Crypto Thieves Made Off With $4.3B in 2022: Top Hacks of the Year

From Axie to Wintermute, 2022 was the biggest year yet for crypto hacks

by Casey Wagner /
article-image

solarseven/Shutterstock.com modified by Blockworks

share

Topping off an already tumultuous year for cryptocurrency prices and company blowups, 2022 was a record year for crypto hacks. 

From January 2022 to November 2022, hackers made off with $4.3 billion of cryptocurrency, up 37% from the same period in 2021, according to data from cybersecurity firm Privacy Affairs. Analysts at Solidus Labs estimate bad actors are launching up to 15 crypto-related scams per hour. 

We’ve rounded up the top hacks of the year — so far. 

Axie Infinity’s Ronin Network — $625 million 

Coming in at the biggest breach of the year, hackers made off with more than $600 million from Ronin Network, an Ethereum-linked sidechain used for blockchain game Axie Infinity in March. Exploiters, the network said, used hacked private keys to forge withdrawals on March 23. The breach wasn’t discovered until almost a week later, when a user was unable to withdraw 5,000 ETH.

Newsletter

Subscribe to Blockworks Daily

Later, Sky Mavis, the company that built the bridge, acknowledged that it may have sacrificed security for speed when developing the bridge. Sky Mavis then announced a $150 million raise, led by Binance, to reimburse affected users. Other contributors to the round included Paradigm, Animoca Brands, Dialectic, Accel and Andreesen Horowitz.

Wormhole Bridge — $320 million 

In February, hackers targeted Wormhole, one of the largest cross-chain bridges between Solana and other blockchains. The bad actors exploited a vulnerability in Wormhole’s validation system, allowing them to make off with fraudulently generated wrapped ether. 

Hackers then used the chain to convert the wrapped ether into ether. Wormhole parent company Jump Crypto later replaced all 120,000 ether the bridge lost. 

Nomad Bridge — $190 million 

In August, DeFi bridge Nomad lost $190 million in a hack that involved 960 transactions and 1,175 individual withdrawals. Users were able to exploit a bug in the protocol that allowed them to withdraw more than they had deposited. 

It is thought that once news of the bug spread, users rushed to exploit it themselves, resulting in a free-for-all involving onlookers rushing to submit illicit transactions, quickly draining the token bridge of all user funds kept inside its associated smart contract.

White hat hackers later returned at least $32 million to a recovery wallet address, Nomad said. The wallet was set up in association with custodian bank, Anchorage Digital. 

Beanstalk Farms — $182 million 

Ethereum-based stablecoin protocol Beanstalk lost $182 million in April when a hacker used a flash loan to buy a majority position in STALK, the protocol’s native governance token. The hacker then proposed a massive transfer of funds and approved it using their own majority vote. 

Nearly four months after the breach, the algorithmic stablecoin protocol relaunched. Beanstalk Farms said it “unpaused” its services on the one-year anniversary of its original August 2021 launch.

Wintermute — $160 million 

In September, Liquidity provider Wintermute, which provides liquidity across most CeFi and DeFi exchanges, said it lost $160 million in a security breach. Wintermute is among the largest crypto liquidity providers, conducting market making services for exchanges including Binance and Coinbase.

There is speculation that the hack was an inside job, but no cause or perpetrator has been confirmed.

Get the news in your inbox. Explore Blockworks newsletters:

  • Blockworks Daily: The newsletter that helps thousands of investors understand crypto and the markets, by Byron Gilliam.
  • Empire: Start your morning with the top news and analysis to inform your day in crypto.
  • Forward Guidance: Reporting and analysis on the growing intersection of crypto and macroeconomics, policy and finance.
  • 0xResearch: Alpha directly in your inbox. Market highlights, data, degen trade ideas, governance updates, token performance and more.
  • Lightspeed: Built for Solana investors, developers and community members. The latest from one of crypto’s hottest networks.
  • The Drop: For crypto collectors and traders, covering apps, games, memes and more.
  • Supply Shock: Tracking Bitcoin’s rise from internet plaything worth less than a penny to global phenomenon disrupting money as we know it.
Tags

Upcoming Events

Permissionless IV

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

buy ticketslearn more

Digital Asset Summit 2025

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

Research Report Templates.jpg

Research

Evaluating Bluefin’s Precarious Market Position

Bluefin possibly stands at an inflection point. The token is near an all-time low yet the protocol’s spot volume market share and derivatives exchange usage have been increasing month over month since its November launch. Given its current market position and the upcoming upgrades (for both Bluefin and SUI), there may be upside potential before the increased supply growth in December. However, strong opposition from existing competitors (like Cetus and Suilend), as well as new entrants (like Aftermath), pose key challenges to Bluefin’s medium-term success.

by Marc-Thomas Arjoon, CFA

/

news

article-image

Policy

Trump’s SEC pick grilled on past agency actions, conflicts of interest 

Top Committee Democrat Sen. Elizabeth Warren in her opening statement accused Atkins of “helping billionaire CEOs like Sam Bankman-Fried”

by Casey Wagner /
article-image

0xResearch NewsletterDeFi

COTI launches V2 mainnet: A new era of privacy-focused L2 solutions

Introducing garbled circuits for enhanced privacy and regulatory compliance

by Donovan Choy /
article-image

AnalysisSupply Shock

How Silk Road carved the fault line that separates ‘bitcoin’ and ‘crypto’

Ross Ulbricht was a freedom maximalist building freedom tech, powered by Bitcoin

by David Canellis&Pete Rizzo /
article-image

DeFiLightspeed Newsletter

Solana startups spin up validators for revenue and ‘soft power’

Solana validators can reap benefits including payments, votes and community clout

by Jack Kubinec /
article-image

Sponsored

WCT’s Role in the Onchain Economy

WalletConnect is cementing itself as the essential connectivity layer, ensuring wallets remain the entry point for billions of users

article-image

Business

Galaxy to pay $200M to New York over alleged LUNA manipulation

According to a legal filing, Galaxy Digital helped boost the price of LUNA while quietly selling its tokens

by Katherine Ross /