The Nine Largest Crypto Hacks in 2022

Already nearly $2 billion, the value of cryptoassets lost to software exploits this year is likely to exceed 2021

by Jack Kubinec /
article-image

Blockworks exclusive art by axel Rangel

share

key takeaways

  • Single lines of ill-conceived code gave hackers access to cryptoassets worth hundreds of millions of dollars
  • Most of the hacked companies are continuing operations after undergoing audits or upgrading their security

Hackers exploited a software bug in the Web3 music platform Audius to make off with $1.1 million on Saturday, but the funds are a drop in the nearly-$2 billion dollar bucket of funds lost to hacks through the first half of 2022, according to Blockchain security firm Beosin.

The fiat value of hacked assets are on pace to top the $3.2 billion lost in 2021, according to crypto security firm Chainalysis, even amid a drastic slide in cryptocurrency valuations. Blockworks compiled some of the year’s largest crypto hacks to see what went wrong and how protocols fared after being hacked.

  • Crypto.com, January 17, $35 million
    • In late January, a hacker managed to disable two-factor authentication on the crypto exchange Crypto.com and extract bitcoin and ether from customer accounts. CEO Kris Marszalek initially denied customer funds were lost before acknowledging the hack days later. The company said it is transitioning to “multi-factor authentication” in response to the exploit.
  • Qubit QBridge Hack, January 27, $80 million
  • Wormhole, February 2, $325 million
    • A hacker exploited smart contracts on the Solana-to-Ethereum bridge to mint and cash out on wrapped ether without depositing collateral. Jump Crypto, the venture capital firm behind Wormhole, replenished the stolen funds to keep Solana-based platforms affected by the hack solvent. Wormhole renamed its bridge Portal and currently holds over $480 million, according to crypto data firm DeFi Llama. 
  • IRA Financial Trust, February 8, $37 million
    • The crypto-focused retirement and pension platform was pilfered when hackers accessed a “master key” that bypassed all security measures to customer accounts. IRA Financial Trust has since sued Gemini, the crypto exchange where customer funds were stored, for alleged negligence leading to the hack.
  • Cashio, March 22, $52 million
    • A string of fake accounts used an “infinite mint glitch” to put up worthless collateral for Cashio’s CASH stablecoin. The coin’s peg cratered to zero and has not recovered, according to data from CoinGecko.
  • Axie Infinity Ronin Bridge, March 28, $625 million
  • Beanstalk, April 17, $182 million
    • A hacker used a “flash loan,” where funds are borrowed and repaid in the same transaction, to accumulate enough assets to control the stablecoin’s governance protocol. The hacker passed a proposal donating funds to Ukraine before making off with the collateral. Developers paused the protocol while undergoing audits and raising funds, but plan to reopen deposits in early August.
  • Fei Protocol, April 30, $80 million
    • A “reentrancy” bug in the lending protocol’s code allowed a hacker to take out a loan while also withdrawing the collateral put up on the loan. Fei users passed a proposal to make investors whole through “the DAO repaying the bad debt on behalf of the hacker.” The Fei stablecoin remains at its dollar peg, per CoinGecko.
  • Harmony Bridge, June 23, $100 million

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Tags

Upcoming Events

Permissionless III

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

learn more

recent research

Avail.jpg

Research

Avail: A Unification of Crypto Infrastructure

Data publishing costs have historically been a bottleneck for rollups, and as more rollups launch, interoperability will continue to be a major challenge. Avail presents a potential solution to rollup fragmentation through its three products: Avail DA, Nexus, and Fusion, which together aim to unify the web3 experience.

by Ren Yu Kong

/

news

article-image

Finance

With halving just hours away, bitcoin price predictions proliferate 

Short-term “sell the news” reactions could follow new BTC price peaks months from now, industry watchers say — but only if history repeats itself

by Ben Strack /
article-image

Business

As crypto fundraising sees an uptick, where’s the capital set to go?

While crypto fundraising remains well off its bull market highs, Q1 data shows capital is returning to the space

by Katherine Ross&Ben Strack /
article-image

DeFi

Bitcoin Runes look to spice up the halving party

Billed as a better BRC-20 fungible token standard, Bitcoin Runes launches tomorrow

by Macauley Peterson /
article-image

Op-Ed

This Bitcoin halving cycle, miners need a new energy strategy

Bitcoin miners need to explore unconventional energy avenues or be buried by the financial realities created by this halving

by Adam Swick /
article-image

FinanceMarkets

Bitcoin ETF segment sees record-tying fifth straight day of outflows

BlackRock’s iShares Bitcoin Trust continues to see daily positive net flows, though its inflow total for a single day hit a new low Wednesday

by Ben Strack /
article-image

Business

Binance receives license in Dubai, moves SAFU fund to USDC

Binance is making moves, from receiving a new license in Dubai to switching its SAFU fund to USDC

by Katherine Ross /