The data below represents a dozen cross-chain bridge hacking incidents that took place throughout 2022. This recent report means to shed light on the blockchain’s biggest vulnerabilities.
According to the newly released report by Beosin Blockchain Security, 38.7% of 2022’s lost funds found their way into the crypto mixer service, Tornado Cash. Security teams and law enforcement combined managed to recover $289 million last year. The total valuation of the world’s cryptocurrency crimes totalled $13.76 billion, while money laundering amounted to $7.33 billion, pyramid schemes spiralled to $1 billion while attacks and exploits hit $3.6 million.
1. Vulnerable Smart Contracts
BNB Chain’s Hack
BNB Chain’s bridge lost a huge amount of money in 2022 due to a vulnerable implementation of its pre-compiled contract. The loophole allowed the cyber criminal to forge arbitrary messages to the contract and hence go away with 62.5 million BUSD, 35 million USDC and 50 million USDT. Fortunately, Binance Exchange managed to freeze 80 – 90% of the entire stolen funds and only incurred a loss of $100 million.
Wormhole
Wormhole lost $326 million on Feb 3 2022 after the attacker exploited a validation loophole on the network’s verification system. As a result, the hacker managed to forge sysvar accounts which then allowed them to mint wrapped Ethereum (wETH). The hacker seems to have taken advantage of the gap between the going live of the contract’s patch and the review process in order to attack the defi platform.
Nomad Bridge
Cybercriminals exploited another validation loophole on the Nomad Bridge on Aug 2 2022 and made way with over $190 million. The exploit involved not less than 500 hacker addresses. On further analysis by a team of security experts, it was established that the platform’s developers added 0x000…000 as the right root, hence allowing the hackers to withdraw funds from the contract.
2. Flashloans
Beanstalk
On April 17, 2022, a flash loan attack occurred on the BeanStalk Farms DeFi platform, an algorithmic stablecoin project. As a result, Beanstalk suffered a loss worth $182 million, while the attackers profited by $80 million. Through the help of the mixing service Tornado Cash, security experts did not manage to freeze or recover the funds.
3. Private Key Compromise
Harmony
Harmony suffered a $100 million loss on June 24, 2022. While the majority thought the attack resulted from a vulnerability in the smart contract, the platform’s founder confirmed it was a private key compromise. The attacker decrypted some of Harmony’s encrypted private keys and used them to sign illegal transactions. However, Harmony managed to prevent further transactions at the time of the hack by halting the Horizon Bridge. While Harmony issued a compensation proposal to its users, its security team never managed to recover the stolen funds due to the attacker’s use of Tornado Cash.
Wintermute
Wintermute suffered a $160 million loss following a private key compromise attack on Sep 20, 2022. The hacker decompiled the DeFi platform’s smart contract and exploited a vulnerability in the private key. This made the hacker an admin who could authorize the system to withdraw funds.
4. Price Manipulation
Mango Markets
Solana’s Mango Markets lost $116 million after a price manipulation attack. The attacker leveraged 10 million USDT to fund 100+ million digital assets. Mango Market’s smart contract failed to limit the leveraged contract that the attacker could open, and hence the attacker raised the price of Mango’s native token and made lots of profit.
5. Suspected Rug Pulls
Looking at the total scams data, rug pulls contributed the highest percentage of all lost funds. Rug pulls cost the crypto industry over $425 million in 2022.
Rug pulls 2022 data
Terra Luna
Unfortunately, most rugs pull DeFi security issues have been the centre of debate and Terra (LUNA) is no exception. The blockchain project saw its native Token, LUNA, crash from $120 to nearly a handful dollars cents per coin. Most blamed the poor design of the algorithmic stablecoin, with its TerraUSD de-peg costing the entire crypto market nearly $40 billion in losses.
FTX Exchange Crash
We cannot talk about 2022’s security issues on the blockchain and fail to mention the FTX saga. Most believe the exchange crashed as a result of a rug pull. Over $440 million was lost, while the platform’s security blamed malware and trojan horses. Court proceedings and media interviews of Sam Bankman-Fried (SBF) did shed some light on what actually took place. However, the incident is still unclear on what really caused the FTX crash and the subsequent crypto market bloodbath.
Comments (No)