Digital asset heists: 2022 set to be biggest year for crypto hacks

While crypto entered a bear market over the course of 2022, digital currencies continue to remain money-making machines for hackers, with investors losing over $3 billion across 125 hacks this year so far.

October alone has become the worst-ever month for crypto-related crimes, with over $718 million in total losses. Data pointed out by Chainalysis last week noted the amount stolen from several decentralised finance (DeFi) protocols across 11 different attacks.

The blockchain analytics firm said that 2022 will "likely surpass 2021 as the biggest year for hacking on record."

“Despite the current bear market, we’re seeing a lot of activity among hackers, who are targeting various protocols,” said Jasper Lee, an audit tech lead at crypto auditing firm Sooho.io.

“For those protocols or dapps [decentralised apps] which have not been thoroughly audited, they make for easy and reliable short-term profit. Poorly protected protocols are low-hanging fruit for hackers,” Lee added.

In 2021, attackers stole over $3.2 billion in hacks. The largest theft in 2021 was a code exploit amounting to $613 million on the Poly Network.

2022 was off to a rocky start, with a $325 million exploit of the popular cross-blockchain bridge Wormhole on the Solana-Ethereum ecosystem. That was followed by a sophisticated attack in March on crypto game Axie infinity’s Ethereum-based Ronin bridge, which saw $625 million worth of crypto stolen from the protocol.

In August, hackers broke into Nomad, a programme that enables users to exchange tokens from one blockchain to another and stole around $190 million in bitcoin.

According to Chainalysis, there were three different bridges that were breached just this month. This included an attack on a BNB Chain-based bridge, which saw exploiters illicitly gain over $100 million; a layer 1 blockchain QANplatform that was hacked and saw nearly $1 million in tokens stolen.

Then last Tuesday, $100 million in liquidity was drained from Solana’s popular Mango Markets trading protocol after a rogue trader manipulated spot token prices to borrow the entirety of the protocol’s assets against their position.

Among the primary attack vectors in the crypto sector range from exploiting ‘bridges’ – which are a blockchain-based tool that allows users to transact between different networks – to market manipulation, where rogue traders utilise millions of dollars to move thinly traded markets in their favour to net multiples of the initial capital deployed.

Back in 2019, most hacks targeted centralised exchanges; now, a vast majority of targets are DeFi protocols, whose extensive smart contract capabilities that power the platforms have thrown up newer and deeper vulnerabilities. Centralised exchanges fell out of favour likely due to the embrace of AML and KYC procedures among major exchanges.

Historically, cryptocurrency thefts have largely been the result of security breaches in which hackers gain access to victims’ private keys – the crypto equivalent of pickpocketing. These keys could be acquired through phishing, keylogging, social engineering, or other techniques.

In terms of transaction volume, scams were the largest form of crypto-based crime, with over $7.7 billion worth taken from victims worldwide in 2021.

In total, crypto-based crime in 2021 was at an all-time high, with over $14 billion in value received by illicit addresses.

Those numbers need to be put in perspective, however.

Given the high adoption rates of crypto (in 2021 it was up 567 percent from 2020), the growth of legitimate crypto usage far outpaces the growth of criminal usage (up 79 percent from 2020), and illicit activity’s share of crypto transaction volume has never been lower.