Despite prices of cryptocurrencies crashing this year, digital currencies continue to remain cash vending machines for hackers. Investors have lost over $3 billion to hackers across 125 hacks in 2022 so far, which is likely to surpass 2021 as the biggest year for hacking on record, according to blockchain analytics company Chainalysis.
October is now the biggest month in the biggest year ever for hacking activity, with more than half the month still to go, the firm said. So far this month, $718 million has been stolen from DeFi protocols across 11 different hacks.
Moneycontrol lists the top 10 hacks this year intended to cripple the DeFi industry.
Ronin Network lost $620 million
In March, more than $620 million in ETH and USDC were stolen from Ronin Network, the Ethereum-based side chain for the cryptocurrency game Axie Infinity. In two transactions from the Ronin bridge contract, the attacker used compromised private keys to fabricate phoney withdrawals.
One user's failure to withdraw 5,000 Ether a week later led to the discovery of the exploit, which took place on March 23. The hacker made off with 173,600 ETH and 25.5 million USDC. The heist is considered to be the biggest DeFi hack on Ronin Network.
Wormhole Bridge: $320 million in losses
A hacker stole around $320 million in wrapped ETH from the Wormhole protocol on February 2. This protocol connects Solana, Ethereum, Avalanche, and other major cross-chain crypto networks.
To mint wrapped ETH, a form of cryptocurrency whose value is tied to that of Ethereum, wormhole users need to stake Ethereum.
The vulnerability was attributed by analytics company Elliptic to Wormhole's disregard for "guardian" account validity enabling the attacker to create 120,000 ETH without any underlying Ethereum.
The hacker then converted 93,750 wETH into Ethereum and the remaining funds into Solana. At the time, the loss had a total cost of nearly $320 million.
Nomad Bridge: $190 million gone
On August 2, hackers broke into Nomad, a programme that enables users to exchange tokens from one blockchain to another, and stole around $190 million in Bitcoin.
The change to Nomad's code signalled the start of the attack. Each time a user completed a transaction, a portion of the smart contract was recorded as being in effect.
This made it possible for malicious users to withdraw more money than they had really deposited. Hackers kept going until $190 million worth of cryptocurrency was removed from the bridge.
Until it was too late, Nomad was unaware.
Beanstalk Farms: $182 million in losses
A DeFi network called Beanstalk Farms, which intended to balance the supply and demand of various cryptocurrencies, was attacked in April and $182 million worth of cryptocurrencies was stolen.
According to PeckShield, the attacker took advantage of the majority vote governance structure in Beanstalk and voted to transfer $182 million. The attacker acquired a majority interest in the protocol using a flash loan, although the corporation estimated that their actual profit was just around $80 million.
Wintermute: $160 million lost
Hackers have recently targeted the DeFi protocol Wintermute, stealing $160 million from the platform's decentralised financial area. CEO Evgeny Gaevoy said that a serious flaw in Profanity, an Ethereum vanity address generator, was to blame for the breach.
He said that Wintermute never used the tool for "vanity," but rather to build an exclusive address in order to save transaction expenses. This specific assault appears to be the result of human mistake.
Elrond: $113 million stolen
Elrond egold (EGLD), the native token of the Elrond blockchain, was taken in June when hackers took advantage of a flaw in the decentralised exchange Maiar to steal around 1.65 million of it. According to researchers, the attacker exploited three wallets and a smart contract to steal EGLD worth an estimated $113 million from the exchange.
About 800,000 coins were sold by the hackers right away for $54 million on the same DEX, while the remaining tokens were either sold on controlled exchanges or exchanged for Ethereum.
Horizon Bridge: $100 million heist
Days after the Elrond vulnerability, hackers launched another attack on the Horizon Bridge on June 23 costing close to $100 million. A cross-chain interoperability platform called Horizon connects the Harmony, Binance Smart Chain, and Ethereum blockchain networks. PeckShield disclosed that numerous tokens totalling more than $98 million were traded for ether on the Harmony-managed platform. The impacted user wallets were over 50,000. Later, the hackers transferred $35 million via Tornado Cash.
Binance Bridge Hack: $100 million cryptos stolen
An attack on a cross-chain bridge that stole almost $100 million in digital assets was discovered by BNB Chain, a blockchain connected to the Binance cryptocurrency exchange. After learning of a bug impacting the BSC Token Hub cross-chain bridge, the Binance blockchain, also known as BNB Chain and Binance Smart Chain, took the unusual step of stopping transactions and fund transfers. These bridges are intended to make it easier to move assets between different independent blockchains. Due to a bug in the BSC Token Hub Bridge, the attacker was able to spoof messages and create new BNB tokens. No user money was impacted since the stolen tokens were not already-existing tokens that had been removed from wallets.
Mango Markets: $100 million lost to hack
Mango Markets lost $100 million as a result of a vulnerability in the second $100 million DeFi attack that happened last week. According to Mango Markets, a hacker was able to drain cash from Mango by manipulating Oracle prices.
The attacker temporarily increased the value of their collateral, according to the blockchain auditing website OtterSec, and then drew out loans from the Mango treasury. Mango Markets is a Solana-based platform for spot margin and perpetual futures trading of digital assets on the Solana blockchain. Mango DAO is in charge of Mango Markets.
Qubit Finance: $80 million stolen by hackers
On January 28, the DeFi protocol reported it had been attacked and that 206,809 Binance Coins (BNB) had been taken from its QBridge protocol as a result. The tokens had a total market value of $80 million.
Security firm Certik claims that the attacker created 77,162 qXETH, a type of crypto used to symbolise Ethereum bridged via Qubit, by utilising a deposit option in the QBridge contract.
The bad actor fooled the platform into believing they had made a deposit. Once the procedure had been carried out enough times, they traded the assets for BNB and disappeared.