Crypto Thieves Made Off With $4.3B in 2022: Top Hacks of the Year

From Axie to Wintermute, 2022 was the biggest year yet for crypto hacks

by Casey Wagner /
article-image

solarseven/Shutterstock.com modified by Blockworks

share

Topping off an already tumultuous year for cryptocurrency prices and company blowups, 2022 was a record year for crypto hacks. 

From January 2022 to November 2022, hackers made off with $4.3 billion of cryptocurrency, up 37% from the same period in 2021, according to data from cybersecurity firm Privacy Affairs. Analysts at Solidus Labs estimate bad actors are launching up to 15 crypto-related scams per hour. 

We’ve rounded up the top hacks of the year — so far. 

Axie Infinity’s Ronin Network — $625 million 

Coming in at the biggest breach of the year, hackers made off with more than $600 million from Ronin Network, an Ethereum-linked sidechain used for blockchain game Axie Infinity in March. Exploiters, the network said, used hacked private keys to forge withdrawals on March 23. The breach wasn’t discovered until almost a week later, when a user was unable to withdraw 5,000 ETH.

Later, Sky Mavis, the company that built the bridge, acknowledged that it may have sacrificed security for speed when developing the bridge. Sky Mavis then announced a $150 million raise, led by Binance, to reimburse affected users. Other contributors to the round included Paradigm, Animoca Brands, Dialectic, Accel and Andreesen Horowitz.

Wormhole Bridge — $320 million 

In February, hackers targeted Wormhole, one of the largest cross-chain bridges between Solana and other blockchains. The bad actors exploited a vulnerability in Wormhole’s validation system, allowing them to make off with fraudulently generated wrapped ether. 

Hackers then used the chain to convert the wrapped ether into ether. Wormhole parent company Jump Crypto later replaced all 120,000 ether the bridge lost. 

Nomad Bridge — $190 million 

In August, DeFi bridge Nomad lost $190 million in a hack that involved 960 transactions and 1,175 individual withdrawals. Users were able to exploit a bug in the protocol that allowed them to withdraw more than they had deposited. 

It is thought that once news of the bug spread, users rushed to exploit it themselves, resulting in a free-for-all involving onlookers rushing to submit illicit transactions, quickly draining the token bridge of all user funds kept inside its associated smart contract.

White hat hackers later returned at least $32 million to a recovery wallet address, Nomad said. The wallet was set up in association with custodian bank, Anchorage Digital. 

Beanstalk Farms — $182 million 

Ethereum-based stablecoin protocol Beanstalk lost $182 million in April when a hacker used a flash loan to buy a majority position in STALK, the protocol’s native governance token. The hacker then proposed a massive transfer of funds and approved it using their own majority vote. 

Nearly four months after the breach, the algorithmic stablecoin protocol relaunched. Beanstalk Farms said it “unpaused” its services on the one-year anniversary of its original August 2021 launch.

Wintermute — $160 million 

In September, Liquidity provider Wintermute, which provides liquidity across most CeFi and DeFi exchanges, said it lost $160 million in a security breach. Wintermute is among the largest crypto liquidity providers, conducting market making services for exchanges including Binance and Coinbase.

There is speculation that the hack was an inside job, but no cause or perpetrator has been confirmed.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Tags

Upcoming Events

Permissionless III

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

learn more

recent research

Research report HL cover.jpg

Research

Hyperliquid Deep Dive: The Future of Perp DEXs

It's increasingly apparent that orderbooks represent the most efficient model for perpetual trading, with the primary obstacle being that the most popular blockchains are ill-suited for hosting a fully onchain orderbook. Hyperliquid is a perpetual trading protocol built on its own L1 that aims to replicate the user experience of centralized exchanges while offering a fully onchain orderbook.

by Carolina

/

news

article-image

Web3

Empire Newsletter: Unpacking the Consensys legal salvo

Consensys filed a lawsuit against the SEC in a Texas court on Thursday

by Michael McSweeney&Casey Wagner&David Canellis&Katherine Ross /
article-image

Business

A bitcoin mining giant is ahead of schedule on its post-halving expansion

Marathon Digital’s hash rate target of 50 EH/s by the end of 2025 may be achieved a year sooner than expected, CEO says

by Ben Strack /
article-image

DeFi

Algorand courts Python devs in ‘seismic change’

The Algorand Foundation touts the network as first to go after pool of 10 million global developers

by Macauley Peterson /
article-image

DeFi

MapMetrics ditches Solana blockchain for peaq

Drive-to-earn DePIN project MapMetrics will slowly transition to the peaq blockchain

by Bessie Liu /
article-image

Policy

SEC seeks to regulate ETH as a security, Consensys alleges in lawsuit

The suit, filed in a Texas court, alleges a regulatory overreach by the SEC

by Katherine Ross /
article-image

Business

Stripe to bring back crypto payments in the next few months

This is the first crypto-centric announcement from Stripe since May of last year

by Katherine Ross /