This year is widely regarded as the worst year ever for Crypto thefts, as severe cyberattacks and exploits were used against cryptocurrency-based protocols
According to Chainalysis research, the frequency of cryptocurrency breaches increased significantly this year, surpassing a record $3 billion in total funds lost – a jump from $2 billion lost to hackers in 2021.
The past year has demonstrated how malevolent or "blackhat" hackers are utilizing ever-evolving techniques to target flaws in decentralized apps that, like all software, could have problems.
Security issues involving cross-chain bridges and decentralized finance protocols stood out among the main cryptocurrency heists of 2022 because they resulted in individual exploits with damages totaling hundreds of millions of dollars.
Ronin Network — $625 million
The greatest crypto theft to date occurred on March 29, when Ronin, a sidechain that houses Sky Mavis' Axie Infinity game, was exploited for $625 million in various crypto assets.Sky Mavis created Ronin to host its well-known blockchain game Axie Infinity.
However, things went south when the team was unable to protect the Ronin network from attackers, who were ultimately found to be North Korea's Lazarus hacking outfit.
The hacker organization got into Sky Mavis' IT system by targeting a former employee in an email-based phishing assault. The company kept the private keys to the Ronin blockchain validator nodes on its internal systems, which the hackers discovered and stole. The Ronin was completely taken over by hackers when they obtained validator keys.
The hacker's organization got into Sky Mavis' IT system by targeting a former employee in an email-based phishing assault. The company kept the private keys to the Ronin blockchain validator nodes on its internal systems, which the hackers discovered and stole. The Ronin network was taken over by the hackers after they gained access to validator keys, and they moved more than 173,600 ETH and 25.5 million USDC stablecoin, totaling more than $625 million.
Fortunately for users whose money was stolen during this incident, the majority of them, the company claimed, were fully repaid. A week after the theft, SkyMavis secured $150 million in a funding round headed by Binance, which it then coupled with its own resources to reimburse.
FTX $400 million
The now-defunct controlled exchange FTX was the target of one of the year's biggest cyberattacks, unlike other significant security breaches that affected decentralized blockchain applications using smart contracts. The FTX hack, which happened in November, was discovered after the exchange's official Telegram admins noted "unauthorized access."
The exchange's wallets lost somewhere about $400 million, according to Onchain data, shortly after its former CEO Sam Bankman-Fried sought Chapter 11 bankruptcy protection.
The hack and another sizable asset transfer mandated by the Bahamian regulators, according to testimony from the new FTX CEO John J. Ray III, were independent events. Chainalysis, an analytics company collaborated with FTX to locate the assets.
Additionally, Ray stated in a prepared testimony document that FTX had very lax security measures in place and was not encrypting the private keys to its wallets, both of which could have easily allowed the attack to occur.
Wormhole — $325 million
Wormhole, a cross-chain bridge protocol, was compromised in the greatest bridge exploit of the year in February. On the Solana network, Wormhole gives users the option to lock their ETH and obtain a pegged asset known as Wormhole ETH (wETH).
On February 2, Wormhole was taken over by a hacker who created 120,000 wETH worth $325 million out of thin air by forging specific security signatures on the bridge. The hacker emptied Wormhole's holdings by exchanging the illegally created wETH for real ETH on the Ethereum network.
The tragedy put a stop to the bridge's operations, and for a while, it seemed like Wormhole's days were numbered. To everyone's amazement, a few days after the hack, Wormhole announced that it had replaced all of the stolen ETH and opened the bridge. Recovering the losses would have been extremely difficult.
Jump Crypto, a trading and venture capital company that helped launch Wormhole, acknowledged that it had restored the 120,000 ETH that had been stolen with its own money to support the bridge.