January 4th, 2023
The year 2022 was a big one for DeFi hacks, filling most of the top slots in the Rekt leaderboard. As DeFi projects grow in value but lag in security, high-value hacks will remain common.
The biggest DeFi event in 2022 was the meltdown of the FTX exchange. The company’s failure to maintain sufficient reserves resulted in a bank run against the exchange and drove the organization into bankruptcy. While assets were being relocated in preparation for bankruptcy proceedings, $338 million in tokens were moved via “unauthorized transactions” from the company’s wallets.
In addition to the FTX hack, DeFi attackers used a diverse set of techniques to exploit Web3 projects. However, many of the most significant and expensive hacks of 2022 can be classified into just three different categories: broken bridges, compromised keys, and flash loan exploits. In this article, we’ll recap the biggest crypto hacks of 2022 by the category of hack they belonged to.
Cross-chain bridges link the blockchain ecosystem together. By allowing exchanges across multiple blockchains, they interconnect DeFi projects and expand what users can do with their cryptocurrency.
However, 2022 demonstrated that vulnerabilities in cross-chain bridges can result in large-scale, expensive hacks. Some of the most expensive DeFi hacks of 2022 targeted these bridges, including the following:
While these are some of the most expensive and visible cross-chain bridge hacks of 2022, this is not a complete list. Cross-chain bridges are often valuable, visible, and unaudited, making them an ideal target for attackers.
Private keys generate the digital signatures that are used to approve blockchain transactions. Control over a blockchain account’s private keys equates to control over that account.
In 2022, numerous DeFi hacks were made possible by compromised private keys. Some of the most significant include the following:
Private key security is essential to blockchain security. Using a multi-signature wallet to secure critical addresses — such as those used to control smart contracts — is a fundamental blockchain security best practice.
Flash loans allow a blockchain account to take out a massive loan without collateral. The only requirement is that the loan is repaid within the same transaction that it was taken out.
While flash loans have legitimate applications, they are also a common tool in DeFi hacks. Some of the major DeFi attacks in 2022 that leveraged flash loans include the following:
Flash loans are a useful tool that is unlikely to go away any time soon. Reducing the risk of flashloan attacks requires auditing smart contract code for price manipulation vulnerabilities and other security flaws that can be exploited via flash loans.
DeFi has significant promise, but regular, high-value attacks undermine its credibility. As long as expensive hacks and embarrassing incidents — such as the FTX meltdown — remain commonplace, the credibility of the industry will suffer.
One of the common threads among hacked DeFi protocols is a lack of security audits. Of the top 25 hacked DeFi projects, only 1 had undergone an external audit whose scope included the exploited vulnerability. Performing comprehensive security audits before launching code to the blockchain is essential to reducing DeFi hacks in 2023.
Get in touch with our Web3 security experts to learn more about our smart contract auditing and security advisory services.