitter
7. Horizon Bridge ($100 million)
The Horizon bridge facilitates token transfers from Ethereum to the Harmony network. In June 2022, a few days after the Elrond exploit, the attackers stole about $100 million from Horizon. More than 50,000 users were affected by the hack. The project was thereafter closed.
The hackers moved about $35 million through Tornado Cash and vanished.
Source: Twitter
8. Rari Capital and Fei Protocol ($80 million)
The Rari Capital and Fei Protocol projects merged at the beginning of 2022. Shortly thereafter, about $80 million in crypto was stolen from their pools.
The Rari and Fei teams attempted to contact the hackers and offered them a $10 million reward for the money returned. However, the hackers chose to launder the money through Tornado Cash and keep it all for themselves.
The Rari and Fei teams attempted to contact the hackers and offered them a $10 million reward for the money returned. However, the hackers chose to launder the money through Tornado Cash and keep it all for themselves.
Source: Twitter
9. Qubit Finance ($80 million)
On January 27, an unknown person or group of people exploited a smart contract vulnerability and minted unlimited xETH. They then swapped xETH for BNB, sold it, and sent the asset off-chain. Blockchain experts claim that the hackers exploited a vulnerability in the Qubit code.
The attackers managed to steal 206,000 BNB, worth $80 million at that time.
The attackers managed to steal 206,000 BNB, worth $80 million at that time.
Source: Twitter
10. Cashio ($48 million)
The Solana-based protocol was compromised in March, allowing a hacker to mint an infinite amount of CASH stablecoins. He swapped these tokens for USDC and UST, and then withdrew them through the DEX Saber.
The total damage is estimated at $48 million. The price of CASH, which was previously pegged to the dollar at a rate of 1:1, fell to zero after the hack.
The total damage is estimated at $48 million. The price of CASH, which was previously pegged to the dollar at a rate of 1:1, fell to zero after the hack.
The hacker returned the money to the users that held less $100,000. In addition, he promised to donate the remaining funds to charity.
Source: Twitter
Even though the decentralized finance sector is one of the most promising in the crypto industry, it involves significant risks. The hacks we've listed serve as a reminder that DeFi developers still have a lot of work to do in order to make their protocols more secure. It is essential to protect your clients from unforeseen financial losses as the industry develops and gains popularity.