Exploit Explosion Rocked Crypto in 2022
Bridging Protocols Hardest Hit in Year That Exposed Key Vulnerability
By: Owen Fernau •DeFi 2022
If losing two-thirds of its value wasn’t enough, the cryptocurrency market’s vulnerability to hacks and exploits certainly delivered an annus horribilis for users and investors.
Bad actors exploited cryptocurrency platforms to the tune of $3.2B in 2022, according to DeFiLlama. The staggering sum not only exposed the weakness of security in numerous protocols, it also further undermined confidence that decentralized finance projects are fit for purpose.
The crime wave started with a $320M hack of Wormhole, an interoperability protocol, in February. Less than two months later, the biggest hack in crypto history struck — the $615M heist of assets on the bridge for Axie Infinity, a play-to-earn GameFi darling of 2021.
In August, the U.S. Office of Foreign Assets Control traced the Axie exploit to Lazarus Group, a state-sponsored North Korean ring sanctioned by Washington in 2019. Elliptic, the blockchain intelligence firm, also linked Lazrus to the $100M hack of the bridge of the Harmony blockchain. (The Lazarus hacks helped drive the U.S. government to sanction Tornado Cash, the crypto mixer, because its code was allegedly used to handle the illicit proceeds).
Record $760M Stolen in Exploits During 'Hacktober'
Bad Month for DeFi Security Highlights Pitfalls of Freewheeling PracticesThe Defiant
Harmony was one of several bridges victimized by exploits. They are complex pieces of software that allow tokens to move across blockchains. Hackers loved attacking bridges in 2022 because the technology is both complex — bridges often need to store the native assets of previously unconnected blockchains — and novel bridges are a new attack point and haven’t endured the stress tests of more mature technologies.
And of course, hacking bridges was lucrative — rounding out the high profile hacks was the $560M exploit of Binance’s BNB Chain, in October, the third biggest attack in history.
The mysterious heist in November of the now-bankrupt FTX, which DeFiLlama pegged at $450M rounded out the top four hacks of the year.
The series of hacks underscored the strange contrast of crypto’s free-wheeling culture and the seriousness required to write bug-free code. On the one hand, crypto is supposed to be the land of the rebellious, where charismatic founders make billions out of thin air thanks to their ability to innovate at the breakneck pace of global competition on the internet.
On the other hand, the code which dictates the flow of capital throughout blockchain systems requires an almost mind-numbing attention-to-detail because of the amount of money at stake.
“All smart contract code should be considered as mission critical, but oftentimes we don’t see it that way,” Stephen Tong, an established security researcher, told The Defiant this year. “We should be seeing smart contracts the same way that we see code that goes onto planes, cars and space shuttles.”
Crypto has yet to, and may never, synthesize its fast and loose culture with the meticulous approach necessitated by the value secured (or not) by its blockchains.
With prices down over 75% and over across the board however, those concerned about the state of crypto security can at least rest assured that the depressed values will attract fewer would-be hackers to the space in 2023.