Browse Definitions :

Getty Images/iStockphoto

Top 9 cryptocurrency hacks of 2022

Top 9 cryptocurrency hacks of 2022

2022 was a record-breaking year for cryptocurrency attacks. Several of these cryptocurrency hacks occurred on the cross-chain exchange bridges.

Cross-chain bridges are protocols that let users move their cryptocurrency from one blockchain to another, typically by locking the user's cryptocurrency into a smart contract. Then the equivalent assets are minted on the second chain.

Cryptocurrency scams were up in 2022. A total of $3.1 billion was stolen by bad actors in 2022, and DeFi protocols accounted for 82.1% of the stolen cryptocurrency, according to a report from Chainalysis. The report also said a majority of these attacks were from North Korea cybercrime groups, such as the Lazarus Group, which stole more than $1.7 billion.

Here is a breakdown of some of the largest attacks in 2022. Losses are calculated based on the cryptocurrency value at the time of the attack.

1. Axie Infinity's Ronin Network

Ronin Network is a blockchain that supports the video game Axie Infinity, which is nonfungible token-based (NFT). In March 2022, bad actors attacked the nodes, which are computers used to process network transactions.

Bad actors used compromised private keys for fake withdrawals and drained 173,600 Ether and 25.5 USD Coin worth $625 million in two transactions. The Ronin sidechain -- a parallel blockchain off the main blockchain -- requires five signatures from authorized private keys for withdrawals. However, the bad actors gained control over all five of those private keys to complete these transactions.

The attack wasn't discovered until a user was unable to withdraw money and filed a report. The U.S. Treasury Department said this was the work of the North Korean hacking group Lazarus Group.

Learn how to avoid NFT scams.

Loss: $625 million

2. FTX

The FTX scam rocked the cryptocurrency world in November 2022. In addition to the collapse of the exchange, FTX wallets were drained of $415 million after CEO Sam Bankman-Fried filed bankruptcy. The money was moved, converted into different cryptocurrencies and never recovered.

FTX stored private keys in wallets that were unencrypted. Due to these poor security measures, it was easy to access the private keys in the wallet. The bad actor's identity is still unknown, but Bankman-Fried said it could be a former employee who stole the private keys.

Loss: $415 million

3. Wormhole

In February 2022, a threat actor found a vulnerability in cryptocurrency platform Wormhole, which is a bridge that lets users move cryptocurrencies and NFTs between various blockchains such as Ethereum, Solana, BNB Chain, Polygon, Oasis and Terra. The attacker found a fault in the code, enabling them to mint 120,000 wrapped ether tokens, which are on Solana blockchain. The hacker then redeemed these fraudulent tokens for ether on Ethereum and altcoins on Solana.

This equaled around $320 million at the time of theft. Unlike when other tokens are mined, the bad actor was able to create these tokens without the necessary collateral needed in a proof of stake.

Loss: $320 million

4. Nomad Bridge

In August 2022, Nomad -- another cross-chain bridge -- had $190 million drained. This exploit was different because it involved hundreds of addresses and not a single bad actor attack or group entity.

Due to a faulty smart contract, Nomad developers created an unsecure trusted root address in a generic form. This function meant anyone could withdraw funds from the bridge and bypass security through the contract check. Multiple users copied the original attacker's trusted address to funnel funds to their addresses.

More than 300 addresses gathered money through this exploit. Some of the addresses were ethical hackers, and they returned $22 million.

Loss: $190 million

5. Beanstalk Farms

Beanstalk Farms was attacked in April 2022 with a large governance hack, which is a method to manipulate the decentralized governance structure to change rules on the blockchain. Beanstalk Farms runs on Ethereum-based stablecoin protocol. A bad actor found a security loophole in Beanstalk's decision-making stablecoin project area. Stablecoins are tokens with values that don't fluctuate up and down -- their value stays stable.

The attacker used a flash loan attack to accumulate large amounts of Beanstalk's token, STALK. The attacker then used these tokens to propose and pass their own proposals, asking the community to send cryptocurrency assets to the hacker's address, including asking for money to donate to Ukraine. On Beanstalk, users can submit proposals and get them passed with majority votes from holders of Beanstalk's governance.

The attacker was able to get away with about $80 million in cryptocurrency assets. However, the effects of this attack caused the BEAN stablecoin to collapse and cost Beanstalk $182 million in protocol losses.

Loss: $182 million

6. Wintermute

Wintermute is a United Kingdom cryptocurrency market maker. In September 2022, its DeFi operations were hacked due to a smart contract vulnerability. A compromised private key was used to attack the platform.

There is also speculation that the threat actor used a Profanity tool, which generates cryptocurrency vanity wallet addresses used on the blockchain. Vanity wallets are customer addresses with a string of characters to identify a user's identity. The bad actor found a defect in the algorithm and was able to directly attack compromised private keys of users.

Loss: $162 million

7. Mango Markets

In October 2022, Mango Markets wasn't hit by an attack but rather a pump and dump scheme that exploited users through market manipulation. The threat actor -- identified as Avraham Eisenberg -- was arrested for the scam and admitted his involvement. First, Eisenberg bought millions of Mango tokens to deposit as collateral.

Next, he drove up the price of the Mango tokens by using two addresses. To do this, he sold large amounts of Mango tokens and used a separate account to purchase them. Eisenberg used the Mango token for large purchases to drive up the value.

With the increased collateral value, Eisenberg borrowed $116 million in cryptocurrency assets with no plans to repay the loan. Eventually, authorities were able to track the attack to Eisenberg, who admitted his involvement.

Loss: $116 million

8. Harmony Horizon

Harmony Horizon is a cross-chain bridge that connects multiple blockchains to exchange coins, including Ethereum and Binance Smart Chain. In June 2022, a bad actor stole around $100 million after compromising private keys authorized to the administrators that control the bridge. The attacker had access to two private keys and was able to approve these unauthorized transfers.

The attacker may have gotten access to those private keys through a phishing attack. Lazarus Group has also been tied to this attack.

Loss: $100 million

9. Binance Smart Chain

In October2022, threat actors found a loophole in Binance's cryptographic proof system and gained access to about $550 million worth of BNB tokens.

The exploit happened due to a vulnerability in the smart contract that let threat actors forge transactions and send the tokens to their accounts without the necessary approval.

The threat actors were unable to pocket all these tokens, as Binance CEO Changpeng Zhao said they caught the hack and prevented 80%-90% of the transfers from going to them. The chain network stopped this transfer by freezing the network. However, the bad actors did manage to get $100 million in funds to other chains before the network froze, and no Binance customers lost money.

Loss: $100 million

Next Steps

Top blockchain attacks, hacks and security issues explained

Worldcoin explained: Everything you need to know

Dig Deeper on Security

  • local area network (LAN)

    A local area network (LAN) is a group of computers and peripheral devices that are connected together within a distinct ...

  • TCP/IP

    TCP/IP stands for Transmission Control Protocol/Internet Protocol and is a suite of communication protocols used to interconnect ...

  • firewall as a service (FWaaS)

    Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis ...

  • identity management (ID management)

    Identity management (ID management) is the organizational process for ensuring individuals have the appropriate access to ...

  • fraud detection

    Fraud detection is a set of activities undertaken to prevent money or property from being obtained through false pretenses.

  • single sign-on (SSO)

    Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for ...

  • IT budget

    IT budget is the amount of money spent on an organization's information technology systems and services. It includes compensation...

  • project scope

    Project scope is the part of project planning that involves determining and documenting a list of specific project goals, ...

  • core competencies

    For any organization, its core competencies refer to the capabilities, knowledge, skills and resources that constitute its '...

  • recruitment management system (RMS)

    A recruitment management system (RMS) is a set of tools designed to manage the employee recruiting and hiring process. It might ...

  • core HR (core human resources)

    Core HR (core human resources) is an umbrella term that refers to the basic tasks and functions of an HR department as it manages...

  • HR service delivery

    HR service delivery is a term used to explain how an organization's human resources department offers services to and interacts ...

Customer Experience
  • martech (marketing technology)

    Martech (marketing technology) refers to the integration of software tools, platforms, and applications designed to streamline ...

  • transactional marketing

    Transactional marketing is a business strategy that focuses on single, point-of-sale transactions.

  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...