The overview of the biggest hacker attacks in 2022

icon FOR
Photo - The overview of the biggest hacker attacks in 2022
It is easy for computer geniuses who refuse to play by the rules to exploit smart contracts errors, code bugs, security vulnerabilities, and various blockchain flaws. We prepared info about the largest crypto hacks of 2022 for you.
Investors have lost over $3 billion to hackers by the end of October 2022. This is certainly not the final number and it could jump by tens of millions more in the coming months. At this rate, 2022 will likely surpass last year’s record for crypto-hacking losses of $3.2 billion. 

Malicious attacks are still a big problem for blockchain and cryptocurrencies and are increasing year by year. Only the direction that hackers choose for their "pranks" changes. According to Chainalysis, until 2020, centralized exchanges were the main target of hackers. Hackers then switched to the DeFi sector, which became extremely popular in 2020.  However, over time, many crypto exchanges have built a fortress of security around their websites, taking into consideration their weaknesses. Hackers then switched to the DeFi sector, which became extremely popular in 2020. As a result, in 2022, almost all attacks were directed at decentralized exchanges.

In 2022, hackers were interested in cross-chain bridges, according to Chainalysis research. With their help, they illegally obtained $1.92 billion. This represents 64% of all stolen cryptocurrencies this year.
Percentage of hacker attacks by platform type. Source: Chainalysis.

Percentage of hacker attacks by platform type. Source: Chainalysis.

In 2022, hackers were interested in cross-chain bridges, according to Chainalysis research. With their help, they illegally obtained $1.92 billion. This represents 64% of all stolen cryptocurrencies this year.
Cross-chain bridge hacking compared to other attacks. Source: Chainalysis.

Cross-chain bridge hacking compared to other attacks. Source: Chainalysis.

Ronin

It's one of the largest crypto hacks that happened in March 2022. Around $622 million has been stolen from the Ronin Network sidechain, which runs the popular NFT game Axie Infinity from the Sky Mavis studio. Hackers were doing the following steps:

1. A phishing attack was launched against one of the employees to gain access to Sky Mavis' infrastructure and Ronin validators.

2. A flaw in a blockchain node was exploited to control a missing validator and confirm transactions.
3. They made a double invalid transaction, which was confirmed thanks to the second step

The signatures of only 5 validators were required to confirm the transaction. As it turned out later, 4 out of 9 validators acted on behalf of the company, which goes against principles of decentralization and security. Therefore, the hackers successfully carried out the attack. 

By the way, the analytical firm Elliptic found out that the largest theft of funds in the crypto sphere in 2022 was carried out by the North Korean hacker association Lazarus Group.

After this nasty incident, the developers updated their sidechain security system and audited the Ronin Bridge cross-chain bridge code. The minimum required number of validators responsible for verifying transactions has also been increased. And the most important fact is that the stolen funds were returned to their owners.

Wormhole Bridge

The Wormhole cross-bridge, which allows the transfer of tokens between Ethereum, Solana, BNB Chain, Polygon, Avalanche, Oasis and Terra blockchains, was hacked on February 3. Taking advantage of the security vulnerability, the hacker stole 120,000 Wrapped Ether (WETH) tokens,worth about $321 million at that time. The attacker bypassed the bridge check, minted WETH, then redeemed approximately 94,000 of these tokens with ETH on the Ethereum blockchain, while  the remaining WETH was swapped for other altcoins on the Solana network.

Wormhole founders failed to negotiate with the hacker, offering him a $10 million reward for returning stolen cryptocurrencies. As a result, Jump Crypto, the parent company of Wormhole bridge, had to cover losses out of its own pocket in order to avoid criticism from users. 

Nomad Bridge

Nomad Bridge is another cross-chain token bridge that became the target of hackers in 2022. After the attack, the amount blocked in the protocol dropped from $190 million to $1,794 in just a few hours. The hack was made from different addresses, and had about 960 transactions with a thousand separate withdrawals of funds through the bridge. 

On August 1st, after the Nomad team updated its smart contract, one of the hackers took advantage of code vulnerability. This flaw made it impossible to verify whether the transactions were approved and, as a result, they were processed immediately. When the other hackers found out about the bridge’s weakness, they quickly joined the party. 

The most impressive thing about this hack was how incredibly easy it was to get hands on the money. All it took to hack the bridge was to copy the hacker's original transaction and replace his address with yours.

Beanstalk Farms

Beanstalk Farms is an Ethereum-based DeFi protocol that suffered a $182 million loss in a control system hack on April 17. Initially, the attacker took advantage of flash loans from decentralized exchanges and used these funds to purchase a substantial amount of STALK governance tokens. He then deployed special malicious management proposals that helped him steal about $80 million in various cryptocurrencies. 

In the wake of the attack, the value of the BEAN stablecoin has tanked, while the entire protocol lost its $182 million in total value locked.The attacker laundered part of the stolen funds through the Tornado Cash mixing service, partially repaid flash loan, and transferred $250,000 to the Ukraine Crypto Donation wallet.

Wintermute

Automated market maker Wintermute has been hacked and lost $162.2 million in DeFi operations. ​​A flaw in the Profanity algorithm made it possible to attack the platform. It enabled cracking the private keys of the users.

This situation made even worse the already unenviable position of the company. The hack happened when Wintermute had $200 million in outstanding DeFi debt.Wintermute took out a $92 million loan on the TrueFi protocol from its USDT lending pool. The company repaid the loan one day before the due date.

Despite the fact that hacks continue to abound in the crypto world, many blockchain founders started to understand how to deal with it. There are initiatives to prevent a hacker attack. Many would-be attackers are willing to become white hat hackers and are happy to help companies to find vulnerabilities for a solid reward. Additionally, victims of attacks start auditing smart contracts and working hard on security to avoid future losses.