A Relatively Calm December for the Crypto World: Only $62M Stolen

Capping off a turbulent year for DeFi hacks, December recorded the lowest level of lost funds for 2022.

Hacker sleeping on laptop in a room lit with red light
  • December saw fewer major cryptocurrency attacks than November, resulting in $62.2 million in stolen funds.
  • The largest attacks were the $15 million Helio Protocol incident and the $12.9 million exploit of Defrost Finance’s protocols.
  • The overall number of hacks this year has been on an upward trend.

December Sees Fewer Major Attacks Than the Rest of 2022

According to blockchain security company CertiK, December saw the fewest number of major cryptocurrency attacks in 2022. There were a total of 23 incidents resulting in $62.2 million in stolen funds in the final month of the year. Both these figures represent a drop from November, when 36 major attacks resulted in $595 million stolen. The December figure is also the lowest monthly total for the year. 

Methods of Attack: Exit Scams Lead the Way

Exit scams were the most common method of attack in December, with $15.5 million worth of cryptocurrency stolen. 


In an exit scam, a malicious actor creates a fraudulent investment opportunity and persuades individuals to invest in it. The actor disappears with the invested funds, leaving the individuals with nothing. 

Flash loan-based exploits following behind at $7.6 million. In a flash loan attack, an attacker borrows a large amount of cryptocurrency from a protocol or exchange for a short period, typically just a few seconds. The attacker then uses the borrowed funds to manipulate the market somehow by executing a trade that would not be possible without the temporary loan. Once the trade is complete, the attacker returns the borrowed funds, pocketing the profit from the market manipulation.

Largest Attacks of the Month

According to data from CertiK, approximately 98.5% of the total amount stolen in December resulted from the 23 largest attacks. The largest attack, the $15 million Helio Protocol incident on December 2, was among them.

The Helio Protocol is a decentralized protocol that manages the stablecoin HAY. In the attack, a trader exploited a price discrepancy in the ankrBNB protocol. AnkrBNB is a reward-bearing token, meaning its fair value relative to BNB increases over time as staking rewards accumulate within the token. This exploit allowed them to mint 10 million aBNBc tokens to use as collateral to borrow $16 million of the HAY stablecoin, which was then offloaded for $15.5 million in BUSD. 


Decentralized finance (DeFi) protocol Ankr was also exploited in the incident, with an attacker minting 20 trillion aBNBc. This increased the circulating supply and caused the price to plummet. The second largest attack of the month was the $12.9 million exploit of Defrost Finance’s v1 and v2 protocols on December 23. The attacker carried out a flash loan attack by adding a fake collateral token and a malicious price oracle to liquidate the protocols. 

After the attack, the hacker returned the stolen funds from the v1 protocol to an address controlled by Defrost, but the funds from the v2 hack have yet to be returned. CertiK labeled the attack an “exit scam,” but Defrost denied the allegations, claiming that an admin key had been compromised. 

In total, for 2022, the top 10 attacks resulted in around $2.1 billion stolen by bad actors. This primarily occurred through cross-blockchain bridges and DeFi protocols. 

Overall Trend: Risks Continue to Increase

It is not uncommon for the frequency and value of cryptocurrency attacks to fluctuate from month to month. For example, November’s $595 million figure was significantly skewed by the $477 million FTX hack. However, the overall trend has been upward, with the total amount stolen in 2022 surpassing that of 2021. 

In addition to exit scams and flash loan-based exploits, other methods of attack in December included phishing, malware, and “rug pulls.” Phishing attacks involve sending fraudulent emails or messages that appear to be from legitimate sources to trick individuals into divulging sensitive information or funds. 

Malware attacks involve installing malicious software on an individual’s device to gain access to their accounts and funds. “Rug pulls” are an exit scam specific to decentralized finance (DeFi) protocols. A malicious actor creates a fake liquidity pool and then removes it, causing the value of the tokens in the pool to plummet.

These attacks highlight the ongoing risk of investing in cryptocurrency. They also show the importance of protecting oneself and one’s funds. It is always advisable to thoroughly research any investment opportunity and to use secure storage methods, such as hardware wallets.

How to Stay Protected

In addition to being aware of the various attacks, individuals can protect themselves by using strong and unique passwords, enabling two-factor authentication, and being cautious about sharing personal information or funds. 

It is also important to use reputable exchanges and to be aware of the risks inherent in decentralized finance protocols. Individuals can reduce their risk of falling victim to a cryptocurrency attack by taking these steps.

On the Flipside

  • The number and value of cryptocurrency attacks are not always consistent month to month and can be affected by a single large attack.
  • While December saw the fewest number of major attacks and the lowest value of stolen funds in 2022, the overall trend for the year has been negative.
  • The methods of attack used in December, such as exit scams and flash loan-based exploits, are not new or unusual.

Why You Should Care

Understanding the types of attacks that can occur and taking steps to protect assets can minimize the risk of falling victim to a cryptocurrency attack. Staying informed about the latest threats and being cautious about storage and usage is essential in ensuring the security of cryptocurrency investments and activities.

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Kyle Calvert

Kyle Calvert is a cryptocurrency news reporter for DailyCoin, specializing in Ripple, stablecoins, as well as price and market analysis news. Before his current role, Kyle worked as a student researcher in the cryptocurrency industry, gaining an understanding of how digital currencies work, their potential uses, and their impact on the economy and society. He completed his Masters and Honors degrees in Blockchain Technology within Esports and Business and Event management within Esports at Staffordshire University.