Cybercriminals used a variety of novel ways to carry out hacks and exploits in 2022, with more than $2.8 billion in cryptocurrency stolen last year.
According to a report by CoinGecko using data from DeFiYield’s REKT database, almost half of all cryptocurrency stolen in 2022 was fleeced using various methods. This includes bypassing verification processes, market manipulation, “crowd looting” as well as smart contracts and bridging exploits.
The biggest hack of 2022 was carried out via an access control hack. Sky Mavis, the developer of the popular game Axie Infinity, saw its Ronin bridge hacked in March 2022, causing $625 million to leak from the bridge between the Ronin chain and the Ethereum network.
It was later revealed that the North Korean hacker group Lazarus gained access to five private keys that were used to sign transactions from five validator nodes on the Ronon network. This was how the hackers drained 173,600 ETH and 25.5 million USDC from the bridge.
According to CoinGecko, the access control exploit is carried out by attackers who have gained access to wallets or accounts through compromised private keys, networks, or security systems. As Cointelegraph explored last year, cross-chain bridge hacks were prevalent in 2022, with 65% of funds stolen from this type of attack alone.
The second largest attack of 2022 took place in February 2022, when attackers bypassed verification with a forged signature on the Wormhole token bridge before minting $326 million worth of cryptocurrency. The fact that Wormhole did not validate “guardian” accounts allowed hackers to mint tokens without the required collateral.
“Mass looting” came to the fore in August 2022, when an insecure smart contract setup in decentralized finance (DeFi) token bridge Nomad allowed users to withdraw an unlimited amount of funds.. Hundreds of wallets took advantage of this vulnerability and made off with over $190 million.
Mango Markets suffered a market manipulation exploit in October 2022, when a hacker bought and artificially inflated Mango (MNGO) tokens before taking out uncollateralized loans from the project treasury. In this attack, USD 116 million was stolen.
Re-entry attacks, in which attackers make use of a malicious smart contract that drains funds from a target with repeated withdrawal orders, totaled $81 million stolen last year.
The attacks on Oracle’s issuance led to the theft of funds worth USD 54 million. With this method, Hackers access an oracle service and manipulate its price feed data service to force a smart contract to fail or carry out flash lending attacks.
Phishing attacks alone amounted to $17 million worth of cryptocurrency stolen in 2022. This method was prevalent between 2017 and 2020, as attackers preyed on unwitting victims through social engineering methods to steal login credentials and keys private.
An oracle attack in February 2023 is the biggest hacking incident to date of the new year. Hackers managed to manipulate the price of the AllianceBlock token through an oracle hack, leading to an estimated $120 million theft of the protocol.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.