Cryptocurrency hacks are on the rise. From phishing scams to backdoor breaches, a wide range of cyberattacks have been used just this year to steal millions of dollars in crypto. In this article we take a look back at the biggest crypto hacks of 2022.
Cryptocurrency is a decentralized digital currency. It is stored using blockchain technology and is not regulated by any bank, government, or financial institution.
Decentralization is one of the main features that sets cryptocurrency (often shortened to “crypto”) apart from other currencies. It can be created and issued by anyone, and as a result countless different crypto coins are available. The two most popular and widely recognized currencies are Bitcoin and Ethereum, stored on the Bitcoin and Ethereum blockchains respectively.
Crypto can, in theory, be used like any other currency to purchase goods and services. In recent years, however, many have started to treat new cryptocurrencies like speculative stocks. Crypto traders buy and hold large quantities of crypto, betting that its value will increase. If it does, they can sell it and make a profit. More often than not, these speculations end in disaster because coins can lose their value in a matter of minutes.
While pump-and-dump scams and rugpulls are a constant threat to crypto investors, they’re not the only risks you have to worry about in this space. Even if the coin you’re holding maintains or gains value, you may still end up losing your money because of a crypto hack.
A crypto hack involves hackers accessing and stealing your crypto coins without your authorization. Here are some of the most common crypto hacking techniques.
Bridge attacks involve hackers targeting your crypto as it is transferred from one blockchain to another.
Each coin exists on a blockchain (a decentralized database, usually referred to as a ledger). Protocols that transfer your currency from one blockchain to another (for example, if you want to turn Bitcoin into Ethereum) are called cross-chain bridges. Bridges are essential for blockchain interoperability, but they’re also vulnerable to hacking.
Cybercriminals can use any number of methods to target cross-chain bridges, from exploiting bugs in a bridge’s code to utilizing leaked cryptographic keys. Some hackers have even managed to trick cross-chain bridge systems with bogus coins, converting them into real and valuable currencies on other blockchains.
Wallets are applications that allow you to access, manage, and move your cryptocurrency. These programs can be installed on a device like a smartphone or a computer and are either hot (always connected to the internet) or cold (offline). If you have a hot wallet on a device, then a bad actor who hacks that device could get into your crypto wallet and raid your funds.
Many crypto enthusiasts use coin exchanges to store and manage their currency. Exchanges are online platforms through which you can buy and sell crypto, or store it and gain interest. While exchanges provide a useful service, they are not without risk. Exchanges hold huge amounts of cryptocurrency on behalf of their users, so hackers target them constantly, using exploits, phishing emails, and social engineering attacks. If a cryptocurrency exchange is breached, coins stored in the exchange’s hot wallets can be stolen.
Crypto hackers use many different tactics to steal coins.
Cryptocurrency hacks in 2022 have resulted in billions of dollars of losses. Here are the five biggest breaches that we know about from 2022.
In March, a hacker stole user funds worth $625 million from the Ronin Network. The Ronin Network is a side chain (a subset of a larger blockchain) used to support a blockchain-based game called Axie Infinity. The hacker managed to steal private keys to generate fake withdrawals, transferring hundreds of millions from the network. The hack was not uncovered until a week later.
A hacker targeted a cross-chain bridge known as Wormhole in February. The Wormhole protocol allows for the transfer of funds between multiple chains, including Ethereum (ETH). The hacker took advantage of weaknesses in the protocol’s validation system to fraudulently generate a large quantity of wrapped Ethereum (WETH), a token with a value tied to the Ethereum coin. They then used the Wormhole to convert the WETH into ETH, making off with cryptocurrency valuing around $325 million.
In August, another cross-chain bridge attack took place. The Nomad bridge was attacked, resulting in losses of approximately $190 million in Bitcoin. Hackers exploited a bug in the protocol to withdraw more funds than they had deposited. Unlike other hacks on this list, hundreds of individuals took part in this incident. This attack may not have been a coordinated one. Once news of the exploit got out, hundreds of people rushed to take advantage of it, each acting on their own initiative.
Beanstalk Farms is a stablecoin protocol based on Ethereum. (Stablecoins are crypto tokens that are designed to remain at a stable value, instead of fluctuating up and down.) The protocol used a native governance token called STALK. If someone wanted to transfer assets out of Beanstalk Farms, they would need approval from a majority of STALK holders.
In April, a hacker used a flash loan (an extremely short-term crypto loan) to buy a majority position in STALK. They then proposed a massive transfer of funds and used their STALK tokens to approve the proposal. It’s estimated that the hacker profited by around $80 million, but the hack caused the stablecoin to crash, resulting in total losses of $182 million.
In September, a crypto market maker called Wintermute lost $162 million in a major hack. It’s not clear yet how the attack was carried out, but security firms have suggested that essential private keys were either leaked or cracked using a brute force attack. Shortly after the hack, some crypto researchers claimed that the hack may have been an insider attack, but this has not been confirmed.
PRO TIP: Research the creators and companies behind any exchange or coin before investing your money. If a project's creators have no history in the crypto space or, worse, have a history of failed startups and scams, stay away!
The future of cryptocurrency is uncertain. Mainstream adoption is still far off, and intense market volatility is discouraging individuals and companies from getting involved. Public awareness around cryptocurrency and blockchain technology has grown rapidly over the last five years, but much of the publicity centers around scandals, scams, and market crashes.
The recent collapse of FTX, a major crypto exchange, was a reminder to everyone in the market that even companies considered to be secure and mainstream can fall apart in a matter of hours. The subsequent revelation that FTX may have been hacked, with millions of dollars of crypto potentially lost, underlined the general feeling of chaos and uncertainty in the digital currency market.
Many crypto enthusiasts insist that these problems are temporary. In the long run, they see digital currency and the blockchain as foundational elements in a freer, more decentralized version of the internet. They also insist that a blockchain network can serve non-crypto-related purposes, and that’s true: smart contracts, data storage, and the storage of NFTs are all viable blockchain functions.
For now, however, the technology’s primary use case remains cryptocurrency, for better or for worse. If you’re going to keep using cryptocurrency yourself, it’s important to protect yourself from the risks that come with it.
Here are a few steps that you can take to avoid becoming the victim of a crypto hack.