Coins: 12,868
Exchanges: 940
Market Cap: $2.089T 1.2%
24h Vol: $58.3B
Gas: 38 GWEI
Go Ad-free
Market Coverage
TABLE OF CONTENTS

Most Damaging Methods of Crypto Hacks and Exploits in 2022

4.8 | by Lim Yu Qian
 

47% of crypto funds were stolen by attackers using a diverse range of methods, in 2022

Cryptocurrency hacks and exploits caused $2.8 billion in losses last year, the highest since 2013. 

47% of these funds were stolen using a diverse range of hacking and exploitation methods. These include bypassing verification processes, market manipulation, ‘crowd looting’, taking advantage of smart contract errors or loopholes etc. 

This suggests that crypto hackers are exploring unconventional ways of stealing from projects and users, to get around improving defenses against the more traditional or standard exploitation methods like access control hacking and flash loan attacks.

Hackers relied on these diverse, unconventional methods for some of the biggest heists of 2022:

  • Wormhole Hack in February 2022 – Hackers pulled off the year’s second largest exploit on Wormhole, the main bridge connecting Solana to other blockchains. Wormhole failed to validate ‘guardian’ accounts, which allowed hackers to bypass verifications with a forged signature and mint $326 million worth of crypto, without needing the equivalent collateral.

  • Nomad Bridge Exploit in August 2022 – The third largest exploit of Nomad was caused by the first crypto ‘crowd looting’ event in August. An insecure configuration in Nomad’s smart contract allowed users to withdraw any amount of funds, without having to prove the transaction’s validity. Information spread after the original attack, and hundreds of users joined in by simply copying, in total looting $190 million.

  • Mango Markets Hack in October 2022Decentralized exchange Mango Markets was hacked in October. Avraham Eisenberg, who later admitted to being the hacker, used market manipulation to take advantage of the lack of liquidity. By purchasing and artificially inflating the price of the Mango (MNGO) tokens, the hacker managed to take out large under-collateralized loans from the Mango treasury, stealing $116 million.

The biggest heist of 2022 was caused by an access control hack

Sky Mavis’ Ronin bridge hack in March was by far the largest crypto exploit of the year in terms of losses, with the stolen $625 million single-handedly making up 58.3% of access control hacks in 2022. At the time, Ronin bridge was extremely popular among Axie Infinity players, who used it to transfer their assets between the Ronin chain and the Ethereum network.

The attackers, later determined to be the notorious North Korean hacking group Lazarus, gained access to five private keys. These were used to sign transactions from five of Ronin Network’s nine validator nodes, which allowed the attackers to drain 173,600 ether (ETH) and 25.5 million USD Coin (USDC) from the bridge.

In fact, 65% of funds stolen last year were from the top 5 bridge hacks. This comes amid bridges becoming more important, to connect between a rising number of blockchain networks. Malicious actors have therefore capitalized on the opportunity to target these bridges that investors use to move their funds across the crypto ecosystem.

Crypto hackers used flash loan attack, reentrancy, oracle issue and phishing methods the least

Flash loan attack was the third most popular method for crypto hackers, leading to $0.24 billion in stolen funds that accounted for 8.7% of the losses last year.

This was followed by reentrancy hacks and oracle issue hacks, which attackers used to steal $0.08 billion and $0.05 billion respectively in the same period. The two methods contributed to 2.9% and 1.9% of the year’s losses.

Phishing turned out to be the least favored by crypto hackers. As a standalone method, phishing caused just $0.02 billion in losses, or 0.6% of funds stolen.

Methodology

The study examined how much funds were lost as a result of each hack or exploit method in 2022, based on data from DeFiYield’s REKT Database. For the purpose of this study, the terms ‘hack’, ‘exploit’ and ‘attack’ were used interchangeably. 

Crypto Hacks and Exploits by Method, Ranked_table of data

 

If you use these insights, we would appreciate a link credit to this article on CoinGecko. A link credit allows us to keep supplying you with future data-led content that you may find useful.


 

What are the different methods that attackers use for crypto hacks and exploits?

Access Control: Attackers gain access to cryptocurrency wallets or accounts when a private key is compromised, or gain control over a computer network and its security systems.

Flash Loan Attack: Attackers borrow a large amount of funds, through loans that need to be repaid within the same transaction and require little to no collateral. By manipulating a cryptocurrency’s price on one exchange and reselling it on another, the attacker can then repay the loan and keep the profits.

Reentrancy: Attackers use a malicious smart contract that repeatedly calls the ‘withdraw’ function to drain the cryptocurrency funds from a targeted smart contract, before the latter can update its balance.

Oracle Issue: Attackers gain access to an oracle, which usually supplies price feeds to cryptocurrency protocol, and manipulates the prices provided. This can lead to a smart contract failure, or funds stolen through flash loan attacks.

Phishing: Attackers use social engineering to steal user data, such as login credentials or private key, typically using email to target founders of decentralized finance (DeFi) protocols or funds.

What are cryptocurrency hacks and exploits?

In the crypto industry, hacks and exploits refer to attacks that take advantage of vulnerabilities, flaws, or loopholes in any code or system, in order to steal cryptocurrency coins or tokens. The individuals or groups that carry out hacks and exploits are usually referred to as ‘hackers’. As a result of such actions, cryptocurrency holders and projects suffer losses in their funds, which may or may not be recoverable or returned. 

Methods of hacking and exploitation include taking access control, flash loan attacks, reentrancy attacks, oracle issues, phishing and more. 

 


Curious to know more about the state of crypto in 2022? Check out our comprehensive 2022 Annual Crypto Industry Report, that extensively covers everything from the crypto market landscape to analyzing Bitcoin and Ethereum, DeFi and NFT ecosystems, and more!

Tell us how much you like this article!
Vote count: 8
Lim Yu Qian
Lim Yu Qian

Yuqian is a cryptocurrency writer and marketer who specializes in mainstream cryptocurrency insights. She's especially fascinated by the philosophical and socioeconomic aspects of crypto and also goes by the name of Q. She holds a Bachelor of Social Sciences with Honors from the National University of Singapore. Follow the author on Twitter @solosbrqt

More Articles

coingecko
Continue in app
Track prices in real-time
Open App
Select Currency
Suggested Currencies
USD
US Dollar
IDR
Indonesian Rupiah
TWD
New Taiwan Dollar
EUR
Euro
KRW
South Korean Won
JPY
Japanese Yen
RUB
Russian Ruble
CNY
Chinese Yuan
Fiat Currencies
AED
United Arab Emirates Dirham
ARS
Argentine Peso
AUD
Australian Dollar
BDT
Bangladeshi Taka
BHD
Bahraini Dinar
BMD
Bermudian Dollar
BRL
Brazil Real
CAD
Canadian Dollar
CHF
Swiss Franc
CLP
Chilean Peso
CZK
Czech Koruna
DKK
Danish Krone
GBP
British Pound Sterling
GEL
Georgian Lari
HKD
Hong Kong Dollar
HUF
Hungarian Forint
ILS
Israeli New Shekel
INR
Indian Rupee
KWD
Kuwaiti Dinar
LKR
Sri Lankan Rupee
MMK
Burmese Kyat
MXN
Mexican Peso
MYR
Malaysian Ringgit
NGN
Nigerian Naira
NOK
Norwegian Krone
NZD
New Zealand Dollar
PHP
Philippine Peso
PKR
Pakistani Rupee
PLN
Polish Zloty
SAR
Saudi Riyal
SEK
Swedish Krona
SGD
Singapore Dollar
THB
Thai Baht
TRY
Turkish Lira
UAH
Ukrainian hryvnia
VEF
Venezuelan bolívar fuerte
VND
Vietnamese đồng
ZAR
South African Rand
XDR
IMF Special Drawing Rights
Cryptocurrencies
BTC
Bitcoin
ETH
Ether
LTC
Litecoin
BCH
Bitcoin Cash
BNB
Binance Coin
EOS
EOS
XRP
XRP
XLM
Lumens
LINK
Chainlink
DOT
Polkadot
YFI
Yearn.finance
Bitcoin Units
BITS
Bits
SATS
Satoshi
Commodities
XAG
Silver - Troy Ounce
XAU
Gold - Troy Ounce
Select Language
Popular Languages
EN
English
RU
Русский
DE
Deutsch
PL
język polski
ES
Español
VI
Tiếng việt
FR
Français
PT
Português
All Languages
AR
العربية
BG
български
CS
čeština
DA
dansk
EL
Ελληνικά
FI
suomen kieli
HE
עִבְרִית
HI
हिंदी
HR
hrvatski
HU
Magyar nyelv
ID
Bahasa Indonesia
IT
Italiano
JA
日本語
KO
한국어
LT
lietuvių kalba
NL
Nederlands
NO
norsk
RO
Limba română
SK
slovenský jazyk
SL
slovenski jezik
SV
Svenska
TH
ภาษาไทย
TR
Türkçe
UK
украї́нська мо́ва
ZH
简体中文
ZH-TW
繁體中文
Login to track your favorite coin easily 🚀
By continuing, you agree to CoinGecko Terms of Service and acknowledge you’ve read our Privacy Policy
or
Forgot your password?
Didn't receive confirmation instructions?
Resend confirmation instructions
IT'S FREE! Track your favorite coin easily with CoinGecko 🚀
By continuing, you agree to CoinGecko Terms of Service and acknowledge you’ve read our Privacy Policy
or
Password must contain at least 8 characters including 1 uppercase letter, 1 lowercase letter, 1 number, and 1 special character
Didn't receive confirmation instructions?
Resend confirmation instructions
Forgot your password?
You will receive an email with instructions on how to reset your password in a few minutes.
Resend confirmation instructions
You will receive an email with instructions for how to confirm your email address in a few minutes.
Get the CoinGecko app.
Scan this QR code to download the app now App QR Code Or check it out in the app stores