The biggest crypto hacks of 2022

Cryptocurrency is a decentralized digital currency. It is stored using blockchain technology and is not regulated by any bank, government, or financial institution.

Decentralization is one of the main features that sets cryptocurrency (often shortened to “crypto”) apart from other currencies. It can be created and issued by anyone, and as a result countless different crypto coins are available. The two most popular and widely recognized currencies are Bitcoin and Ethereum, stored on the Bitcoin and Ethereum blockchains respectively.

Crypto can, in theory, be used like any other currency to purchase goods and services. In recent years, however, many have started to treat new cryptocurrencies like speculative stocks. Crypto traders buy and hold large quantities of crypto, betting that its value will increase. If it does, they can sell it and make a profit. More often than not, these speculations end in disaster because coins can lose their value in a matter of minutes.

While pump-and-dump scams and rugpulls are a constant threat to crypto investors, they’re not the only risks you have to worry about in this space. Even if the coin you’re holding maintains or gains value, you may still end up losing your money because of a crypto hack.

A crypto hack involves hackers accessing and stealing your crypto coins without your authorization. Here are some of the most common crypto hacking techniques.

Bridge attacks

Bridge attacks involve hackers targeting your crypto as it is transferred from one blockchain to another.

Each coin exists on a blockchain (a decentralized database, usually referred to as a ledger). Protocols that transfer your currency from one blockchain to another (for example, if you want to turn Bitcoin into Ethereum) are called cross-chain bridges. Bridges are essential for blockchain interoperability, but they’re also vulnerable to hacking.

Cybercriminals can use any number of methods to target cross-chain bridges, from exploiting bugs in a bridge’s code to utilizing leaked cryptographic keys. Some hackers have even managed to trick cross-chain bridge systems with bogus coins, converting them into real and valuable currencies on other blockchains.

Wallet hacks

Wallets are applications that allow you to access, manage, and move your cryptocurrency. These programs can be installed on a device like a smartphone or a computer and are either hot (always connected to the internet) or cold (offline). If you have a hot wallet on a device, then a bad actor who hacks that device could get into your crypto wallet and raid your funds.

Exchange hacks

Many crypto enthusiasts use coin exchanges to store and manage their currency. Exchanges are online platforms through which you can buy and sell crypto, or store it and gain interest. While exchanges provide a useful service, they are not without risk. Exchanges hold huge amounts of cryptocurrency on behalf of their users, so hackers target them constantly, using exploits, phishing emails, and social engineering attacks. If a cryptocurrency exchange is breached, coins stored in the exchange’s hot wallets can be stolen.

Crypto hackers use many different tactics to steal coins.

1. Phishing emails. This method involves hackers sending emails to trick people into downloading malware or exposing sensitive information. The email will usually contain a link to a page that installs malware on the victim’s device. A hacker can then use this malware to take control of the device or to secretly monitor its activity. If the victim has a hot wallet application on their device, it’s just a matter of time until the hacker steals their funds.
2. Exploits. The software used to facilitate the storage and transfer of cryptocurrency is often targeted by hackers. Whether it’s a cross-chain bridge or a cryptocurrency exchange, any piece of crypto infrastructure could contain bugs and unpatched vulnerabilities. If hackers find these weak spots, they can exploit them in bridge attacks and exchange heists.
3. Key theft. The simplest way for a hacker to steal crypto is just to use the private keys that allow you to access your funds on the blockchain. Anyone who has the keys to your wallet can move your coins, so if your keys leak — if they were stored in an unhashed format on a device which was later hacked, for example — an attacker can open your wallet and move any coins it contains to their own.

Cryptocurrency hacks in 2022 have resulted in billions of dollars of losses. Here are the five biggest breaches that we know about from 2022.

In March, a hacker stole user funds worth $625 million from the Ronin Network. The Ronin Network is a side chain (a subset of a larger blockchain) used to support a blockchain-based game called Axie Infinity. The hacker managed to steal private keys to generate fake withdrawals, transferring hundreds of millions from the network. The hack was not uncovered until a week later.

A hacker targeted a cross-chain bridge known as Wormhole in February. The Wormhole protocol allows for the transfer of funds between multiple chains, including Ethereum (ETH). The hacker took advantage of weaknesses in the protocol’s validation system to fraudulently generate a large quantity of wrapped Ethereum (WETH), a token with a value tied to the Ethereum coin. They then used the Wormhole to convert the WETH into ETH, making off with cryptocurrency valuing around $325 million.

In August, another cross-chain bridge attack took place. The Nomad bridge was attacked, resulting in losses of approximately $190 million in Bitcoin. Hackers exploited a bug in the protocol to withdraw more funds than they had deposited. Unlike other hacks on this list, hundreds of individuals took part in this incident. This attack may not have been a coordinated one. Once news of the exploit got out, hundreds of people rushed to take advantage of it, each acting on their own initiative.

Beanstalk Farms is a stablecoin protocol based on Ethereum. (Stablecoins are crypto tokens that are designed to remain at a stable value, instead of fluctuating up and down.) The protocol used a native governance token called STALK. If someone wanted to transfer assets out of Beanstalk Farms, they would need approval from a majority of STALK holders.

In April, a hacker used a flash loan (an extremely short-term crypto loan) to buy a majority position in STALK. They then proposed a massive transfer of funds and used their STALK tokens to approve the proposal. It’s estimated that the hacker profited by around $80 million, but the hack caused the stablecoin to crash, resulting in total losses of $182 million.

In September, a crypto market maker called Wintermute lost $162 million in a major hack. It’s not clear yet how the attack was carried out, but security firms have suggested that essential private keys were either leaked or cracked using a brute force attack. Shortly after the hack, some crypto researchers claimed that the hack may have been an insider attack, but this has not been confirmed.

PRO TIP: Research the creators and companies behind any exchange or coin before investing your money. If a project’s creators have no history in the crypto space or, worse, have a history of failed startups and scams, stay away!

The future of cryptocurrency is uncertain. Mainstream adoption is still far off, and intense market volatility is discouraging individuals and companies from getting involved. Public awareness around cryptocurrency and blockchain technology has grown rapidly over the last five years, but much of the publicity centers around scandals, scams, and market crashes.

The recent collapse of FTX, a major crypto exchange, was a reminder to everyone in the market that even companies considered to be secure and mainstream can fall apart in a matter of hours. The subsequent revelation that FTX may have been hacked, with millions of dollars of crypto potentially lost, underlined the general feeling of chaos and uncertainty in the digital currency market.

Many crypto enthusiasts insist that these problems are temporary. In the long run, they see digital currency and the blockchain as foundational elements in a freer, more decentralized version of the internet. They also insist that a blockchain network can serve non-crypto-related purposes, and that’s true: smart contracts, data storage, and the storage of NFTs are all viable blockchain functions.

For now, however, the technology’s primary use case remains cryptocurrency, for better or for worse. If you’re going to keep using cryptocurrency yourself, it’s important to protect yourself from the risks that come with it.

Here are a few steps that you can take to avoid becoming the victim of a crypto hack.

1. Protect your keys. Whoever holds your cryptographic keys can gain access to your funds. It’s essential that you keep these numerical passcodes private, so if you’re going to store your keys somewhere, protect them with encryption. For example, use an encrypted storage service like NordLocker to keep all your sensitive data, including cryptographic keys, shielded from prying eyes. If you have an account with a crypto exchange, make sure to use multi-factor authentication and a password manager, like NordPass.
2. Don’t keep all your funds in a hot wallet. Hot wallets are convenient, but they’re also much more vulnerable to hacking than cold alternatives. Anything that is connected to the internet is vulnerable to hacking. Whenever possible, keep your coins in cold wallets.
3. Research a cryptocurrency exchange before using it. Crypto exchanges play a major role in the crypto economy, but if you’re going to use one, it’s essential that you do your research. Who runs the crypto exchange? Have they been involved in other projects in the past? You don’t want to trust your funds to a company that may not handle them securely. The same logic should apply to any service you trust with funds: if you’re using a cross-chain bridge protocol, for example, research it in advance.
4. Limit the threat of malware. Hackers can install malware on your device and use it to monitor your activity, log your keystrokes, and raid your cryptocurrency. To protect yourself, be extremely wary of unexpected emails that contain links or attachments, even if the sender seems legitimate. You can also use NordVPN’s Threat Protection feature, which prevents you from accessing websites known for malware installation.