2022 is on course to be a record year for crypto hacking as a record amount of digital assets were stolen via crypto hacks in October.
According to data from blockchain security firm PeckShield released on Monday, about $760 million worth of crypto value was looted by hackers and cybercriminals in 44 incidents that affected 53 protocols in October.
However, some of the exploited protocols recovered $100 million, a fraction of that sum within the same period.
PeckShield reported that $2.98 billion of crypto assets had been stolen in 2022, almost double $1.55 billion, the total value of crypto stolen in 2021,
The biggest exploit of this ‘Hacktober’ was the BNB Chain hack which resulted in a loss of $586 million alone. Earlier in October, the BNB chain executed a hard fork to restore security after an unknown hacker stole $100 million via a vulnerability in the platform’s cross-chain bridge.
Binance co-founder and CEO Changpeng Zhao (“CZ”) disclosed that hackers accessed a cross-chain bridge where users transfer digital assets from one blockchain to another. The hackers created 2 million BNB tokens out of thin air.
The PeckShield report listed the Mango Markets Defi protocol as the second biggest loser in October. However, the exploiter agreed to return some of the funds.
Related post: $117m stolen in Mango Market hack
March had recorded the highest loss because oo crypto hacks before October, with around $710 million stolen. Most of this was due to the Ronin Bridge hack, which resulted in $625 million in crypto assets being pilfered.
Causes of the hacks
There are several causes for the high volume of crypto hacks in October. The leading causes include wallets compromised by profanity hacks, Blockchain bridge vulnerabilities, insecure smart contract codes, the unaccounted-for game theory behind protocol functionality, exploited cross-chain bridges, and oracle price manipulation.
For the crypto lender, Mango Markets, the attacker, Avraham Eisenburg, claimed actions behind the exploit were legal after an oracle price manipulation. Following a community vote, an agreement was struck, and Eisenburg walked away with $47 million for his efforts, returning $67 million to the project.
Some Decentralised autonomous organisations (DAO) lost $2.3 million because they relied on an insecure profanity-based wallet, a well-known attack vector among malicious actors. Team Finance was a victim too. Hackers took advantage of a bug in the Version 2 to Version 3 migration on the protocol to drain around $15.8 million in tokens from the platform.
Also, a smart contract dedicated to UvToken, a multi-chain crypto wallet service’s staking functions, was hit by hackers who made off with $1.45 million in tokens that were then sent to sanctioned crypto mixer Tornado Cash.
The vulnerabilities of DeFi
With all its revolutionary principles, blockchain technology is still susceptible to cybercriminals who exploit it for their benefit. Many crypto projects get hacked, or scammers set up rug pulls to steal from investors.
A sector of the ecosystem plagued significantly by this menace is Decentralised Finance (Defi) protocols that deploy software-based algorithms to enable crypto investors to trade, borrow and lend on digital ledgers without using a central intermediary.
DeFi platforms have now become a frequent target of state-sponsored hacking. Earlier this year, Chainalysis estimated that North Korea-affiliated groups had stolen around $1 billion worth of crypto assets from DeFi protocols.
Predominantly, these hackers have now become adept at exploiting weaknesses in the security, coding and structure of DeFi marketplaces. This big concern is now putting the work on industry players to find solutions since DeFi is being touted as the future of finance and an integral part of crypto adoption.
According to Sandi Bitenc, CEO of 3air and DeFi expert, the exploits in the sector are becoming incessant. Still, we are in a nascent industry that will evolve with time and provide better coding practices and pattern designs that will be proven secure or secure enough to withstand the constant bad actor attempts.
“It is not so different from the traditional financial systems that have almost entirely moved on-line; just the transactions are run decentralised and, for the most part, can not be reverted. This makes exploits permanent but not unavoidable. Unfortunately, decentralised systems unavoidably deal with valuable assets; thus, the time needed to mature the industry costs dirly. A lot of education needs to happen on both the development and the user sides, and this takes time, afterall we have only just passed the 14th anniversary of the Bitcoin whitepaper from Satoshi Nakamoto.” – Sandi Bitenc.
He further said quality would prevail in the end, and the blockchain technology is secure enough to handle DeFi. The users and the people developing on top of it need to follow better coding practices, integrating with best oracles and regularly auditing their code.
“If a code has been audited and exploitation angles have been identified, yet the code gets deployed without bug fixes, then we should not be surprised and critical about the technology nor the hackers but toward the negligence presented by the builders of that specific protocol or platform. The users are accountable with their funds towards selecting a bad project, but we still need to keep the developers accountable towards their work.”
Sandi concludes by saying future regulations may help provide that direly needed accountability while still keeping the core benefits of decentralised systems.
“Let’s be honest, there is no place for blockchain in a perfect world, but the last time I checked nobody is really satisfied with their government or other institutions in power. If we want to prevent their abuse of power we need to take the control away from them but then we also need to put it somewhere else and this is the true power of blockchain as it allows us to do exactly that. If this is the price to pay for real freedom and sovereignty then so be it, but we need to learn quickly and educate ourselves and keep in mind that hacks and exploits are fully preventable.”
It doesn’t look as if these bad acts are stopping soon. According to blockchain specialist, Chainalysis, 2022 is on course to be a record year for crypto hacking. Given this, it is more important to start taking caution now than ever. Beware of clicking links on social platforms like Twitter, Reddit and Discord. Ensure two-step authentications on your account and take extra security measures while using DeFi protocols.
Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!