Top 12 Crypto Security Attacks in 2024
Crypto hacks are unauthorized access or manipulation of cryptocurrency systems, leading to theft or disruption of digital assets. Explore attack methods, and their...
Crypto hacks are unauthorized access or manipulation of cryptocurrency systems, leading to theft or disruption of digital assets. Explore attack methods, and their...
Getting your Trinity Audio player ready...
|
If you have been a part of the burgeoning crypto and blockchain spaces in recent years, there’s a good chance you have come across several of the infamous crypto hacks we have witnessed since the inception of Bitcoin in 2009. The past year was the biggest year for crypto hacks in the history of the industry, with an estimated $3.8 billion stolen from crypto businesses.
To stay safe from cybersecurity threats to your assets, it’s important to know about some of the biggest crypto hacks in history, so as to learn from them. In this post, we highlight the largest crypto hacks and discuss them in detail. But before that, let’s start at the basics.
To understand crypto hacks, we need to first learn about crypto. Cryptos are digital or virtual tokens, and they are an application of a distributed ledger technology called the blockchain. Cryptos are decentralized, meaning they are not subject to any control by a third party or any higher institution.
After the advent of Bitcoin in 2009, numerous other cryptos were created through web3 projects built on different blockchains. Such cryptos and digital assets generated demand and started to be traded on crypto exchanges and other platforms. As the popularity of this asset class grew, inevitably, what came next was treachery and scams in the industry.
Hackers started targeting web3 projects to steal crypto through nasty yet innovative means. These attacks are called crypto hacks. In some cases, exchanges have been hacked, and investors have lost their funds. There have also been instances of individuals losing their private keys to their holdings in a web3 project due to crypto hacks.
Crypto hackers can work in numerous ways:
Blog Highlights
1. Introduction to Crypto Hacks: Overview of the growing frequency and severity of crypto hacks, highlighting 2022 as the worst year with $3.8 billion stolen.
2. Types of Crypto Hacks: Explanation of common crypto hack methods, including phishing, reentrancy attacks, rug pulls, and flash loans.
3. Key Categories of Crypto Hacks: Bridge Attacks, Wallet Hacks, Exchange Hacks
4. Notable Crypto Hacks: Detailed cases of major crypto hacks like Ronin Network, Wormhole Bridge, and FTX, highlighting the methods and impacts of each attack.
5. Lessons and Responses: Emphasis on the industry's response to hacks, including improved security protocols and regulatory measures aimed at reducing future risks.
6. Conclusion: Reflection on the resilience and growth of the blockchain industry despite setbacks, and the ongoing efforts to enhance security and privacy in the web3 space
The three main categories of crypto hacks are the following:
Programs known as cross-chain bridges enable the transfer of cryptos across at least two different blockchains. Because various DApps (decentralized apps) could require users to engage with several blockchains, the goal of a token bridge is to enable the transfer of assets from one blockchain to another. There are usually many cryptos in these protocols since users must lock their original tokens on a bridge to mint wrapped tokens on another chain.
Hackers who manage to breach a bridge may easily steal these tokens. Such crypto hacks are called bridge attacks. If a hacker has extensive experience in blockchain, they can potentially find loopholes in a bridge’s smart contract and initiate crypto hacks.
Some of the largest crypto hacks have occurred through crypto wallets. Crypto hackers target stealing the private keys of such wallets through malware and phishing attacks.
How do wallet crypto hacks take place? Your crypto wallets can be compromised, or fake crypto wallets can be used to lure in unsuspecting users.
🤔Wondering How to keep your crypto wallets safe? Refer this blog and learn How to Secure Crypto Wallets?
By enabling people to purchase, trade, and store digital assets in an easy manner, crypto exchanges have become one of the fundamental requirements in the DeFi space. This is exactly why they have also fallen victim to some of the biggest crypto hacks in history.
Data suggests that over $3 billion was stolen from crypto exchanges in 2022, which makes it even more important for such firms to prevent crypto hacks by adopting the best security protocols. Due to such hacks, many crypto exchanges have also been forced to shut down.
Now we get to our ultimate goal for this post: to discuss some of the biggest crypto hacks.
The platform supporting the popular game Axie Infinity, Ronin Network, witnessed over $600 million being stolen from it in 2022. What happened during the crisis?
Several users saw their deposits erode in value after Ronin was hacked. The business reported that the hackers were able to compromise five validator nodes, which is also the minimum number needed to authorize a transaction, by gaining access to their private keys. The discovery was made a week later after the hack on March 23, 2022, when the hackers used the proceeds of the theft to short Axie Infinity (AXS) and Ronin (RON).
The hackers withdrew an overall amount of approximately 25.5 million USDC and 173,600 ETH. A year earlier, AXIE DAO had given access to the developer group Sky Mavis to sign off on transactions on their behalf to control the rising volume of users. But as it turned out, the access was never removed, which could have enabled the hackers to gain back door access.
In February of 2022, the token bridge Wormhole was attacked by a hacker, who stole 120,000 Wrapped Ether (wETH) tokens worth over $320 million from the platform. The stolen tokens were then distributed amongst the Solana and Ethereum wallets of the hacker. It was one of the biggest crypto hacks in history that involved a bridge attack.
Initially, Wormhole had announced its Twitter page about its network being down due to maintenance, but they later confirmed the crypto hack on its platform. Wormhole even proceeded to offer the hacker a bounty of $10 million from the stolen tokens if it was returned.
93,750 of wETH were exchanged for ETH by the hackers, which were used to buy different crypto tokens further, while the rest were kept in their Solana wallets unused. The attack highlighted the vulnerabilities of cross-chain bridges like Wormhole, which brought together Solana and Ethereum.
The Nomad Bridge hack was another one of the major crypto hacks in 2022. The incident witnessed over $190 million of crypto being stolen from Nomad bridge’s funds. Over a long series of transactions, hackers drained crypto worth millions of dollars. A cross-chain bridge enabling the transfer of tokens and data between blockchains, Nomad Bridge, had just raised funding from investors a few days before the attack.
Experts stated that the Nomad Bridge hack became possible due to an update to one of the smart contracts of Nomad Bridge just before the attack. It enabled users to spoof transactions, which led to withdrawals of money from the bridge which didn’t belong to the users. The attackers allegedly used the loophole to copy and paste transactions and almost emptied the bridge. Some white hat hackers eventually returned around $30 million when requested by Nomad Bridge.
The Beanstalk Farm case was an example of a crypto hack caused by a flash loan attack. It occurred in 2022 when the stablecoin protocol saw over $180 million worth of collateral being stolen. The attack was likely due to two suspicious governance proposals and a flash loan attack which caused the hack.
The governance proposals which the hacker issued were regarding a donation to be given to Ukraine. But, the proposals had an attached malicious rider, which caused the theft of the funds. The attacker withdrew flash loans in the form of several stablecoins from the Aave protocol and used the proceeds to get hold of a majority (67%) of the protocol’s governance power. It used the same to approve its own governance proposals.
The attacker exchanged the BEAN tokens for Ethereum and sent some USDC to the Ukraine Crypto Donation Wallet. The crisis highlighted a major drawback of the lack of strong security measures in decentralized governance protocols.
An algorithmic crypto market maker, Wintermute had lost over $160 million when its DeFi operations faced an attack in 2022. The hackers attacked one of their hot wallets in what was claimed as one of the largest crypto hacks. The attackers directly targeted the private keys of the users of Wintermute.
Wintermute used the services of a vanity wallet address generator, Profanity. The program enables the creation of customized wallet addresses, which in some cases, may be easy to guess with enough computing power. Profanity may thus have been the root cause behind this crypto hack.
Once Profanity’s drawback came to the limelight, Wintermute went for blacklisting their Profanity accounts, to stave off liquidation. However, one of their ten accounts was not blacklisted due to an error on the part of the management, which led to one of the biggest crypto hacks of 2022.
The FTX crisis may have been one of the largest crypto hacks of all time. FTX was a major crypto exchange that collapsed in November 2022. A series of events took place during the crisis. Initial reports suggested the exchange held significant reserves in the form of its native token, FTT.
It led to panic in the markets, and major firms and investors started selling their positions in the token, which led to a liquidity crisis. Efforts to save the exchange failed, and it declared bankruptcy. But, the crisis did not end there. After filing for bankruptcy, FTX was reported to be a victim of one of the largest crypto hacks. It was suspected that over $400 million was stolen from the crypto exchange in the hack.
Several experts in the industry cited the FTX crisis as the reason why more transparency is required from blockchain firms, so as to prevent such crypto hacks in the future.
The crypto hack on the Binance Smart Chain blockchain network was surprising, considering Binance is the biggest crypto exchange in the world. It led to over $100 million being lost to the hackers. Binance suspended transactions once the hack was detected. Users’ funds on the crypto exchange weren’t affected by the crypto hack, fortunately.
Binance had 26 active validators on the BNB Smart Chain at the time of the hack, but the exchange expected it to increase the number in the future. The crypto hack was a bridge attack on the BSC Token Hub- its cross-chain bridge. The hacker managed to send out BNB tokens in the first tranche by tricking the Binance Bridge successfully. In the second attempt, it sent out another batch of BNB tokens to an address it controlled.
The attack on the Binance Smart Chain network in 2022 was one of the many crypto hacks attempted on cross-chain bridges in 2022.
The Japanese crypto exchange Coincheck faced one of the largest crypto hacks when millions worth of NEM crypto were stolen from the firm. In the beginning, the crypto firm had stopped all deposits of NEM on the exchange. Eventually, it declared the theft, calling it one of the biggest crypto hacks at that time.
What happened that led to the crypto hack? It was believed that the crypto exchange had stored its funds in a hot wallet rather than transferring them to a multisig wallet. While other tokens were stored in multisig wallets, the NEM tokens were not. Ultimately, the hackers gained access to the private keys of the hot wallet where the NEM tokens were stored. Unfortunately, the funds belonged to the users of Coincheck.
The crypto hack evoked strong reactions from Japanese regulators. The web3 community alleged that the crisis emerged due to the governance issues of the exchange.
BitMart faced a crypto hack when almost $200 million worth of crypto was compromised by hackers in 2022. Hackers had access to the private keys of one of the exchange’s hot wallets, which led to the crypto theft. The most affected token was Safemoon, built on the Binance Smart Chain network. The token had then been endorsed by several celebrities, which led to an increase in its popularity.
Though the exchange had confirmed that it would refund its users who had lost deposits, it remains unclear if the same was honored. BitMart’s crypto hack was a sign of the rising crypto hacks aimed at exchanges, a majority of which used hot wallets connected to the internet. Safemoon also took a major hit after the crisis and declined by a large margin, affecting its token holders negatively.
Poly Network faced one of the largest crypto hacks in 2022, as hackers stole around $600 million worth of assets of the multi-chain interoperability protocol. The addresses belonging to the hackers were spread across three blockchains: Polygon, Binance Smart Chain, and Ethereum. Immediately after the hack, the cross-chain function O3 Swap was suspended.
The crypto hack likely occurred due to the access rights of two smart contracts of Poly Network being mismanaged. Poly Network immediately requested other blockchain firms to blacklist the funds stolen by the hacker, while the stablecoin Tether announced it had successfully frozen the stolen Tether.
In a surprising turn of events, the hacker returned more than $600 million worth of the stolen funds. Poly Network acknowledged the same and even offered a job position to the hacker. While the humorous twist in the story did offer some respite, the vulnerabilities in Poly Network were acknowledged by the web3 space.
The Qubit crypto hack saw hackers setting off with more than 200,000 Binance Coins from Qubit’s Qbridge protocol. The attackers targeted the decentralized finance protocol built on the Binance Smart Chain and stole over $80 million worth of tokens. The Qbridge protocol could be supplied by users with their crypto deposits, which were used as collateral to raise loans. A fixed fee was charged for the same.
A large amount of xETH collateral was created, which was then used to empty an entire lot of Binance Coins on Qbridge. The hacker also illegally minted more than 77,000 qXETH, an asset representing ETH which is bridged with Qubit. They then fooled the Qbridge protocol into believing that they had deposited the funds. Eventually, the hacker converted all assets into Binance Coins.
The Qubit fiasco is considered one of the largest crypto hacks in the decentralized finance space. It contributed to an increasing number of protocol exploits in the blockchain industry.
The Harmony bridge crypto hack occurred in June 2022, calling attention to the urgent robust security measures needed for cross-chain platforms.
The Harmony layer-1 blockchain’s Horizon Bridge had fallen victim to a crypto hack when hackers swapped $100 million worth of altcoins for ETH. The attacker exchanged the altcoins for Ether in the Uniswap exchange and further sent it back to an unknown wallet.
Acting as a cross-chain bridge between Harmony and Ethereum, Binance Chain, and Bitcoin, the Horizon Bridge used to require at least two of the five nodes responsible for their multisig wallets to sign a transaction. The attackers managed to compromise two of these five keys, initiating transactions for the hack on their own.
The evolution of the web3 space has witnessed some big crypto hacks, as we saw in this post. While it led to setbacks for many, the blockchain industry has also taken some key lessons from these crypto hacks, and grown to include various security and privacy protocols to ensure the highest safety standards. Regulatory authorities worldwide are also positively moving towards regulating the industry, which is expected to reduce the scope of such crypto hacks to a large extent.
If you’re a web3 proponent, we hope you got some key takeaways from the largest crypto hacks we listed in this post.
While crypto firms have been susceptible to hacks in the past, the most common crypto hacks have included wallet hacks, exchange hacks, and bridge attacks. Crypto hackers who are experts in the domain try to target such crypto platforms and steal funds. Many experts in the blockchain space have regularly urged users to be extremely alert while depositing their firms with any web3 firm.
Blockchain platforms like Ronin Bridge, FTX, Coincheck, and others were targeted in the past by crypto hackers.
The rise of crypto has brought with it a new set of hacking risks. There are various ways that hackers can try to recover crypto. One common method is phishing. Phishing involves hackers sending you fake emails or messages that look like they’re from legitimate sources. They might try to trick you into clicking on a link that will give them access to your crypto wallet.
Another method is malware. Malware is a type of harmful software that can infect your devices and give hackers access to your crypto wallet. Once they have access, they can steal your crypto. The best way to protect yourself from crypto hacks is to be vigilant and trust the most secure web3 platforms.
There are multiple ways a crypto hack may be carried out, such as:
Disclaimers: Opinions expressed in this publication are those of the author(s). They do not necessarily purport to reflect the opinions or views of Shardeum Foundation.
About the Author: Anuska is an independent freelance writer freshly exploring web3 and blockchain space. Her articles blend personal exploration with established editorial methods, and she’d love to hear your thoughts in the comments!
Smart Contracts | Physical Layer in OSI Mode | Defi Hacks | What is a DDoS Attack | EVM Wallet | Blockchain Scalability | Proof Of Stake | EVM Wallet Metamask | Web3 Programming Language | What is Foundry | EVM vs Non-EVM | Ordinals NFT | Features Of Blockchain | NFT Discord | P2P Crypto Exchange