DeFi has been around for quite some time, but it only really exploded in 2022. Since then, hundreds of DeFi protocols have appeared on the market and grown exponentially in a very short while. The value of these protocols tripled overnight as millions of people immediately recognized their worth.
However, investors and legitimate parties weren’t the only ones who saw the potential in DeFi. Criminal hackers understood the value at hand, and they zoned in on crypto. Cumulatively, these criminals have stolen over two billion dollars from crypto in 2022 alone. According to Peckshield, a crypto-security firm, that number will continue to rise. In this article, we’ll be looking at the biggest of these heists and will be figuring out how they were possible. Perhaps this can help us understand how we can prevent similar attacks in the future.
While many hacks occur are due to smart social engineering, a few others happen because hackers simply understand the engineering defects of their victims. The Wintermute loss is a very good example of this.
The hack was caused by a user’s address being compromised because of its weakness as a Vanity wallet. Vanity wallet addresses are custom addresses made with easy-to-remember characters, such as initials. The problem with these custom addresses is that they are comprised exclusively of 32 characters, which also means that any attacker with sufficient resources could brute force their way and recreate the address’s private keys.
The problem for Wintermute was that both their hot wallet and DeFi vault contract were probably Vanity addresses. This meant that the hackers had access to large amounts of funds and could move them however they wanted. When Wintermute learned of the hack, they tried to remove all ether from the hot wallet. However, they forgot to remove the address as an admin on their vault. The details are still sketchy, but it seems that the hackers withdrew all the money they could find in the hot wallet. This was around a total of $160 million.
Nomad Bridge Hack
Unlike other hacks that took place in one or two transactions, the Nomad bridge hack wasn’t a singular hack. There were in fact 1,175 hacks taking place at the same time. The hack was also apparently carried out on the exact day that a vulnerability was found in Nomad’s code. The vulnerability was that a message was not properly validated before it was sent out.
When the original hacker found this out and started stealing funds, a swarm of copycats discovered the bug and started stealing too. It was a free-for-all on Nomad’s bridge. The disturbing part of this hack is that all the copycats had to do was copy the original hacker’s transaction call data, replace the original address with theirs, and just start transferring. It was the easiest hack many would ever perform. By the time Nomad was able to fix its bug, around $190 million had already been stolen.
The Nomad team sent out a message requesting the return of funds, and surprisingly a few white hat hackers complied. They returned around $30 million. Sadly, the vast majority of the stolen monies have yet to be recovered.
Beanstalk Farms Hack
Beanstalk was a stablecoin protocol that used algorithms to maintain its value instead of a liquidity pool. The hack itself was rather simple. The hacker merely took advantage of the security lapses with the coin and made a run for it.
Beanstalk uses a decentralized governance protocol, which includes an emergency allowance that allows a supermajority to vote on sending coins out. The hacker just got wind of this function, gave himself the votes needed to tamper with Beanstalk funds, and sent them out on their merry way.
The question, of course, is how did the Beanstalk hacker gain access to the votes needed to send the money out? The answer to that is through a loan. Under the Beanstalk DAO, voting power is decided by the amount donated to the Beanstalk Diamond contract. The hacker simply took out a loan, deposited a ridiculous amount into the contract, got access to the votes, and then voted to send all the money the chain had to other addresses. In the end, the hacker stole about $181 million from the protocol.
Ronin Network Hack
Ronin Network is an Ethereum-based sidechain for Axie Infinity, one of the biggest crypto games in the world, and lost over $625 million in ETH and USDC in a hack.
To understand just how bad the Ronin Network hack was, it’s important to understand how the network works. The Ronin network is a blockchain made for players of Axie Infinity to play away from all the complexities of the main Ethereum chain. To help players easily transfer their ETH to the network, a Ronin bridge was built.
This bridge was the link that allowed users to send their ETH from the original blockchain to the Ronin wallet. Once the funds are in the wallet, they turn to wrapped ETH and can be used to purchase axies to play Axie Infinity. The wrapped currency can also be used to perform all manner of actions in the game.
The reason why users cannot perform these actions on the Ethereum network itself is that the main ETH chain can be super slow and buggy. Since people will not play a slow and buggy game, the creators of Axie Infinity decided to build their sidechain on ETH.
The entire hack is somewhat difficult to explain, but here’s the long and short of it. A hacker was able to get access to the number of validators needed to release funds on the Ronin bridge. The chain has nine validators, and five of those validators must sign before funds can be released on the network.
Unfortunately for Ronin, the hacker was able to get hold of five validators. The hacker then used the acquired keys to steal the loot. The interesting thing about this hack (aside from the amount of money lost) is the fact that Axie Infinity only announced it six days later.
However, they also explained in detail how the attack happened. Aside from that, they announced that they knew about the hack when it happened.
After the hack exposed the weaknesses of the Ronin bridge, Ronin decided to increase the number of needed validators from five to eight. Unfortunately, these security measures came too late as the hacker had made away with over $620 million. The hack was the biggest in DeFi history and showed exactly what could go wrong if someone’s security got slack.
Wormhole Bridge Hack
The Wormhole bridge hack was yet another hack that targeted a bridge. This attack happened in February, and at the time everyone thought that it couldn’t get worse than that.
Unlike the Ronin bridge, the Wormhole bridge isn’t a game exchange. Instead, it’s a token bridge that allows its users to send and receive tokens between Ethereum, Solana, Avalanche, Oasis, and Terra. Users of the wormhole are expected to stake their currency and then recurve wrapped ETH in return. This wrapped ETH will be guaranteed by the network and will be backed by a 1:1 ETH liquidity. This means that the network will always have the same number of wrapped ETH as normal ETH. Unfortunately, it was this liquidity that the hacker decided to attack.
The hack itself happened through Solana’s end of the bridge. To complete the hack, the hacker simply printed about 93,750 worth of wETH on Solana and used that to redeem about $254 million into the Ethereum network. From there, the funds were used to purchase a couple of tokens. These include Bored Apes and Finally Usable Crypto Karma (FUCK).
At this point, people have to ask reasonable questions about the general safety of crypto bridges. The frequent attacks on bridges seem to validate Vitalik Buterin’s January 2022 argument that crypto bridges have fundamental security challenges.
In a bid to see if the stolen funds could be returned, Wormhole reached out to the hacker and offered them $10 million if they returned their loot. However, the hacker didn’t seem too interested in doing that.
Why You Should Care
Crypto hacks are painful growing pains in the crypto industry. They also affect its legitimacy, and it’s important to understand just how hackers can take advantage of these protocols.
On the Flipside
- These hacks may continue for a long while yet, and there might be no respite in sight.
- Some hacks may not be preventable due to varying factors.
As crypto continues to evolve, the industry will likely develop better and more efficient ways to deal with hacks. These hacks will surely serve as important learning points for future founders and protocols. However, in the meantime, it’s important to understand exactly how hackers take advantage of protocols. This understanding may help us be even more careful with our investment and trading choices.