{"id":532501,"date":"2022-12-30T03:00:00","date_gmt":"2022-12-30T00:00:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/the-10-largest-crypto-hacks-and-exploits-in-2022-saw-2-1b-stolen\/"},"modified":"2022-12-30T03:00:00","modified_gmt":"2022-12-30T00:00:00","slug":"the-10-largest-crypto-hacks-and-exploits-in-2022-saw-2-1b-stolen","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/the-10-largest-crypto-hacks-and-exploits-in-2022-saw-2-1b-stolen\/","title":{"rendered":"# The 10 largest crypto hacks and exploits in 2022 saw $2.1B stolen"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3a9a6673f80\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3a9a6673f80\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/the-10-largest-crypto-hacks-and-exploits-in-2022-saw-2-1b-stolen\/#%E2%80%9D_The_10_largest_crypto_hacks_and_exploits_in_2022_saw_21B_stolen_%E2%80%9C\" >&#8221; The 10 largest crypto hacks and exploits in 2022 saw $2.1B stolen &#8220;<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/the-10-largest-crypto-hacks-and-exploits-in-2022-saw-2-1b-stolen\/#10_Beanstalk_Farms_exploit_%E2%80%94_76M\" >10: Beanstalk Farms exploit \u2014 $76M<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/the-10-largest-crypto-hacks-and-exploits-in-2022-saw-2-1b-stolen\/#9_Qubit_Finance_bridge_exploit_%E2%80%94_80M\" >9: Qubit Finance bridge exploit \u2014 $80M<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/the-10-largest-crypto-hacks-and-exploits-in-2022-saw-2-1b-stolen\/#8_Rari_Fuse_exploit_%E2%80%94_793M\" >8: Rari Fuse exploit \u2014 $79.3M<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/the-10-largest-crypto-hacks-and-exploits-in-2022-saw-2-1b-stolen\/#7_Harmony_bridge_hack_%E2%80%94_100M\" >7: Harmony bridge hack \u2014 $100M<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/the-10-largest-crypto-hacks-and-exploits-in-2022-saw-2-1b-stolen\/#6_BNB_Chain_bridge_exploit_%E2%80%94_100M\" >6: BNB Chain bridge exploit \u2014 $100M<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/the-10-largest-crypto-hacks-and-exploits-in-2022-saw-2-1b-stolen\/#5_Wintermute_hack_%E2%80%94_160M\" >5: Wintermute hack \u2014 $160M<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/buradabiliyorum.com\/en\/the-10-largest-crypto-hacks-and-exploits-in-2022-saw-2-1b-stolen\/#4_Nomad_token_bridge_exploit_%E2%80%94_190M\" >4: Nomad token bridge exploit \u2014 190M<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/buradabiliyorum.com\/en\/the-10-largest-crypto-hacks-and-exploits-in-2022-saw-2-1b-stolen\/#3_Wormhole_bridge_exploit_%E2%80%94_321M\" >3: Wormhole bridge exploit \u2014 $321M<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/buradabiliyorum.com\/en\/the-10-largest-crypto-hacks-and-exploits-in-2022-saw-2-1b-stolen\/#2_FTX_wallet_hack_%E2%80%94_477_million\" >2: FTX wallet hack \u2014 $477 million<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/buradabiliyorum.com\/en\/the-10-largest-crypto-hacks-and-exploits-in-2022-saw-2-1b-stolen\/#1_Ronin_bridge_hack_%E2%80%94_612M\" >1: Ronin bridge hack \u2014 $612M<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_The_10_largest_crypto_hacks_and_exploits_in_2022_saw_21B_stolen_%E2%80%9C\"><\/span>&#8221; The 10 largest crypto hacks and exploits in 2022 saw $2.1B stolen &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMTIvN2Y3YWIzOTYtYjczZi00OGM1LTk3ZGQtYWZlZWZjYTZmOGYzLmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-02fa634a>It&#8217;s been a turbulent year for the cryptocurrency industry \u2014 market prices have taken a huge dip, crypto giants have collapsed and billions have been stolen in crypto exploits and hacks.<\/p>\n<p>It was not even halfway through October when Chainalysis declared 2022 to be the \u201cbiggest year ever for hacking activity.\u201d <\/p>\n<p>As of Dec. 29, the 10 largest exploits of 2022 have seen $2.1 billion stolen from crypto protocols. Below are those exploits and hacks, ranked from smallest to largest.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"10_Beanstalk_Farms_exploit_%E2%80%94_76M\"><\/span>10: Beanstalk Farms exploit \u2014 $76M<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Stablecoin protocol Beanstalk Farms suffered a $76 million exploit on April 18 from an attacker using a flash loan to buy governance tokens. This was used to pass two proposals that inserted malicious smart contracts.<\/p>\n<p>The exploit was initially thought to have cost around $182 million<strong> <\/strong>as Beanstalk was drained of all its collateral but in the end, the attacker only managed to get away with less than half that.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"9_Qubit_Finance_bridge_exploit_%E2%80%94_80M\"><\/span>9: Qubit Finance bridge exploit \u2014 $80M<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Qubit Finance, a decentralized finance (DeFi) protocol on BNB Smart Chain, had over $80 million worth of BNB (BNB) stolen on Jan. 28 in a bridge exploit.<\/p>\n<p>The attacker duped the protocol&#8217;s smart contract into believing they had deposited collateral that allowed them to mint an asset representing bridged Ether (ETH).<\/p>\n<p>They repeated this multiple times and borrowed multiple cryptocurrencies against the unbacked bridged ETH, draining the protocol\u2019s funds.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"8_Rari_Fuse_exploit_%E2%80%94_793M\"><\/span>8: Rari Fuse exploit \u2014 $79.3M<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Another DeFi protocol called Rari Capital was exploited on April 30 for the sum of roughly $79.3 million.<\/p>\n<p>The attacker exploited a reentrancy vulnerability in the protocol\u2019s Rar Fuse liquidity pool smart contracts, making them call a function to a malicious contract to drain the pools of all crypto.<\/p>\n<p>In September, Tribe DAO, which includes Rari Capital and other DeFi protocols, voted to reimburse affected users from the hack.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"7_Harmony_bridge_hack_%E2%80%94_100M\"><\/span>7: Harmony bridge hack \u2014 $100M<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>In yet another bridge hack, the Horizon Bridge that links Ethereum, Bitcoin (BTC), and BNB Chain to Harmony\u2019s layer-1 blockchain was drained of around $100 million in multiple cryptocurrencies.<\/p>\n<p>Blockchain forensics firm Elliptic pinned the hack on North Korean cybercriminal syndicate Lazarus Group, as the funds were laundered in a similar way to other known Lazarus attacks. <\/p>\n<p>Lazarus is understood to have targeted Harmony employee login credentials, breaching the platform\u2019s security system and gaining control of the protocol before deploying automated laundering programs to move their ill-gotten gains.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"6_BNB_Chain_bridge_exploit_%E2%80%94_100M\"><\/span>6: BNB Chain bridge exploit \u2014 $100M<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The BNB Chain was paused on Oct. 6 due to \u201cirregular activity\u201d on the network, which later was revealed as an exploit that drained around $100 million from\u00a0its cross-chain bridge, the BSC Token Hub.<\/p>\n<p>Initially, it was thought the attacker was able to take around $600 million due to a vulnerability that allowed the creation of roughly two million BNB, the chain\u2019s native token.<\/p>\n<p>Unfortunately for the attacker, they had roughly over $400 million worth of digital assets frozen on the blockchain and more was possibly stuck in cross-chain bridges on the BNB blockchain side.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"5_Wintermute_hack_%E2%80%94_160M\"><\/span>5: Wintermute hack \u2014 $160M<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>United Kingdom based crypto market-maker Wintermute suffered from a compromised hot wallet that saw <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>roximately $160 million across 70 tokens transferred out of the wallet.<\/p>\n<p>Analysis from blockchain cybersecurity firm CertiK claimed a vulnerable private key was attacked that was likely generated by Profanity \u2014 an app that allows users to generate vanity crypto addresses, that has a known exploit. <\/p>\n<p>According to CertiK, this allowed the attacker to use a function with the private key that allowed the hacker to change the platform\u2019s swap contract to the hacker\u2019s own.<\/p>\n<p>Conspiracy theories alleging the hack was an \u201cinside job\u201d due to how it was carried out were debunked by blockchain security firm BlockSec, who said the allegations were \u201cnot convincing enough.\u201d<\/p>\n<h3><span class=\"ez-toc-section\" id=\"4_Nomad_token_bridge_exploit_%E2%80%94_190M\"><\/span>4: Nomad token bridge exploit \u2014 190M<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>On Aug. 2, the Nomad token bridge, which allows users to swap cryptocurrencies across multiple blockchains, was drained by multiple attackers to the tune of $190 million.<\/p>\n<p>A smart contract vulnerability that failed to properly validate transaction inputs was the cause of the exploit.<\/p>\n<p>Multiple users, seemingly both malicious and benevolent, were able to copy the original attacker\u2019s moves to funnel funds to themselves. Around 88% of addresses taking part in the exploit were identified as \u201ccopycats\u201d in a report.<\/p>\n<p>Only around $32.6 million worth of funds were able to be intercepted and returned to the protocol by white hat hackers.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"3_Wormhole_bridge_exploit_%E2%80%94_321M\"><\/span>3: Wormhole bridge exploit \u2014 $321M<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The Wormhole token bridge\u00a0suffered an exploit on Feb. 2 that resulted in the loss of 120,000 Wrapped Ether (wETH) tokens worth $321 million.<\/p>\n<p>Wormhole allows users to send and receive crypto between multiple blockchains. An attacker found a vulnerability in the protocol\u2019s smart contract and was able to mint 120,000 wETH on Solana (SOL) unbacked by collateral and was then able to swap this for ETH.<\/p>\n<p>At the time it was marked as the largest exploit in 2022 and is the third-largest protocol loss overall for the year.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"2_FTX_wallet_hack_%E2%80%94_477_million\"><\/span>2: FTX wallet hack \u2014 $477 million<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>During the start of FTX\u2019s bankruptcy proceedings on Nov. 11 and 12, a <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/watch-movies-tv-seriess\/\" data-internallinksmanager029f6b8e52c=\"8\" title=\"Watch Movies &amp; TV Series\" target=\"_blank\" rel=\"noopener\">series<\/a> of unauthorized transactions took place at the exchange, with Elliptic suggesting that around $477 million worth of crypto was stolen.<\/p>\n<p>Sam Bankman-Fried said in a Nov. 16 interview\u00a0that he believed it was \u201ceither an ex-employee or somewhere someone installed malware on an ex-employee\u2019s computer\u201d and had narrowed the perpetrator down to eight people before he was shut out of the company\u2019s systems. <\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>7 biggest crypto collapses of 2022 the industry would like to forget<\/em><\/strong><\/p>\n<p>According to reports, on Dec. 27 the United States Department of Justice launched an investigation into the whereabouts of around $372 million of the missing crypto.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"1_Ronin_bridge_hack_%E2%80%94_612M\"><\/span>1: Ronin bridge hack \u2014 $612M<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The largest exploit to take place in 2022 happened on March 23, when the Ronin bridge was exploited for around $612 million\u00a0\u2014\u00a0173,600 ETH and 25.5 million USD Coin (USDC).<\/p>\n<p>Ronin is an Ethereum sidechain built for Axie Infinity, a play-to-earn nonfungible token (NFT) <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/game\/\" data-internallinksmanager029f6b8e52c=\"7\" title=\"Game\" target=\"_blank\" rel=\"noopener\">game<\/a>. Sky Mavis, Axie Infinity\u2019s developers, said the hackers gained access to private keys, compromised validator nodes and approved transactions that drained funds from the bridge.<\/p>\n<p>The U.S. Treasury Department updated its Specially Designated Nationals and Blocked Persons (SDN) list on April 14 to reflect the possibility that Lazarus Group was behind the bridge\u2019s exploit.<\/p>\n<p>The Ronin bridge hack is the largest cryptocurrency exploit to ever take place.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/the-10-largest-crypto-hacks-and-exploits-in-2022-saw-2-1b-stolen\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; The 10 largest crypto hacks and exploits in 2022 saw $2.1B stolen &#8220; It&#8217;s been a turbulent year for the cryptocurrency industry \u2014 market prices have taken a huge dip, crypto giants have collapsed and billions have been stolen in crypto exploits and hacks. It was not even halfway through October when Chainalysis declared&#8230;<\/p>\n","protected":false},"author":1,"featured_media":532502,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/cdn-cgi\/image\/format=auto,onerror=redirect,quality=90,width=1200\/https:\/\/s3.cointelegraph.com\/uploads\/2022-12\/7f7ab396-b73f-48c5-97dd-afeefca6f8f3.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,135234,74882,70944,71101],"class_list":["post-532501","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-ftx","tag-hacks","tag-hackers","tag-scams"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/532501","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=532501"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/532501\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/532502"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=532501"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=532501"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=532501"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}