Crypto hacks throughout 2022 are suspected to total over 1B dollars! Many in the industry know that the cryptocurrency space severely lacks regulations, which are needed to stop scams and hacks. Regulation is certainly incoming around the globe, as countries decide how to govern these digital assets.
The Horizon Bridge was hacked for 100M USD recently, all in digital assets. Horizon is the Harmony blockchains bridge to the Ethereum chain, connecting the two. A mix of tokens was stolen from the protocol, equivalent to two-thirds the size of the total assets. The team sent a message to the hacker in an attempt to negotiate the release of the funds, a process becoming popular with blockchain hacks.
Horizon operates utilizing a semi-centralized security system, and the entire chain was compromised with only two of the four owners signing the multi-sig wallet. This issue has been pointed out previously, but we are not sure if it was responsible for the most recent hack just yet.
Ronin Network (Axie Infinity) Crypto Hack
Horizon certainly wasn’t the first protocol to get hit by these attacks, as Axie Infinity’s Ronin Network saw one of the largest crypto hacks ever earlier this year, of 625M USD in digital assets. Validator nodes of the bridge were hacked, five of the nine validators were compromised allowing the perpetrator to steal the assets as they wished. The Ronin chain bridges the Ethereum-based game with other blockchains.
The Ronin hack is credited to social engineering, compromising the seed phrases of a majority of the validators, versus a technical problem. The hack has also been credited to a North Korean state group known as the Lazarus Group. The group is responsible for many blockchain-focused hacks, specializing in socially engineered hacking, and is suspected of using the stolen capital to fund North Korea’s nuclear and military ventures. This group was one reason the US government recently came down so hard on Tornado Cash, the privacy service.
Wormhole Digital Asset Portal Hacked For 325M USD
Another blockchain hack, specifically another blockchain bridge, Wormhole, lost 325M dollars in a hack as well. Wormhole Portal is a bridge between Solana and other blockchains. This was the second largest hack on a DeFi service ever, and one of the top five biggest blockchain hacks too. A technical exploit allowed the hacker to mint 120,000 wrapped ETH. Wrapped ETH, is the Ethereum token on another blockchain, in this case Solana.
Qubit Finance, a DeFi dApp in the Binance Smart Chain, was hacked in a similar technical fashion, with the hackers getting away with 80M dollars. Similar to the wormhole, the protocol was tricked into believing cryptocurrency was minted and bridged from a different chain. Assets were converted to BNB and essentially drained all the BNB from the protocol.
Many of the hacks over the past year, have been directed at bridges between two chains, typically the weakest point in the security system. As interoperability gains popularity, chains are attempting to build out infrastructure to become compatible with the other blockchains. This infrastructure is commonly known as bridges or side-chains, and often trade some sense of security for the interoperability option. The “main-chain’ is almost always much more secure than a bridge between two chains.
Many hacks involved dozens of transactions where the stolen assets are transferred, or “washed”, swapping for different cryptocurrencies and working through many different protocols. All of this can make the funds hard to trace, even on a public ledger. “Chain-hopping”, as its become to be known as, is often framed as an accomplice of these hacks.
DeFi Privacy Tools for Digital Assets
RenBridge is accused of laundering 540M dollars. This is over the last two-year span but is a significant amount of capital. Similar to Tornado Cash, the protocol is accused of assisting hackers and even foreign enemies (North Korea) with money laundering. Although hacks can be tracked, many of these DeFi services are truly decentralized. Many do not have the ability
Tornado Cash is expected to have laundered 1.5B dollars. North Korea is expected to have played a large role in the Tornado Cash laundering, supposedly using the platform to stay anonymous on-chain. A developer of TC was arrested for “helping facilitate these transactions.” This is comparable to arresting eBay for the sale of counterfeit goods or arresting a bank owner because money was laundered through the bank (very common in America).
The U.S. Government sanctioned Tornado Cash, prior to arresting the suspected developer of the code. Any cryptocurrency wallet that has interacted with the software is now on OFAC sanctions list, making it illegal for anyone inside the US to interact in any way with a wallet that is associated with TC.
Justin Sun, Tron blockchain founder, recently was sent 0.1ETH from a sanctioned wallet. His wallet address is public information and the person sending the crypto, wanted more publicity on the problem. The blockchain founders Aave wallets got frozen due to receiving cryptocurrency from a sanctioned wallet, he said on Twitter. This shows how ridiculous it is to sanction every single wallet that has ever been associated with privacy software.
Hopefully, as regulations surrounding digital assets are put in place, hacks will become much less common. This is one reason it’s extremely important to fully understand what you are invested in and where your money is.
If you enjoyed this article, check out how JP Morgan manipulated the gold market for nearly a decade or the rundown of the recent large crash in the cryptocurrency space.
For media, content or writing inquiries please contact Patrick Hagerty at PatrickJHags@gmail.com