This year, many DeFi projects have been hacked and suffered from exploits. According to Chainalisys, in terms of assets lost, 2022 became “the biggest year ever” for the crypto space. A substantial amount of money was stolen in the last two months, adding to the year’s vast losses of about $3 billion.
Cross-bridge attacks, decentralised application hacks, rug pulls, and more occurred this year. For many in the business, the lack of security has made an already challenging bear market much more difficult. Major DeFi exploits may be discovered on Apostro’s hacks website, and this article will go through the three biggest DeFi exploits of this year.
Wormhole exploit
The first bridge to be exploited in 2022 was Wormhole, resulting in a loss of around $325 million in assets in February 2022. Bridges allow users to lock tokens on one chain and mint their equivalents on another, which raises security problems as separate chains utilise different code bases and security standards. With Wormhole, hackers exploited the Solana side of the bridge and falsified security signatures to generate 120,000 wETH, worth about $325 million, out of thin air. The hacker swapped the tokens to actual ETH on the Ethereum network after minting them, thus emptying Wormhole’s vaults.
Due to the exploit, all bridge operations were halted, and the community was concerned about the bridge’s capacity to recover and continue operations. To everyone’s amazement, Jump Crypto, the trading and venture capital business that invested in Wormhole, supplied the stolen 120,000 ETH with its own assets a few days after the theft in order to reopen and sustain bridge operations.
Ronin Exploit
In March, hackers stole $552 million in Ethereum and USDC from Ronin, an Axie Infinity sidechain. The interesting element of this exploit is that it was discovered and made public by one of the developers only a week later – by that time, the assets’ value had climbed to $622 million.
The assault was simple: hackers used social engineering to get backdoor access to signing keys and fraudulent transactions to steal assets from Ronin. Hackers attempted to benefit from the attack by shorting the market, but they were liquidated since the news arrived too late.
Binance Smart Chain exploit
Hackers attacked BSC Token Hub, one of the most prominent crypto bridges, on October 6. They exploited the bridge’s security and stole around $566 million in BNB.
Hackers tricked smart contracts into creating tokens out of thin air by using forged withdrawal proofs. Customers on the Binance and BSC chains, however, did not lose money since tokens were generated rather than withdrawn from liquidity pools.
Despite the large amount of tokens stolen, the hackers had trouble cashing them out. Following the attack, Binance CEO Changpeng “CZ” Zhao claimed that BSC chain validators froze the network and halted token transfers. While validators prevented roughly 80-90% of token transfers to hackers, they were still able to move approximately $100 million to other chains.