The total value of assets lost to crypto hacks this year has reached a record $3 billion. Among the biggest crypto attacks of 2022, security incidents involving cross-chain bridges and decentralized finance (DeFi) protocols stood out, causing hundreds of millions of dollars in losses.
Here are the biggest crypto attacks in 2022:
1- Ronin Network
Ronin was hacked for $625 million in various crypto assets on March 29, making it the largest crypto heist to date.
The attackers gained access to Sky Mavis’ IT infrastructure through an email-based phishing attack against a former employee. Here, the hackers found and stole the private keys of the Ronin blockchain validator nodes, which the firm stored on its internal servers. Once the hackers gained access to the validator keys, they took control of the entire Ronin network and transferred over 173,600 Ethereum (ETH) and 25.5 million USDC stablecoins, totaling over $625 million.
2- FTX
The now-crashed exchange FTX has suffered one of the biggest attacks of 2022. The FTX hack, which took place in November, came to light after the exchange’s official Telegram administrators reported “unauthorized access”.
On-chain data showed the exchange’s wallets lost between $370 million and $400 million shortly after former CEO Sam Bankman-Fried filed for Chapter 11 bankruptcy protection.
3- Wormhole
Wormhole, a cross-chain bridge protocol, starred in one of the biggest hacks of this year in February.
Wormhole fell into the hands of a hacker who spoofed certain security signatures on the bridge and printed 120,000 wETH worth $325 million from the air. The hacker replaced the illegally minted wETH with real ETH on the Ethereum network, thus draining all the assets held in the Wormhole.
4- Nomad
Nomad, a bridge connecting Ethereum, Avalanche, Moonbeam, and Evmos blockchains, suffered the second largest cross-chain bridge hack of the year on August 7, with $190 million worth of assets lost. The attack was caused by a faulty update where the Nomad developers erroneously identified 0x00 as root.
This functionality meant that anyone could withdraw funds from the bridge and easily bypass the security without going through the trust agreement check. When the update issue was made public, more than 300 addresses attempted a free-for-all exploit to withdraw money from Nomad. Fortunately, some of the addresses belonged to white-hat hackers who later returned the $22 million to Nomad.
5- Beanstalk
Beanstalk Farms, a stablecoin protocol, experienced one of the biggest hacks of the year in April 2022.
An unknown hacker exploited a security loophole in the DAO, which oversees the decision-making process for Beanstalk’s stablecoin project.
A malicious actor submitted an offer asking the community to send crypto assets from the Beanstalk treasury to the hacker’s crypto address. Once the vote passed, the transfer was made automatically.
The attacker received an instant loan, a loan that can be taken without any collateral if returned within the same transaction. In this way, the hacker bought millions of dollars of Bean tokens to make sure he had enough tokens to validate the vote.
With this trick, the hacker managed to transfer about $80 million worth of Bean tokens from the project’s treasury without the Beanstalk core developers knowing. After that, the hacker sold these Bean tokens on the platform, the ultimate loss was significantly higher for Beanstalk. Security firm PeckShield estimates the incident cost Beanstalk $182 million in protocol loss.