hackers exploited a software bug in music platform web3 audius to make off with $1.1 million on Saturday, but the funds are a drop in the bucket from nearly $2 billion of funds lost by hackers during the first half of 2022, according to blockchain security firm beosin.
The fiat value of hacked assets is on track to surpass the $3.2 billion lost in 2021, according to cryptosecurity firm chainalysis, even amid a drastic drop in cryptocurrency valuations. blockworks compiled some of the biggest crypto hacks of the year to see what went wrong and how the protocols fared after being hacked.
Reading: Ethereum hack 2022
- crypto.com, Jan 17, $35M
- In late January, a hacker managed to disable two-factor authentication on crypto exchange crypto.com and mine bitcoin and ether from customer accounts. CEO Kris Marszalek initially denied that customer funds had been lost before acknowledging the hack days later. the company said it is transitioning to “multi-factor authentication” in response to the exploit.
- A hacker manipulated a smart contract bug in the binance-based qubit finance qbridge to mint wrapped ether tokens without depositing funds. Lost assets forced the developers behind Qubit to cut the protocol’s staff and reclassify it as a decentralized autonomous organization (DAO).
- A hacker took advantage of smart contracts on the solana to ethereum bridge to mint and cash wrapped ether without posting collateral. jump crypto, the venture capital firm behind wormhole, replenished the stolen funds to keep solana-based platforms affected by the hack solvent. wormhole renamed its bridge portal and currently owns more than $480 million, according to crypto data firm defi llama.
- The crypto-focused retirement and pension platform was stolen when hackers accessed a “master key” that bypassed all customer account security measures. ira financial trust has since sued gemini, the cryptocurrency exchange where customer funds were stored, for alleged negligence that led to the hack.
- a chain of fake accounts used an “infinite mint glitch” to offer worthless collateral for the cashio cash stablecoin. the coin peg hit zero and has not recovered, according to coingecko data.
- The largest crypto hack ever measured in fiat dollars came after hackers gained control of most of the crypto keys that secure the cross-chain bridge of the play-to-win game. four of the nine keys were stolen when an axie developer clicked on a bogus job offer pdf, according to the block. The ronin bridge has since reopened with more validators, though the game is bleeding users.
- A hacker used a “flash loan”, where funds are borrowed and repaid in the same transaction, to accumulate enough assets to control the stablecoin’s governance protocol. The hacker approved a proposal to donate funds to Ukraine before leaving with the collateral. the developers paused the protocol while undergoing audits and raising funds, but plan to reopen the repositories in early August.
- A “reentry” bug in the loan protocol code allowed a hacker to obtain a loan and at the same time withdraw the collateral placed on the loan. FEI users approved a proposal to make investors complete through “the dao that pays bad debt on behalf of the hacker.” The FEI stablecoin remains pegged to the dollar, according to Coinecko.
- the north korea-linked lazarus group accessed two of the five security keys of the binance and ethereum bridge, approving transactions that divert assets from the bridge. harmony now requires four out of five validation keys to reach consensus on transactions and has not yet announced its plan to compensate users.
Get the top crypto news and information of the day delivered to your inbox every night. Sign up now for the free blockworks newsletter.