Many DeFi projects have been hacked and exploited this year. According to Chainalisys, 2022 became “the largest year ever” for the crypto sector in terms of assets lost. A large sum of money was stolen in the last two months, adding to the year’s massive losses of almost $3 billion.
This year saw cross-bridge assaults, decentralized application hacking, rug pulls, and other incidents. For many in the business, the lack of security has made an already challenging bear market much more difficult. Major DeFi exploits may be found on this page https://www.apostro.xyz/hacks, and this article will go through the top three this year.
The Wormhole was the first bridge to be exploited in 2022, resulting in a $325 million asset loss in February 2022. Bridges enable users to lock tokens on one chain and mint their equivalents on another, which raises security issues as various chains to utilize different code bases and security standards. Hackers used Solana side of the Wormhole bridge to exploit it through falsified security signatures. They were able to mint 120,000 wETH, worth around $325 million, out of thin air. After minting the tokens, the hacker converted them to genuine ETH on the Ethereum network, emptying Wormhole’s vaults.
All bridge operations were paused as a result of the exploit, and the community was concerned about the bridge’s ability to recover and resume operations. To everyone’s surprise, Jump Crypto, the trading and venture capital firm that incubated Wormhole, replaced the stolen 120,000 ETH with its own assets a few days later to reopen and maintain bridge operations.
In March, hackers stole $552 million in Ethereum and USDC from Ronin, an Axie Infinity sidechain. The intriguing aspect of this exploit is that it was found and made public quite late – a week later – by one of the developers. By that time, the assets’ worth had risen to $622 million.
The attack was straightforward: hackers utilized social engineering to get backdoor access to signing keys and created false transactions in order to steal assets from Ronin. Hackers sought to profit from the attack by shorting the market, but their positions were liquidated since the news came too late.
Binance Smart Chain exploit
On October 6, hackers targeted BSC Token Hub, one of the most significant crypto bridges in the crypto space. They took advantage of the bridge’s security and seized around $566 million in BNB.
Hackers used falsified withdrawal proofs to trick smart contracts into minting tokens out of thin air. Despite the exploit, customers of Binance and BSC chains did not suffer a direct financial loss since tokens were minted rather than withdrawn from liquidity pools.
Even with the enormous number of stolen tokens, the hackers had difficulty paying them out. Following the attack, Binance CEO Changpeng “CZ” Zhao said that BSC chain validators reached a consensus to freeze the network and stop token transactions. While validators prevented around 80-90% of tokens from going to malicious actors, they could still move over $100 million to other chains.