Roundup: 2022 ‘mega’ crypto hacks

According to TRM labs analysis, 2022 was a record year for crypto hacks, with about $3.7 billion worth of crypto stolen. DeFi attacks were prevalent, with approximately 80%, or $3 billion, involving DeFi victims.

As we head into 2023 optimistic about the promise of a nascent technology, we must look back to learn from the challenges and setbacks we faced in hindsight.

Ronin Bridge infrastructure crypto hack

Axie Infinity Ronin bridge crypto hack in March tops the list at $612 million. Ronin bridge is an Ethereum side chain for the Axie Infinity play-to-earn game.

The crypto hackers, today identified as a North Korean cybercrime group called Lazarus, gained access to nine private keys of the Ronin bridge transaction validators. Using the keys, they approved large transactions, one for 173,600 ETH and the other for 25.5 million USDC.

Hackers moved the crypto to Tornado cash, an open-source crypto tumbler, and several other exchanges. 

Joint efforts from the community, Binance, Chainalysis, and law enforcers helped track down some of the funds.

BSC Beacon cross-bridge code exploit

In October, hackers exploited a vulnerability in the BSC Beacon cross-bridge code to steal crypto worth $570 million. The bridge is a critical component of the BNB chain.

The BSC Beacon chain, referred to as Token Hub, is a cross-chain bridge between the BNB Beacon Chain (BEP2) and BNB Chain (BEP20/ BSC).

The attack worked by falsifying cryptographic proofs called Merkle proof that confirmed data like transactions as valid and included in the blockchain. The cyrpto hacker used the false Merkle proof to transfer funds from the BSC Beacon cross-bridge to other chains. 

Tether blocklisted the attacker’s address while over $7 million moved from the BNB chain were effectively frozen.

Wormhole bridge code exploit

Crypto hackers exploited wormhole’s code in February of crypto worth $326 million. A wormhole is a token bridge between Solana and Ethereum.

The crypto hacker used a deprecated/ dead insecure function to bypass signature verification.

A deprecated code can be compared to a sticky note saying, ‘I will delete this in the future.’ You can’t delete the code now because some consumers still use it.

A chain of delegations of signature verification enabled the crypto hack. The deprecated function didn’t check addresses, allowing the validation of a forged signature.

According to cyber analysts, developers could have avoided the attack if they had practiced ‘secure coding.’

Nomad bridge code exploit

Hackers exploited the Nomad crypto bridge in August of crypto worth $190 million. The hacker virtually drained all funds in the protocol—the rising exploits brought into question the security of cross-chain token bridges.

Bridges work by locking tokens in a smart contract in one chain and then reissuing them in a ‘wrapped’ format on another chain. In Nomad’s case, the attack sabotaged the contract rendering its wrapped tokens worthless.

Nomad, in effect, put up a bounty requesting the hacker to keep 10% of the funds and face no legal action plus a bonus whitehat NFT. The attacker ultimately returned only $36 million.

Roundup: 2022 ‘mega’ crypto hacks 1

Beanstalk protocol attack

On a fateful weekend in April, a hacker used a flash loan to steal $182 million in ETH, BEAN stablecoin, and other assets from the Beanstalk stablecoin protocol.

A flash loan is a feature that enables users to borrow an asset, make a quick trade then repay it in a single complex transaction across multiple protocols.

The attacker presented two malicious proposals to the Beanstalk DAO through the emergency commit function, which required a ⅔ vote and then implemented after 24 hours. 

The attacker mischievously used the flash loan function to obtain 79% control and pass his proposal.

The attacker sent the funds in the protocol to pay off his flash loan and the rest to the Ukraine fund address. In the end, he made a profit of $76 million.

More mega crypto hacks

Other mega crypto hacks include Wintermute’s $160 million infrastructure attack in April, Maiar/ Elrond’s $113 million Infrastructure attack in June, Mango Markets’ $112 million Infrastructure attack in October, and Harmony bridge’s $100 M Infrastructure attack in June.