As we are fast approaching 2023 and the new year. It is a commonplace to take a look at the year that is coming to an end. And I thought why not combine that with a top 10 list, as they are always in fashion. So with little ado and minimal fanfare, I percent to you the top 10 biggest hacks in 2022.
10: Beanstalk Farms exploit — April 18
This one was a total of $76 million that got had from the stablecoin protocol. The hackers took out flash loans, bought governance tokens, and put to vote two proposals that if passed would insert malicious smart contracts right into the heart of the farm. And with the hackers having a ton of governance tokens, you guessed it. The votes passed. And the gates to the farm were left wide open.
9: Rari Fuse exploit — April 30
In this hack, they got away with $79.3 million by tampering with the smart contracts. And in a sense pulling the plug of all the liquidity pools draining them of all the crypto.
This one tho have a silver lining for the affected users at least. In September, Tribe DAO, which includes Rari Capital, voted to reimburse users affected by the hack. Which is a nice thing and a good way to own the problem or mistake. Big thumbs up to them.
8: Qubit Finance bridge exploit — January 28
Qubit, not to be confused with the short-lived streaming platform named Quibi, is a different mess but both are messes. Qubit got had for over $80 million in $BNB stolen at the beginning of the year in a bridge exploit. In a sense they tricked the bridge into believing there were assets on one side, allowing them to get assets on the other side. But to no-ones surprise, there were no backed assets on the other side of the bridge. At least in this post, I hope you’re not surprised this is the case. They were able to do this magic trick if you will totaling $80 million. That is one big trick.
7: Harmony bridge hack — June 24
Another wobbly bridge, this time it got had for $100 million. This bridge like the Ethereum, Bitcoin, and BNB to Harmony’s layer 1 blockchain. And as the saying goes, too many chefs in the kitchen, jokes aside. The hackers apparently targeted employee logins and used that way to gain entry to the system and compromise it. This is the first hack on the list that is attributed to the Lazarus Group, aka the north Korean hackers working out of China.
6: BNB Chain bridge exploit — October 6
The blockchain was halted due to “irregular activity”. And the irregularity this time was some hackers using an explosion in a cross-chain bridge to mint around 2 million $BNB, totaling around $600 million. But due to the halting of the blockchain, they were only able to get just over $100 million back over to their side of the bridge. The rest were frozen due to the halting of the BNB blockchain.
5: Wintermute hack — September 20
UK-based market-maker got their hot wallet compromise and this led to roughly $160 million in 70 different tokens being transferred out of the wallet. This hack has some controversy connected to it. While blockchain cybersecurity firm CertiK points to a vulnerable private key that was targeted and attacked. The app Profanity was most likely used, and it has a known exploit. But some claim it was all an inside job as the private key was used.
4: Nomad token bridge exploit — August 2
A smart contract vulnerability allowed the hackers to get away with around $190 million this time. The vulnerability apparently failed to be able to properly validate transaction inputs was the culprit that allowed this mess to happen. But what sets it apart was that there were a lot of copycats that were partaking and copying the original attack. Analyses show that among the wallets taking part in the attacks a whopping 88% of them were copycats. Meaning that if people think they can get away with it anything appears to be fair game in the crypto space.
A little silver lining however is that white hats were able to intercept and return around $32.6 million to the Nomad protocol.
3: Wormhole bridge exploit — February 2
Again an exploit allowed a user to take advantage of a flaw and allowed them to mint 120.000 $wETH on the Solana blockchain. They were where then able to swap these unbacked $wETH for $ETH. This totaled $321 million. Not much more to say on this one.
2: FTX wallet hack — November 11 and 12
This “hack” took place a few days after the crypto exchange FTX had stopped withdrawals. And it was a series of unauthorized transactions that took place. It is believed the hacker was able to move $477 million off the platform. SBF who resigned on November 11 said in an interview a few days later “either an ex-employee or somewhere someone installed malware on an ex-employee’s computer”. He had apparently narrowed it down to eight people before he was “shut out” from the system.
What I do know is that SBF, even after he resigned as CEO, apparently had access to the FTX system as he later printed $100 million in new tokens at the behest of the Bahamian authorities. So being shut out, well I think there is a big glaring hole in that statement. Not to mention the confirmed presence of backdoors in the system. I will leave it at that.
1: Ronin bridge hack — March 23
This is the second entry that has been confirmed to be from the Lazarus Group. Our favorite North Korean hackers. This time they had seen the Wormhole bridge exploit and thought they can do better. And better they did. Getting away with a whopping 173,600 ETH and 25.5 million USD Coin. Totaling $612 million.
The Ronin bridge was designed to allow players of Axie Infinity to be able to transfer funds back and forth from the Ethereum chain to the Ronin side chain.
This hack not only holds first place for 2022, but it holds first place for all-time biggest hack. And the total haul for the hackers in 2022 came to a staggering $2.1 billion.
I will leave you with my thoughts on this list. I think there is one big glaring thing that is pretty obvious after reading this. And I hope that this is not a shock to you if you made it this far. 6 out of the 10 hacks were bridge exploits. This I would take to mean that all bridges basically should have a big warning sign on them.
And I think it is a problem that is found throughout crypto. And that is the lack of accountability. Apparently, the people who are building bridges suck at doing it. And I am talking sucking goofballs through gardenhose’s level of sucking. They might be very good or great at doing other things. But the crappy rickety bridges they keep making needs to stop.
They make a rickety bridge, making it out to be the next best thing since the Golden Gate. But then just shrugs when it all comes crashing down. Calling an audible “opsi, we did not know you needed to secure both ends”. And then the users are left holding the bags and paying the cost of the opsi. Again and again. But when is it the people who made the rickety bridge fault it comes crashing down? When will they be held accountable for their crappy building?
I hope that my rant at the end did not detract from this look at the past year of hacks. What are your thoughts on the hacks, did I miss any big ones? Or do you feel safe using the crypto bridges? Please share your thoughts in the comment section down below. If you would like to support me and the content I make, please consider following me, reading my other posts, or why not do both instead.
See you on the interwebs!
Picture provided by: https://pixabay.com/
Check out our new platform 👉 https://thecapital.io/
A look at the top 10 hacks of 2022 was originally published in The Capital on Medium, where people are continuing the conversation by highlighting and responding to this story.
Post fetched from this article