DeFi Exploits and Access Control Hacking to Cost Crypto Investors Billions in 2022: Report

by · February 13, 2023

DeFi Exploits and Access Control Hacking to Cost Crypto Investors Billions in 2022: Report

Cybercriminals used a variety of new ways to carry out hacks and exploits in 2022, with over $2.8 billion in cryptocurrency stolen last year.

According to a report by CoinGecko using data obtained from DeFiYield’s REKT database, nearly half of the total crypto stolen in 2022 was skinned using various methods. This includes bypassing verification processes, market manipulation, crowd looting as well as smart contract and bridge exploitation.

The biggest hack of 2022 was done through an access control hack. Sky Mavis, the developer behind the popular game Axie Infinity, saw his Ronin bridge hacked in March 2022, causing $625 million to be drained from the bridge between the Ronin chain and the Ethereum network.

It was later revealed that the North Korean hacker group Lazarus gained access to five private keys used to sign transactions from five Ronon Network validator nodes. This is how the hackers drained 173,600 ETH and 25.5 million USDC from the bridge.

According to CoinGecko, access control exploits are performed by attackers who have gained access to wallets or accounts through compromised private keys, networks or security systems. As Cointelegraph explored last year, cross-chain bridge hacks were prevalent in 2022 with 65% of funds stolen from this type of attack alone.

Related: January Crypto Exploitation Loss Shows Nearly 93% Year-over-Year Decline

The second largest exploit of 2022 took place in February 2022, when attackers bypassed verification with a forged signature on the Wormhole token bridge before minting $326 million worth of crypto. The wormhole’s failure to validate “guardian” accounts allowed hackers to create tokens without needing the necessary security.

See also  The Complicated Process of Crypto Inheritance

‘Crowd looting’ came to the fore in August 2022, when an insecure smart contract configuration on Decentralized Finance (DeFi) token bridge Nomad allowed users to withdraw an unlimited amount. Hundreds of wallets took advantage of the exploit, and saw over $190 million drained.

Mango Markets was exposed to a market manipulation exploit in October 2022, when a hacker purchased and artificially inflated Mango (MNGO) tokens before taking out loans with underarms from the project’s treasury. 116 million dollars were stolen in the flash loan attack.

Reentrancy attacks, where attackers use a malicious smart contract that siphons money from a target with repeated withdrawal orders, accounted for $81 million stolen last year.

Hacking of Oracle questions led to $54 million being stolen. This method sees hackers gain access to an oracle service and manipulate the price feed data service to enforce smart contract failure or perform flash loan attacks.

Phishing attacks alone accounted for $17 million in cryptocurrency stolen in 2022. This method was prevalent between 2017 and 2020, when attackers preyed on unsuspecting victims through social engineering methods to steal login credentials and private keys.

An oracle attack in February 2023 is the biggest hacking incident so far in the new year. Hackers managed to manipulate the price of the AllianceBlock token through an oracle hack, leading to an estimated $120 million being stolen from the protocol.

Related posts:

  1. Cryptomogul Sam Bankman-Fried on why he got involved in politics
  2. Crypto update: Bitcoin, Ether jumps down after a record-breaking route
  3. Crypto Lender Hodlnaut Halts Withdrawals – Company Citing Market Conditions, Despite Recent Crypto Rally – Bitcoin News
  4. Crypto analyst says Ethereum (ETH) is about to witness huge correction as Fed remains hawkish
See also  Crypto mining rigs coming back are good news for PC gamers ... wait, huh ?!

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

Headline Posts