What shall we call the year 2022 for crypto enthusiasts? Bearish year, dipping year, or crypto hacking year! Chainalysis, a company that analyses blockchains, said in October that 2022 would be “the biggest year ever” in terms of how many crypto projects would be attacked and lose money. It sure felt that way.
In addition to the bearish markets, the following crypto hacks made life more difficult for many crypto enthusiasts. The dip was dipping, and the hacking was hacking. Just the hacks mentioned here cost a whopping $2.2 billion, and they’re only a small part of all the hacks that happened in 2022.
This year’s lack of security has made a tough bear market even worse for many people. Chainalysis tells Decrypt that a wrap-up report will have a full report of the year next year. (The numbers in this piece show how much the money was worth at the time of the event.)
1. Binance (Binance Smart Chain): $566 million
On October 6, hackers broke into a blockchain linked to the world’s largest cryptocurrency exchange and stole $566 million in BNB.
The cross-chain bridge, BSC Token Hub, was the target of the attack. Using fake withdrawal proofs, hackers basically made tokens appear out of thin air. In this attack, though, no one who used Binance or its blockchain lost money.
Even though a lot of tokens were stolen, the thieves didn’t get all of them. Binance CEO Changpeng Zhao said that they were able to stop the hacker from getting about 80% to 90% of the funds he was after.
After the attack, the BSC chain validators shut down the network. However, hackers were able to move around $100 million to other chains.
2.FTX: $650 million
It was the biggest crypto event and possibly the biggest news story of 2022: the very popular digital asset exchange FTX crashed in a spectacular way, losing billions of dollars.
It filed for Chapter 11 bankruptcy on November 12, but that wasn’t the end of its problems. The next day, a mysterious attack hit the celebrity-backed exchange.
Around $640 million worth of tokens were taken from several wallets that were said to belong to FTX. The money was then sent to different exchanges and changed into different types of cryptocurrencies.
And it’s still not clear who took the money and property. James Bromley, a lawyer for FTX’s new management, said at the first court hearing for the collapsed exchange that a “substantial amount” of the exchange’s assets are missing or have been stolen.
- Wormhole: $326 million
In February, a bug was found in the popular bridge, Wormhole. To make tokens, hackers went after its leg on Solana, where users must first lock Ethereum into a smart contract to get an equal amount of WETH. To be exact, 120,000 WETH tokens That was worth $326 million at the time.
WETH is a token that is worth the same amount as Ethereum. This makes it easy to move money around in the DEFI world.
Wormhole’s parent company, Jump Trading, is a big part of the Solana ecosystem and was able to save the day by replacing the stolen items and getting the bridge back up and running.
- Nomad: $190 million
In August, another bridge was hit. Nomad lets users move digital assets between different blockchains. Hackers took advantage of a bug in the upgrade to steal all of Nomad’s funds, which were held in Ethereum, USDC, DAI, FXS, and CQT.
After the people behind the protocol offered a 10% reward to hackers who returned the tokens without using law enforcement, funds started to trickle back in.
About $22 million was recovered, but the attack caused the FBI to warn investors that cybercriminals were looking at vulnerable DeFi platforms like never before.
- Ronin: $552 million
In March, hackers broke into Ronin, a sidechain for the popular NFT game Axie Infinity, and stole about $552 million worth of Ethereum and USDC. When Axie Infinity developer Sky Mavis told the world about the bug a week later, the stolen money was worth $622 million.
What did they do? By forging transactions and claiming the money with “hacked private keys.”
As is common with hacks, the money was quickly laundered. Around $7 million in Ethereum was sent to a service that mixes different types of cryptocurrency (now banned by the U.S. government).
Later, the U.S. Treasury found wallet addresses that were said to be linked to North Korea’s Lazarus hacking group.
