Online thieves have used a variety of strategies over the years to carry out their crimes. According to the REKT Database, access control, flash loans, exit scams, honeypots, and exploits are the most often used attack strategies. The top three DeFi hacks of 2022 are listed below:
Ronin Network: $620 million in losses
Axie Infinity's Ethereum-based sidechain, Ronin Network, was swindled out of roughly $620 million in ETH and USDC in March. In two transactions, the "used hacked private keys to forge fake withdrawals" from the Ronin bridge contract.
One user's failure to withdraw 5,000 ether on March 23 led to the discovery of the attack a week later. In total, the hacker made off with 173,600 ETH and 25.5 million USDC, valued at more than $620 million at the time.
The Ronin Network hack is considered the largest DeFi hack in history.
Wormhole Bridge: $320 million in losses
A hacker stole over $320 million in wrapped ETH from the Wormhole protocol on February 2. This protocol connects Solana, Ethereum, Avalanche, and other popular cross-chain crypto networks.
Users of Wormhole are required to stake Ethereum in order to mint wrapped ETH, a type of cryptocurrency whose value is tied to the price of Ethereum.
Wormhole's failure to validate "guardian" accounts, according to analytics firm Elliptic, is to responsible for the exploit. Allowing the attacker to mint 120,000 wETH without any underlying ethereum. The hacker then converted 93,750 wETH into ethereum and the remaining funds into solana. At the time, the loss had a total cost of nearly $320 million.
Nomad Bridge: $190 million in losses
Hackers stole around $190 million in cryptocurrency on August 2 from Nomad, a tool that enables users to switch tokens from one blockchain to another.
The attack began with an upgrade to Nomad's code. Each time a user made a transaction, a section of the smart contract was recorded as being in effect. This made it possible for bad actors to withdraw more fund than they had actually deposited. Hackers kept going until $190 million worth of cryptocurrency was removed from the bridge. Until it was too late, Nomad was unaware.
How to not get hacked
Without a doubt, blockchain bridges seem to be DeFi's weakest link. There are protocols and ways for people to keep safe.
“It is necessary to draft clear terms of reference when developing projects, cover the functionality of projects with tests as much as possible to avoid logical errors,” Alex Belets, founder of blockchain security firm Smart State, told ***..
"Use automatic vulnerability scanners, do not try to implement things for which there are libraries Perform audits and keep your private keys safe. Don't use third party applications like Profanity to generate private keys (Wintermute's hack reason)," he added.
