Major DeFi crypto hacks of 2022
This year, many cryptocurrency projects suffered from exploits and hacks. According to Chainalisys, 2022 became “the biggest year ever” when it comes to the number of assets lost – and that was in October. A considerable amount of funds were stolen in the past two months, adding to already enormous losses of over $3 billion.
We saw it all this year – cross-bridge exploits, decentralised application hacks, rug pulls and more. The lack of security has made an already difficult bear market even tougher for many people in the space. You can find major DeFi exploits on crypto hacks, page while we will go over the three biggest DeFi exploits of this year in this article.
Binance Smart Chain exploit
On October 6, hackers hit one of the biggest cross-bridges in the crypto space, BSC Token Hub. They exploited the bridge and made away with $566 million in BNB.
Hackers tricked the smart contracts and conjured tokens out of thin air by using artificial withdrawal proofs. No Binance or BSC chain users lost their funds though, as tokens were generated, not stolen from the liquidity pools.
Despite the large number of tokens stolen, the malicious actors were not so lucky with cashing them out. Binance CEO Changpeng “CZ” Zhao said that BSC chain validators froze the network after the attack and halted token transfers. While validators prevented around 80-90% of tokens from going over to hackers, they still managed to move about $100 million to other chains.
Ronin exploit
Back in March, hackers exploited Ronin, an Axie Infinity sidechain, and stole around $552 million in Ethereum and USDC. The fascinating fact about this exploit is that it was discovered and disclosed only a week later by Axie Infinity developer Sky Mavis – by that time, the value of assets rose to $622 million.
The exploit was simple enough – hackers used social engineering to get backdoor access to signing keys and forged transactions to claim the funds. Hackers also wanted to gain even more from the attack by shorting the market – but they got liquidated as the news broke down only a week later.
Wormhole exploit
Another bridge was exploited back in February 2022 – Wormhole lost around $325 million in assets. When it comes to bridges, users lock tokens on one chain and mint their counterpart on another chain – which brings additional security issues. In the case of Wormhole, hackers targeted Solana’s side of the bridge and spoofed security signatures to mint 120,000 wETH worth around $325 million at a time – out of thin air. After minting the tokens, the hacker swapped them to actual ETH on the Ethereum network, draining Wormhole out of assets.
Due to the incident, all of the bridge operations were halted, with the community worried whether it would be able to recover and continue working. To everyone’s surprise, a few days after the exploit Jump Crypto, a trading and venture capital firm that incubated Wormhole, replenished the stolen 120,000 ETH from its own funds to reopen the bridge operations and sustain it.