Crypto exploits, diverse hacks, and billions of dollars stolen in 2022: Report

• In 2022, cyber criminals stole over $2.8 billion in cryptocurrency.
• The largest hacking incident of 2023 was February 2023’s Oracle attack.

As per a 13 February report by CoinGecko, in tandem with DeFiYield’s REKT database, exploiters used an array of methods to steal nearly half of the total cryptocurrency stolen in 2022. This included circumventing verification processes, manipulating the market, smart contracts, crowd looting, and bridge exploits.

The biggest hacks of 2022

An access control hack was used to carry out the biggest hack of 2022. Sky Mavis, the developer of the popular game Axie Infinity, had its Ronin bridge hacked in March 2022, resulting in the loss of $625 million from the bridge between the Ronin chain and the Ethereum [ETH] network.

Later, it was revealed that North Korean hacking group Lazarus obtained access to five private keys used to sign transactions from five Ronon Network validator nodes. Lazarus used this method to steal 173,600 ETH and 25.5 million USD Coin [USDC] from the bridge.

The second largest exploit of 2022 occurred in February when attackers used a forged signature to bypass verification on the Wormhole token bridge before minting $326 million in cryptocurrency. As Wormhole failed to validate guardian accounts, hackers could mint tokens without the required collateral.

Crowd looting became a news highlight when an insecure smart contract configuration on the decentralized finance token bridge Nomad allowed users to withdraw an unlimited amount of funds in August. More than $190 million were drained during the process.

In October 2022, a market manipulation exploit in which a hacker purchased and artificially inflated its tokens before taking out under-collateralized loans from the project’s treasury. The flash loan attack resulted in the theft of $116 million.

Oracle issue hacks resulted in the theft of $54 million in funds. Hackers used this method to gain access to an Oracle service and manipulate its price feed data service. This would force smart contract failure or conduct flash loan attacks.

Phishing attacks behind $17 million theft

In 2022, phishing attacks alone stole $17 million in cryptocurrency. Between 2017 and 2020, attackers used this method to steal login credentials and private keys from unwitting victims.

The largest hacking incident of the current year is an Oracle attack that took place in February 2023. Through an Oracle hack, hackers could manipulate the price of the Alliance Block token. In doing so, they stole $120 million from the protocol.