Cryptocurrency hacks and exploits caused $3 billion in losses last year, the most since 2013. 47% of these funds were stolen using a wide range of cybercrime and exploitation methods. This includes circumventing verification processes, market manipulation, ‘mass looting’, exploiting bugs or loopholes in smart contracts.
This suggests that computer cybercriminals are exploiting unconventional ways to achieve circumvention of improved defenses against more traditional or standard methods of exploitation, such as access control circumvention and instant loan attacks.
Cybercriminals relied on these various and unconventional methods for some of the biggest thefts of 2022:
Wormhole Hack February 2022: Hackers carried out the second biggest exploit of the year in Wormhole, the main bridge connecting Solana to other blockchains. Wormhole could not validate accounts’tutors‘, allowing criminals to bypass checks with a forged signature and mint $326 million worth of cryptocurrency, without needing the equivalent collateral.
August 2022 Nomad Bridge Exploit: Nomad’s third major exploit was caused by the first crypto event of “mass looting” in August. An insecure configuration in the Nomad smart contract allowed users to withdraw any amount of money, without the need to prove the validity of the transaction. Word spread after the original attack, and hundreds of users joined simply by copyingfor a total loot of 190 million dollars.
Mango Markets Hack October 2022– Mango Markets decentralized exchange was hacked in October. Avraham Eisenberg, who later admitted to being the hacker, used market manipulation to take advantage of the lack of liquidity. By buying and artificially inflating the price of Mango (MNGO) tokens, the hacker was able to obtain large unsecured loans from Mango’s treasury, stealing $116 million.
The biggest theft of 2022 was caused by an access control hack
The Sky Mavis Ronin Bridge Invasion in March was by far the biggest crypto exploit of the year in terms of losses, with the $625 million stolen alone accounting for 58% of access control attacks in 2022.. At the time, Ronin’s bridge was extremely popular with Axie Infinity players, who used it to transfer his assets between the Ronin chain and the Ethereum network.
The attackers, later identified as the notorious North Korean hacker group Lazarus, gained access to five private keys. They were used to sign transactions from five of the Ronin Network’s nine validation nodes, allowing attackers to drain 173,600 ether (ETH) and 25 million USD Coin (USDC) of the bridge.
In fact, 65% of funds stolen last year came from the top 5 bridge hacks. This comes amidst bridges becoming more important to connect a growing number of blockchain networks. Therefore, the malicious actors seized the opportunity to target these bridges that investors use to move their funds in the crypto ecosystem.
The flash loan attack was the third most popular method for cryptocurrency hackers, leading to $240 million in stolen funds that accounted for 8% of losses last year.
Disclaimer: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
It may interest you:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.