DeFi exploits and access control hacks cost crypto investors billions in 2022: Report
Cybercriminals have used many new hacks and exploits in 2022, with more than $2.8 billion worth of cryptocurrencies stolen last year.
According to report from CoinGecko using data obtained from the REKT DeFiYield database, almost half of all cryptocurrencies stolen in 2022 were stolen using various methods. This includes bypassing verification processes, market manipulation, crowd looting, and the use of smart contracts and bridges.
The largest hack of 2022 was carried out through an access control hack. Sky Mavis, the developer of the popular game Axie Infinity, saw its Ronin bridge hacked in March 2022, resulting in $625 million being stolen from the bridge between the Ronin network and the Ethereum network.
It was later revealed that the North Korean hacker group Lazarus gained access to five private keys that were used to sign transactions from five Ronon Network validator nodes. So the hackers withdrew 173,600 ETH and 25.5 million US dollars from the bridge.
According to CoinGecko, an access control exploit is carried out by attackers who gained access to wallets or accounts through compromised private keys, networks, or security systems. As Cryptooshala researched last year, bridge breaches between networks were common in 2022, with 65% of funds stolen through these types of attacks alone.
Losses from crypto exploitation in January fell by almost 93% year on year
The second largest exploit of 2022 occurred in February 2022, when attackers bypassed verification with a fake signature on a wormhole token bridge before minting $326 million worth of cryptocurrency. Wormhole’s inability to verify the “custodian” accounts allowed hackers to mint tokens without the required collateral.
“Crowd looting” came to the fore in August 2022, when an insecure smart contract configuration on decentralized finance (DeFi) token bridge Nomad allowed users to withdraw an unlimited amount of funds. Hundreds of wallets took advantage of the exploit, resulting in more than $190 million being stolen.
In October 2022, Mango Markets suffered market manipulation when a hacker bought and artificially inflated Mango (MNGO) tokens before taking under-collateralized loans from the project’s treasury. $116 million was stolen in a quick loan attack.
Reentry attacks, in which attackers use a malicious smart contract to withdraw funds from a target with repeated withdrawal orders, amounted to $81 million stolen last year.
The Oracle hacks resulted in the theft of $54 million in funds. This technique involves hackers accessing the oracle service and manipulating its pricing data service to ensure smart contract failure or quick credit attacks.
In 2022, the number of phishing attacks was only $17 million in crypto stolen. This technique was prevalent between 2017 and 2020 as attackers preyed on unsuspecting victims with social engineering techniques to steal login credentials and private keys.
The February 2023 oracle attack is the biggest hacker incident of the new year. The hackers managed to manipulate the price of the AllianceBlock token through an oracle hack, resulting in about $120 million being stolen from the protocol.
Credit : cointelegraph.com