The world of crypto has always been fraught with risk due to a lack of regulation and adherence to decentralization. Hacks and scams run rampant in the ecosystem, creating an entire industry of on-chain sleuths dedicated to tracking down lost funds and coders who take advantage of flaws in protocols.
In 2022, exploits focused on decentralized finance, with some 97% of the $1.3 billion stolen in the first three months of the year coming from DeFi platforms. By the end of the year, cybercriminals had hacked over $3 billion from crypto, with $718 million stolen from decentralized finance protocols in October alone—the worst month on record.
One of the top targets was cross-chain bridges, or software that allows funds to be moved across different blockchains.
Here are some of the biggest hacks of 2022:
Ronin Network: $625 million
The Andreessen Horowitz-backed Axie Infinity was one of the early crypto successes of the year—a “play-to-earn" game where users earned NFTs and tokens. The model drew criticism for its exploitative design, with many of the players located in countries like Vietnam and the Philippines, where Axie Infinity became their full-time jobs.
That was not the end of Axie’s woes, however. Its developers built the game’s economy on the Ethereum blockchain, which was not suited for its microtransactions. They built a new sidechain forked from Ethereum, called Ronin, which would be more efficient. In March, the bridge between Ronin and Ethereum was hacked for over $620 million, which the team didn’t notice until a user reported they were unable to withdraw funds.
The game has yet to recover, and the “play-to-earn" model still has a dubious reputation.
Wormhole Bridge: $325 million
Wormhole is another cross-chain bridge, allowing users to transfer funds between, say, Ethereum and Solana. In February, hackers stole over $320 million in wETH, or wrapped Ether, which allows Ether to be exchanged for other tokens and used on other blockchains.
The hack is one of the largest from a DeFi protocol and highlighted the dangers of operating in the space, with the cybercriminals taking advantage of a security flaw on Wormhole. The team offered a $10 million bounty for returning the funds, which was but a fraction of what the hackers made off with.
Nomad Bridge: $190 million
While a similar protocol, the Nomad Bridge attack in August deviated from Wormhole because it was not carried out by a certain group, and instead hundreds of individuals.
Nomad described itself as a “security-first” cross-chain protocol, with backers including Polychain Capital and Coinbase Ventures. After users discovered a software bug that allowed people to withdraw more funds than they had deposited, other exploiters rushed in. Although hackers ended up returning about $9 million, that still represented less than 5% of the total loss.
Beanstalk Farms: $182 million
Beanstalk is a DeFi protocol that offers an algorithmic stablecoin, or crypto token that aims to maintain a peg—in this case, $1. The project works by incentivizing users to contribute funds to a central pool, which balances the token.
An attacker took advantage of the vote governance system to drain around $182 million in April, using a “flash loan” where users can borrow large amounts of money for a short period of time—a popular exploit used by cybercriminals.
Honorable mention—Mango Markets: $114 million
Although there were bigger hacks in 2022, including the crypto market maker Wintermute for $162 million in September, the exploit of the Solana trading platform Mango Markets was notable for the brazenness of the attacker. A developer named Avraham Eisenberg revealed himself as the hacker on Twitter, infamously writing, “I was involved with a team that operated a highly profitable trading strategy last week.”
He ended up returning much of the stolen funds, although kept a handsome windfall of $47 million. The action set off a debate in crypto, with many arguing that his exploits were legitimate on the DeFi principle that “code is law.”
As Eisenberg wrote on Twitter, “I believe all our actions were legal open market actions, using the protocol as designed.” He did express regret that the exchange became insolvent as a result.