Over $1.5 billion has been stolen across the top 10 crypto hacks, with the majority occurring on DeFi protocols. Find out more about how these hacks transpired.
In the last year, over $1.5 billion has been stolen across the top 10 largest hacks alone, with an average of $159.2 million stolen per attack.
Unlike earlier years, the vast majority of these funds were stolen from DeFi protocols, including Poly Network, Compound, and Cream Finance (which was hacked several times in 2021 alone). Centralized exchange (CEX) hacks featured less prominently, with just two of the top 10 largest hacks associated with CEXs.
The second-largest hack is attributed to BitMart, a rather obscure exchange that lost $196 million after the private keys to its wallets were stolen. To date, the hackers have still not been caught nor have the funds been recovered.
Though not a hack per se, Compound Finance lost more than $140 million worth of COMP tokens thanks to a bug that allows users to drain COMP from the protocol. One user was able to drain close to $30 million in a single transaction before the faulty code was patched. A small fraction of the funds that were erroneously sent to users has been recovered thanks to their goodwill.
Earlier this week, the Polygon-based NFT marketplace Vulcan Forged was breached, resulting in 23.7% of the project's circulating supply being stolen from a total of 96 wallets. The management behind the project has now reimbursed almost everybody affected by the hack. Nonetheless, the PYR token has seen around one-third of its value deleted in the last two days.
A variety of other platforms also suffered gut-wrenching losses as a result of hacks this year, including:
Badger: Hacked earlier this month, seeing $120 million stolen by an attacker that was able to compromise an API key to inject malicious code to the website.
AscendEx: Reported that one of its hot wallets was breached on December 12, resulting in an estimated $77 million being drained from one of its hot wallets. The platform has pledged to reimburse all affected users.
EasyFi: A hacker was able to breach an EasyFi admin's computer to install a malicious version of MetaMask, which allows them to steal a combined $59 million — comprised of $6 million stablecoins and $53 million in EASY tokens.
Uranium Finance: The Binance Smart Chain-based DeFi platform Uranium Finance suffered a $50 million exploit back in April, as a hacker was able to exploit its balancer modifier logic to get away with millions worth of a variety of different assets.
bZx: A DeFi lending platform that suffered a phishing attack, resulting in $55 million being stolen. The platform also suffered flash loan attacks earlier in the year, allowing an unknown hacker to exploit its janky code to get away with millions.
With DeFi hacks on the rise, insurance products are beginning to look increasingly attractive. Unless of course, they end up being exploited too.