SOME OF THE BIGGEST CRYPTO HACKS OF 2022
Each year, massive sums of money are lost due to crypto hacks and attacks. Below are some of the notable crypto hacks of 2022.
Date Of Hack: January 17th 2022
Reported loss: $35 million
Crypto.com is one of the world’s most popular crypto apps and well-known exchanges. It suffered an attack on the January 17, and over $35 million was reportedly stolen. The cause of the hack was due to disabled two factor verification thus the hacker was able to extract bitcoin and ether from customer accounts.
After initially denying it, the CEO of Crypto.com Kriz Marszalek confirmed the security breach which caused the exchange to shut down certain services for 13–14 hours.
ELROND
Date Of Hack: June 5th 2022
Reported Loss: $113 million
Decentralized exchange Maiar was hacked in early June, with the hacker exploiting loopholes in a smart contract to steal 1.65 million EGLD (Elrond egold) worth an estimated $113 million.
According to reports, the hacker managed to sell off 800,000 of the stolen tokens for a sum of $54 million. While the rest were either bridged to ETH or USDC, or being stored in a number of different wallets.
However, founder and CEO of Elrond Network Beniamin Mincu claimed that a significant portion of stolen funds were recovered.
HARMONY BRIDGE
Date Of Hack: June 24th 2022
Reported Loss: $100 million
In June 2022, Harmony Horizon project fell victim to a malicious attack that saw them lose nearly $100 million. North Korean state-backed hacking group, Lazarus Group were closely linked to the attack.
London-based blockchain analysis provider Elliptic linked the attack to Lazarus Group, saying the “hack and the subsequent laundering of the stolen crypto assets” is consistent with the activities of the North Korean hackers.
The hacker(s) managed to siphon $100 million in crypto assets, including Ethereum, BNB, Tether, USDC, and Dai.
MANGO MARKET
Date Of Hack: October 11th 2022
Reported Loss: $100 million
Solana-based DeFi trading platform Mango Markets lost over a hundred million dollars to hackers who manipulated the price of native MNGO token, temporarily increasing the value of their collateral and then taking out a loan from the Mango treasury.
QUBIT QBRIDGE
Date Of Hack: January 27th 2022
Reported Loss: $80 million
Qubit is a decentralized lending and borrowing platform developed by the team behind PancakeBunny. In January, hackers were able to access and steal $80 million dollars. The hackers were able to mint wrapped Ether tokens without having to deposit any collateral. The protocol was then duped into believing that attackers had deposited money when they hadn’t.
According to CertiK, the hacker carried out these actions multiple times and converted all of the assets to Binance Coin.
FEI PROTOCOL
Date Of Hack: April 30th 2022
Reported Loss: $80 million
In April, Fei Protocol was victim to an attack by a hacker. The attacker was able to drain approximately $80 million in tokens. The hacker made use of a reentrancy bug to take out a loan and also extract the deposited assets used as collateral for the loan.
By exploiting multiple different pools in the Fei Protocol smart contract, the attacker was able to drain $80 million in tokens from the protocol.
IRA FINANACIAL TRUST
Date Of Hack: February 28th 2022
Reported Loss: $37 million
Crypto-based and self-directed retirement pension disbursal platform IRA had a security breach which led to the siphoning of $36 million in crypto assets from customers’ accounts via unauthorized withdrawals. The hackers compromised assets on the platform by accessing a master key, which helped them overcome all the security measures.
IRA has since filed a lawsuit against Gemini, the crypto exchange on which customers’ fund where stored, for negligence and sloppy security protocols that it claimed led to its customers’ accounts getting drained.
CASHIO
Date Of Hack: March 23rd 2022
Reported Loss: $50 million
Cashio (CASH), a native stablecoin of Solana, lost millions after hackers exploited an ‘infinite mint glitch’. The hacker was able to create a fake contract with fake LP balances, and trick the Cashio smart contract into believing that a deposit of 27m fake LP tokens meant that it should mint 2Bn $CASH for the hacker. That 2Bn in $CASH was then sold for $48m.
DERIBIT
Date Of Hack: November 1st 2022
Reported Loss: $28 million
Deribit officially announced that its platform suffered a hot wallet hack on Nov. 2, losing a total of $28 million in several cryptocurrencies, including Bitcoin, ETH, and USDC. The exchange had to halt all withdrawals in order to ensure proper security in the aftermath of the hack, promising to cover all the losses. The entirety of the loss was covered by Deribit’s balance sheet assets, which are separate from the company’s $40 million insurance fund.
In a tweet made later, Deribit assured their users that, “Deribit remains in a financially sound position and ongoing operations will not be impacted.”
ANKR & HELIO
Date Of Hack: December 2nd 2022
Reported Loss: $20 million
In November 2022, an attacker drained over $5 million in tokens from the Ankr project via a private key leak, but the damage didn’t stop there. A follow-on attack against Helio netted an attacker approximately $19 million in stolen tokens.
Duriing an updating process, the private key used to govern contract updates was compromised and used by a hacker. With the private key, the hacker was able to update the contract thus allowing the attacker to mint 60 trillion aBNBc tokens, worth over $5 million in total.
Exploits of the Ankr vulnerability caused a 99% crash in the value of aBNBc tokens. However, Helio, a staking platform, was using delayed oracle data that did not reflect the crash.
An attacker exploited this out-of-date data by using the Ankr vulnerability to mint 183,000 aBNBc tokens and deposit them into Helio. They then took out a loan of $16 million worth of HAY stablecoin. These tokens were then swapped for 15 million BUSD.