Author: @sabocrypto
Source: Twitter
This article takes stock of the top 10 hacking incidents in the encryption industry in 2022, and summarizes some lessons that can be learned in the future.
Cryptocurrency exchange Crypto.com stolen $35 million on Jan. 17
A hacker turned off two-factor authentication on the cryptocurrency exchange.
Customer funds lost - 4836 ETH and 443 Bitcoin stolen.
All affected customers have been fully compensated.
On January 27, $80 million was stolen from decentralized finance platform Qubit Finance
Hackers stole 206,809 BNB from Qubit’s QBridge protocol through a smart contract vulnerability.
The assets were valued at more than $80 million at the time.
The developers were forced to change the name to a Decentralized Autonomous Organization (DAO).
$325 million stolen from Wormhole on Feb. 2
Hackers who attacked Wormhole used smart contracts on the SOL-ETH bridge to cash out without depositing any collateral.
Jump Crypto, the crypto investment arm of Jump Trading, added 120,000 ETH.
Currently, they hold over $625 million in TVL, according to DefiLlama.
On February 8, $37 million was stolen from IRA FT
IRA Financial Trust is a cryptocurrency-focused retirement and pension platform.
The hackers somehow got hold of a "master key" and hacked into the platform.
The platform is now suing cryptocurrency exchange Gemini, alleging that Gemini did not have proper safeguards in place to protect customers’ crypto assets.
On March 22, $52 million was stolen from Cashio
Hackers minted Cashio's stablecoin CASH "infinitely".
Caused CASH to plummet to ~0 and has not recovered since.
On March 28, $625 million was stolen from Axie Infinity
The Ronin Bridge hack was the largest ever cryptocurrency hack in fiat currency terms.
Hackers control most of the encryption keys.
4/9 keys were stolen when an Axie developer clicked on a fake job offer PDF.
On April 17, $182 million was stolen from Beanstalk
Hackers used "flash loans" to take over the stablecoin's governance protocol.
Funds are continuously borrowed and repaid in the same transaction.
Hackers passed proposals to donate funds to Ukraine and stole the rest of the collateral.
On April 30, Fei Protocol was stolen for $80 million
A code error in the lending protocol allowed hackers to withdraw the collateral for the loan at the same time as the loan was issued.
The DAO repaid the bad debt on behalf of the hacker.
Stablecoin FEI remains pegged to $1.
On June 23, $100 million was stolen from Harmony
The North Korean hacking group Lazarus accessed 2/5 of the security keys and began approving transactions.
Assets were stolen from its Horizon bridge, a cross-chain bridge that enables assets to move between Harmony and Ethereum and the Binance Smart Chain network.
On August 1, $190 million was stolen from Nomad
Nomad’s upgrades to smart contracts allow attackers to spoof transactions and withdraw funds from the Nomad bridge.
The white hat hackers have since returned $33.3 million worth of funds.
Written at the end, some thoughts
Last year, we faced more social engineering attacks.
And in 2022, attackers have turned to more code exploits and flash money.
Instead of relying on large numbers of people to get scammed, attackers are able to attack DeFi protocols directly.
No single chain will be able to handle all global transaction volume.
Therefore, it seems inevitable that we are headed towards a multi-chain future, although we have not yet reached mass adoption.
This explains the need for cross-chain bridges, and why we need to secure them.
The biggest hacks of 2022 were carried out by attackers via vulnerabilities in cross-chain bridges and flash loan protocols.
In the future, it will be helpful to have a smart contract audit for every line of code, either before launch or anytime the code is changed.
2022 is also the most prosperous year for North Korean hacking groups to date.
With Tornado Cash Sanctions Setting a Precedent in the Cryptocurrency Industry, Where Will Hackers Send Their Funds Now?
Who will be next to face the wrath of US/global regulators?
WIF, a meme token on Solana, surged from less than $0.10 to almost $0.50 after Binance listed perpetual contracts for the token. As a Solana standout, WIF's rapid rise, coupled with a strategic wallet transaction, positions it as a noteworthy player in the ever-evolving meme token landscape.
JoyPandoshi, a rising cryptocurrency, is gaining attention with its successful presale, securing over $500,000 in 48 hours, and the launch of its DeFi wallet. Positioned as a pioneer in decentralized finance, Pandoshi's commitment to innovation and decentralization is drawing considerable interest from the crypto community.
JoySingapore's AXS has partnered with Triple-A to enable users to pay bills in Bitcoin, Ether, Tether, or USD Coin through its mobile app. This strategic move anticipates a broader shift towards cryptocurrency adoption in everyday transactions, offering increased convenience and flexibility for users.
JoySnaky Cat, the innovative collaboration between iCandy and Animoca Brands, transforms the classic Snake game into a blockchain-infused adventure on Coinbase's Base. With a Play-to-Earn model and $TOWER token rewards, it seamlessly merges nostalgic gaming with modern blockchain technology, offering players worldwide a unique and rewarding experience.
JoyNethermind rapidly fixes a critical bug and raises the debate about the centralisation of Ethereum clients and the need for community-driven network resilience improvement.
BrianEthereum's stability teeters on a fine balance due to over-reliance on the Geth client, with Lido Finance at the forefront of this precarious situation. However, efforts towards diversification and innovation hint at a future where reliance is distributed, not centralised.
WeiliangThe PYTH token experiences a surge in staking, possibly driven by airdrop prospects, while users remain cautious in their investment.
BrianSolana's NFT sector shows mixed signals of growth and decline, with potential uplift from Magic Eden's new reward program.
WeiliangTelefónica partners with Nova Labs, deploying Helium Mobile hotspots in Mexico to enhance coverage, showcasing a pioneering blend of traditional telecom and decentralized networks.
MiyukiSouth Africa introduces FSP licenses, bolstering crypto market integrity and consumer protection.
Brian