Scams are something that have become the main headline news stories emerging from the world of cryptos. And along with that, scams in the world of crypto have been becoming more and more sophisticated and 2022 was no exception. They have also been on the rise and these bad actors within the ecosystem are devising new ways to defraud investors and participants in the crypto market.
According to a research by Solidus Labs, bad actors in the crypto ecosystem launch up to 15 crypto scams per hour on average. This has resulted in about $4.3 billion worth of cryptos being stolen between the months of January and November 2022 – that amounted to a 37% increase since the previous year.
2022 also accounted for one of the largest loss of funds from one scam till date in the history of cryptos – in the FTX crypto exchange collapse – where even now $1-2 billion worth of customer’s funds are unaccounted for.
Thus, it becomes even more important for investors and other participants in this ecosystem to be wary of scams like this and spread awareness about this. To that end, let us take a look at some of the biggest crypto scams of 2022 that you need to know about in 2023 – in order of the sums lost or stolen.
Scam in brief
|FTX-Alameda Research Fiasco||$1-2 billion||Amidst the fall of the FTX crypto exchange, $1-2 billion worth of customer’s funds went missing.|
|Axie Infinity-Ronin Bridge Hack||$615 million||Axie Infinity’s cross-chain Ronin Bridge hack was made possible by compromising private keys on the network.|
|Wormhole Crypto Bridge Hack||$320 million||Another cross-chain bridge hack, where hackers were able to siphon out $320 million but funds were later retrieved within a day.|
|Nomad Cross-Chain Bridge Attack||$190 million||Nomad cross-chain bridge attack was yet another in the line where hackers could easily spoof the smart contract into rerouting funds in an illicit manner.|
|Beanstalk DeFi Project||$182 million||A flash loan scam case where the attacker was able to exploit a vulnerability in the protocol’s governance mechanism.|
|Wintermute Hack||$160 million||A custom wallet address creator tool was compromised and private keys of individuals were targeted and drained of funds.|
|Elrond’s Maiar DEX Hack||$113 million||Elrond network’s DEX suffers a $113 million hack.|
Additional Read: Top Cryptos that crashed more than 70 percent in 2022
FTX Exchange-Alameda Research Fiasco
This crypto scam, perpetrated by the once-hailed Sam Bankman-Fried, the founder of the FTX crypto exchange and its sister concern, Alameda Research, that has resulted in one of the most shocking loss of value in the crypto market overall. Here are some numbers – the FTX exchange was a centralized crypto exchange, which was arguably the third largest in the world in terms of trading volumes and was valued at around $32 billion at one point in time. But when this came out in the early days of November 2022 – the whole thing came crashing down and within days, it was worthless and went bankrupt.
So even as of writing, about $1-2 billion worth of customer’s funds from the failed FTX crypto exchange are still missing and we have no idea where they are and how they might be repaid.
Additional read: FTX Collapse Explained
Axie Infinity-Ronin Bridge Hack
Back in the month of March 2022, Sky Mavis, the makers of the Axie Infinity – an extremely popular blockchain NFT game – announced that the Ronin Network had fallen victim to one of the single largest DeFi hacks till date. The attackers were able to compromise the network, steal and get away with approximately 173,600 ETH and 25.5 million USDC, amounting to a staggering total of $615 million as on the day of the hack.
The hack was made possible by compromising private keys on the network. The Ronin Network used a set of nine validator nodes to approve transactions on the bridge and any withdrawal or deposit transaction required an approval by a majority of five of these nodes. the attacker was able to gain control of four of the five validators controlled by Sky Mavis and a third-party Axie DAO validator to sign their malicious transaction and siphon out the funds.
Wormhole Crypto Bridge Hack
Similar to the Axie Infinity-Ronin Bridge hack, this was another example where a cross-chain bridge was compromised by hackers to steal funds. Wormhole, which was one of the most popular bridges that linked Ethereum and Solana blockchain network suffered a theft of cryptos worth about $320 million back in the early days of February 2022.
Ethereum and Solana are blockchain networks that were and still are stalwarts in their domains – both boasting incredible capabilities in the world of smart contracts and decentralized finance apps. In this hack, according to data from blockchain cybersecurity firm CertiK found that Wormhole’s hackers looted about $251 million worth of ETH, $47 million worth of SOL and well over $4 million worth of USDC stablecoin.
However, Certus One, the developers behind Wormhole had quickly taken action and luckily, they were able to retrieve all the funds in a matter of a day. The hack came to light on 2 February and by 3 February 2022, Wormhole had indicated that ‘all the funds had been restored’ and services were back online. Certus One had offered the hackers a $10 million ‘bug bounty’ in exchange for the details of their exploit and a return of the stolen cryptos.
Additional Read: Top Crypto Price Predictions 2023
Nomad Cross-Chain Bridge Attack
This is yet another cross-chain bridge that was compromised by hackers and drained of nearly $190 million worth of cryptos. The amount lost in this hack, which happened in early August 2022, drained the protocol of nearly all the funds it had. Pretty much along similar lines to that of other cross-chain bridge hacks, here too users were able to spoof the smart contract and withdraw funds that were not theirs.
A Twitter user and a researcher at a crypto investment firm Paradigm, @samczsun explained how the hackers were able to pull out funds from the protocol. And funnily enough, the exploit was relatively easy to execute and didn’t need huge programming genius or technical know-how to pull it off. All one needed to do was find a successful transaction and replace the actual receiver’s wallet address with your own and re-broadcast it.
1/ Nomad just got drained for over $150M in one of the most chaotic hacks that Web3 has ever seen. How exactly did this happen, and what was the root cause? Allow me to take you behind the scenes 👇 pic.twitter.com/Y7Q3fZ7ezm
— this is now a shitpost account (@samczsun) August 1, 2022
Beanstalk DeFi Project
A slightly newer variant in the world of crypto hacks and scams – the Beanstalk DeFi project was subjected to a flash loan scam where the threat actor in the ecosystem was able to secure the project’s voting rights that were necessary to transfer the reserve funds away from the project’s liquidity pools to their own wallets.
This led to a massive drain of over $182 million worth of cryptos at the time back in April 2022. The attack was carried out by compromising the protocol’s governance mechanism. According to a post-mortem report conducted by Omniscia – the exploit occured due to the then recent implementation of the Curve LP Silos which ultimately,
‘Permitted the attacker to conduct an emergency execution of a malicious proposal siphoning project funds.’
Thus this was a case of a flash loan scam – which allows users to borrow large amounts of virtual funds for a short period of time. However, in the case of Beanstalk, voting powers were based on the amount of tokens held and thus the attacker was able to execute this.
Flash loan functions in DeFi projects allow users to borrow large amounts of virtual funds for a short period of time. In Beanstalk Farm’s case, voting powers were based on the amount of tokens held.
In the month of September, 2022 – Wintermute – a very popular and leading automatic market maker (AMM) was hacked for a sum of about $160 million. Strangely, this was Wintermute’s second major hack in the year 2022 and this time around, one of their hot wallets had been compromised due to a security weakness as a ‘Profanity vanity’ address.
The ‘Profanity’ tool is a vanity wallet address generator – that is a tool that essentially helps you to create custom-made crypto addresses that contain a string of characters that are easy to remember and identify. It could be anything from a person’s initials to birthdays et cetera. This attack was enabled by a defect in the algorithm of the ‘Profanity’ tool. Quite different from the usual variety of attacks out there, this defect in the ‘Profanity’ tool enabled the attacker to directly target the compromised private keys of Wintermute users and siphon off funds.
Elrond’s Maiar DEX Hack
Back in June 2022, a decentralized exchange (DEX) called the Maiar Exchange on the Elrond blockchain suffered a massive hack of about $113 million worth of Elrond eGold (EGLD) tokens.
According to a blockchain researched nicknamed Foudres found out that the attackers deployed a smart contract and utilized three wallets to steal a significant amount of funds from the Maiar DEX – of about 800k, 450k, and 400k of EGLD, estimated at $113 million back then. Moreover, Foudres also said that the attackers were able to even sell of a portion of their total loot, of about 800k EGLD on various exchanges bridged to Ether (ETH) or USD Coin (USDC), or is still stored in a number of different wallets.
Tonight, something that i will call an attack was done on Maiar Exchange (imho). EGLD Price go to hell at 5$ then Maiar Dex was stopped
How is it possible ? a thread ⬇️
RT, Like and comments really apreciated, thanks a lot ♥️ pic.twitter.com/6coqYaV8IQ
— ×Foudres (@xFoudres) June 6, 2022
Read More: Top Decentralized Exchanges
Thus, as we begin the new year of 2023, it is important that we revisit some of the biggest and most sophisticated hacks and attacks we saw in the crypto industry in the past year. This is to ensure that honest investors and participants in the crypto ecosystem are not unfairly treated and also would go a long way into bringing about mainstream adoption amongst the masses as governments and policy makers will begin to take notice.
However, it is also true that crypto scams and related fraudulent activities are not going anywhere, anytime soon. People need to safeguard themselves against this threat on their hard earned money and funds. Some simple measures of protection would include opting for self-custody of tokens, not falling for FOMO or following investment advice of unverified individuals. Always do your own research before investing in any crypto asset.