Crypto assets hacked in 2022 will likely exceed $3.2 billion in stolen funds in 2021, says crypto security firm Chainalysis.

Image Source: Chainalysis.
Security breaches and code abuse are central to the interests of attackers seeking to steal cryptocurrencies. Needless to say, DeFi protocols are becoming targets of irresistible attacks.
Cross-chain bridges are setting the stage for the latest hacking trend, especially in 2022, accounting for 64% of money thefts this year.
Explore the issues behind the biggest cryptocurrency hacks of 2022 and try out how to approach web3 security.
The Biggest Hack Deployment of 2022
Axie Infinity Ronin Bridge
Stolen funds: $62,40,00,000
Date: 23rdMar’22
The Ronin network worked on a Proof-of-Authority model using 9 validator nodes. Of the nine nodes, five must approve to pass the transaction on the bridge. The four validator nodes are Sky Mavis internal team members, and only one signature is required to validate a transaction.
In the Ronin exploit, hackers were able to leverage the RPC node to successfully access the fifth validator node. Gas-free RPC nodes were established a year ago to reduce costs for users with heavy network traffic.
Therefore, hackers made withdrawals in two transactions by configuring the node. The Ronin bridge contract exfiltrated 173,600 ETH on the first transaction and 25.5M USDC on the second transaction. The largest money theft in crypto history was identified just six days after the hack occurred.
BNB bridge
Stolen funds: $58,60,00,000
Date: October 6, 2022
The BNB Bridge connects the old Binance Beacon Chain and the Binance Smart Chain. A hacker was able to exploit the vulnerability and create his two batches of 1M BNB each. At the time of the hack, the total 2M BNB was worth approximately $586 million.
Here is the attack plot.
Attackers have presented false evidence of deposits on the Binance Beacon chain. Binance Bridge used his weak IAVL verification to verify evidence that hackers managed to forge and proceed with withdrawals.
Instead of dumping the BNB directly, the hackers then sent the funds into their own wallets by depositing them in the BSC lending platform, the Venus protocol, as collateral.
wormhole
Stolen funds: $32,60,00,000
Date: 2ndFeb’22
Wormhole, the bridge between Ethereum and Solana, lost 120,000 wrapped Ethers totaling $321 million at the time due to code abuse.
The hack occurred on Solana by manipulating a bridge with information that indicated 120k ETH was being sent to the Ethereum chain. As a result, the hackers were able to mint 120,000 worth of wETH from Solana.
The attacker used the ‘SignatureSet’ from the previous transaction to subvert the Wormhole Bridge’s verification mechanism and take advantage of the ‘Verify-signatures’ feature of the main bridge contract.mismatch of “solana_program::sysvar::instruction” ‘solana_program’ was abused by users to validate addresses containing only 0.1 ETH.
Following this, through a subsequent code exploit, the hackers fraudulently issued 120,000 wETH on Solana.
nomad bridge
Stolen funds: $19,00,00,000
Date: August 1, 2022
Nomad bridge has become the perfect target for anyone to join the hacker gang, and it has taken a fatal blow.
During a routine bridge upgrade, a replica contract was initialized with a coding flaw that severely impacted our assets. The contract had the address 0x00 set as a trusted root. This meant that all messages were enabled by default.
The hacker’s exploit transaction failed on the first attempt. However, the Tx address was copied by a subsequent hacker who called the process() function directly, as it was marked as “proven” for validity.
The upgrade read a ‘message’ value of 0 (disabled) as 0x00, so it passed validation as ‘verified’. This meant that any process() function passed was valid.
So hackers could launder money by copying and pasting the same process() function, replacing the previous exploiter’s address with theirs.
The disruption removed $190 million in liquidity from the bridge’s protocol.
beanstalk
Stolen funds: $18,10,00,000
Date: April 17, 2022
Hackers whipping out $181 million was essentially a governance attack.
Hackers were able to get enough flash loans to vote and push their malicious proposals.
The attack flow is as follows.
Attackers used flash loans to gain voting rights and quickly acted to implement malicious and urgent governance proposals. The lack of delay in implementing the proposal worked in favor of the attack.
The hackers made two suggestions. The first is to transfer the contract funds to yourself. Our next proposal is to send $250,000 worth of $BEAN to a Ukrainian donation address.
The stolen funds were used to pay off the loan, and the rest went to Tornado’s cash.
winter mute
Stolen funds: $16,23,00,000
Date: September 20, 2022
A hot wallet compromise cost Wintermute $160 million.
There was a vulnerability in the Profanity tool used to create vanity addresses. Wintermute’s hot wallet and DeFi vault contract both had vanity addresses. A vulnerability in the Profanity tool compromised a hot wallet’s private key and subsequently stole funds.
mango market
Stolen funds: $11,50,00,000
Date: October 11, 2022
Mango market tumbled after price manipulation attack losing nine figures on the go.
How did it happen?
The attackers deposited over $5 million into Mango Markets and counter-traded against their positions from another account. This caused the MNGO token price to jump from his $0.03 to $0.91.
The attackers then used their positions as collateral to drain funds from the liquidity pool. Simply put, token price manipulation and pumping led to the collapse of the protocol.
harmony bridge
Stolen funds: $10,00,00,000
Date: 23rdJune’22
Harmony Bridge tumbles after learning private key compromise, followed by $100 million loss. Follow the flow of attacks.
Harmony Bridge used two of the five multisig addresses to pass the transaction. Attackers were able to gain control of these addresses by compromising the private keys. A hacker was able to execute a deal that drained $100 million after he took control of two addresses.
Faye Larry
Stolen funds: $8,00,00,000
Date: May 1, 2022
Rari uses compound forking code that does not follow the check-effect-interaction pattern. Failure to check the pattern leads to reentrancy attacks.
In this reentrant pattern, the attacker messed with the code using: “call.value” When “Exit Market” function. The attacker used a flash loan to borrow her ETH, “call.value” and called “Exit Market” Withdraw funds that have been set up as collateral.
In this way, the hackers raised funds with flash loans and held collateral to borrow.
Qubit Finance
Stolen funds: $8,00,00,000
Date: January 28, 2022
Qubit allows you to lock funds in Ethereum and borrow the equivalent in BSC. Contractual”tokenAddress.safeTransferFrom()’ The function was exploited in the Qubit hack.
Hackers were able to borrow 77,162 qXETH from BSC without depositing ETH into Ethereum. And using it as collateral to borrow WETH, BTC-B, USD stablecoins, etc., the hackers made a profit of around $80 million.

How to use Web3 security wisely?
DeFi TVL hits all-time high of $303 million in 2021. However, increasing exploits in the DeFi space are declining the value of TVL in 2022. This is a warning to take Web3 security seriously.
The biggest DeFi protocol thefts were due to flawed code. Fortunately, a more rigorous approach to testing code before deployment can greatly limit this kind of attack.
As many new projects are being built in the web3 space, quill audit We will do our best to ensure maximum security of the project and protect and harden web3 as a whole. In this way he has successfully secured around 700+ of his Web3 projects and continues to expand the scope of shielding his Web3 space through a wide range of service offerings.
Four view
0 Comments