DeFi users lost $10.5 billion to theft in 2021. In this article, we will take about "what is Defi hack" and the top 5 Defi hacks of 2022.
What is Defi hack?
According to blockchain security firm PeckShield, hackers have pilfered more than $2.32 billion in over 135 exploits, from the DeFi industry so far this year. The figure is 50% higher than what was stolen from the entire sector for 2021.
Over the years, online thieves have employed a variety of strategies to carry out their work. The most used methods of attack include honeypot, exit scam, exploit, access control, and flash loan says the REKT Database.
Top 5 Defi hacks in 2022
1. Ronin Network: Loss – $620 million
In March, the Ethereum-based sidechain for the crypto game Axie Infinity, Ronin Network was swindled for over $620 million in ETH and USDC. The attacker “used hacked private keys to forge fake withdrawals” from the Ronin bridge agreement in two transactions.
The exploit, which occurred on March 23, was only discovered a week later when one user failed to withdraw 5,000 ether. In total, the hacker made off with 173,600 ETH and 25.5 million USDC, valued at more than $620 million at the time.
2. Wormhole Bridge: Loss – $320 million
On Feb. 2, an attacker siphoned over $320 million in wrapped ETH out of the Wormhole protocol, a famous cross-chain crypto bridge between Solana, Ethereum, Avalanche, and others.
Wormhole users are required to stake Ethereum to mint wrapped ETH, a type of crypto that is pegged to the price of Ethereum.
Analytics firm Elliptic blamed the exploit on Wormhole's failure to validate “guardian” accounts. They were allowing the attacker to mint 120,000 wETH with no Ethereum backing it. The hacker then exchanged 93,750 wETH for Ethereum and exchanged the remainder for Solana. The total value of the loss was over $320 million at the time.
3. Nomad Bridge: Loss – $190 million
On Aug. 2, hackers drained about $190 million in cryptocurrency from Nomad, a tool that lets users swap tokens from one blockchain to another.
The attack began with an upgrade to Nomad's code. A section of the smart contract was marked as valid each time users made a transaction. This allowed bad actors to withdraw more assets than were deposited on the platform. Hackers repeated the process until $190 million in crypto was moved out of the bridge. Nomad never found out until it was too late.
4. Beanstalk Farms: Loss $182 million
In April, an attacker drained $182 million of crypto from Beanstalk Farms, a DeFi protocol aimed at balancing the supply and demand of different crypto assets.
PeckShield said the attacker exploited Beanstalk's majority vote governance system and voted to send themselves $182 million. The attacker used a flash loan to obtain a controlling stake in the protocol, but their actual profit was only in the region of $80 million, said the firm.
5. Wintermute: Loss $160 million
Wintermute is the latest DeFi protocol to fall victim to hackers, who made off with $160 million from the platform's decentralized finance section. CEO, Evgeny Gaevoy said the hack was linked to a critical bug in the Ethereum vanity address-generating tool Profanity.
He said Wintermute used the tool to generate a unique address in order to cut transaction costs, never for “vanity.” The human error seems to be behind this particular attack.
They are the top 5 Defi hacks of 2022, and I hope now you know “What is Defi hack?”.
