As the total market cap of cryptocurrency keeps rising, hacking has happened more frequently. According to SlowMist Hacked, as of August 8, there have been 207 hack events in 2022, which resulted in a loss of $2,525 million.
Last week, two hack events happened in a row. On August 2, 0xfoobar, a crypto KOL, said on social media that the cross-chain solution Nomad was hacked, with a total loss of about $152 million.
On August 3, Solana wallets were hacked on a large scale. Data from Dune shows that the hack affected over 9,000 independent wallets, resulting in a loss of $4,088,121.
Subject to frequent hacking incidents, the crypto market has become an “ATM” for hackers. Today, let’s check out the typical hack incidents that happened in the first half of 2022.
On February 20, OpenSea, the world’s largest marketplace for crypto collectibles, was attacked. According to OpenSea’s official tweet, hackers sent phishing emails to all users’ mailboxes at the same time as the OpenSea contract was upgraded. Many users mistakenly thought it was an official email and authorized the wallet. As a result, their wallets were stolen.
On March 17, according to a report by Twitter user Will Sheehan, arbitrage bots exploited a loophole in the airdrop mechanism of APE Coin and took out more than 60,000 ApeCoins (worth $8 each at the time) through flash loans.
On March 29, Ronin Network, Axie Infinity’s sidechain, sent a community warning that the network suffered from a security breach, which led to the hacking of 173,600 ETH and 25.5 million USDC, a loss of over $625 million.
On April 17, the Ethereum-based stablecoin project Beanstalk Farms was attacked through flash loans and proposals, resulting in a loss of about $182 million.
On June 5, BAYC tweeted that its “Discord servers were briefly exploited”, and “about 200 ETH worth of NFTs appear to have been impacted”.
On June 9, Optimism announced on social media that hackers gained control of 20 million OPs due to communication and technical errors in cooperation with cryptocurrency market maker Wintermute.
On June 24, Harmony’s Horizon Bridge was hacked, and it was later confirmed that Horizon was attacked not because a smart contract vulnerability was exploited but because the hackers decrypted some of the private keys held by Horizon.
On July 1, Quixotic, the largest NFT platform in the Optimism ecosystem, suffered from a major loophole, which hit a large number of users.
Looking back on past attacks, hackers rely on four strategies: 1) attack or exploit project vulnerabilities; 2) obtain authorization through phishing emails or information; 3) exploit the leaked private keys of individuals or companies; and 4) conduct malicious attacks on the front-end of projects.
On-chain statistics show that during the Solana hack, the private key of the affected wallets was leaked and used to sign malicious transactions, which reveals a major problem – who controls the private key of centralized wallets? Companies running a centralized wallet back up the private key of users, which improves the user experience but also creates more security risks. During the Solana hack, some users also disclosed that the repairman stole their cryptos when backing up the data stored on their phones. Does the statement “not your keys, not your coins” ring true after all?
Of course, the rise of Web 3.0 in the blockchain industry has also brought us decentralized wallets, which can make sure that “your key belongs to you”. That said, we should also stay on guard against whitelisted or airdropped investors that require our “signature” and remain careful with authorizations. In addition, it is worth noting that in the first half of 2022, approximately $1,140.7 million worth of stolen funds were transferred to Tornado Cash by hackers, accounting for 60% of the total Web 3 loss, according to Beosin.
On August 9, the U.S. Department of the Treasury announced sanctions against the cryptocurrency mixer Tornado Cash. Meanwhile, Github suspended all accounts that contributed code to Tornado Cash, and USDC also blocked addresses related to Tornado Cash and froze the USDC holding in several addresses that transacted with them.
Security issues in all blockchain categories, going from CEX through DeFi to NFT, are blows to projects and companies and are even more devastating for investors. As such, the key is to find a safe, convenient exchange. Protected by multiple security strategies, CoinEx promises that all crypto assets are 100% reserved and has never suffered any security breach since its inception. At the moment, the exchange offers easy-to-use, safe and reliable crypto trading services to over 3 million users in more than 200 countries and regions.
Yay!👍 We collecting more Crypto. Reshared your post🔁
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit