In February 2023, hackers managed to steal $21.41 million of digital assets from DeFi platforms. This information came from DeFi Llama, a total value-locked (TVL) aggregator. This steeply rose from January, when the hacked amount was nearly $740,000.
The February amount is quite big. But compared to total hacks and the assets stolen in 2022, it appears to be minuscule. Chainanalysis, the market intelligence firm, in their notes on Crypto Crime Report 2023, said that crypto hackers managed to steal $3.8 billion, which, not surprisingly, is the highest annual total ever.
During the harsh crypto winter, October was the most active month for the hackers – 32 crypto hacks plus assets worth $775.7 million were stolen. The soft targets of these hacks turned out to be cross-chain bridges in the decentralized finance (DeFi) ecosystem. They accounted for nearly 64% of the total hacked amount.
These cross-chain bridges are essentially designed to facilitate transfers of assets between two blockchains. It has been a strategy to steal something during transit since the medieval ages and even far back. Many solid reasons back this idea – one, the security is minimum, and two, the possibility of getting caught is reduced.
When assets are on-chain, they are protected by inherent features of blockchain technology. It is quite tough to steal from a blockchain, but once it is on the bridge, its protection lies upon smart contracts and centralized repositories of the funds backing the asset when bridged to a new chain.
When the bridge gets big enough, coupled with considerable traffic of transactions, it becomes a soft target for hackers. They find loopholes in the smart contract and eventually exploit it to steal the assets mid-transit. Similar to the olden days when decoits or bandits looted travelers on busy and well-traveled roads.
In 2021, DeFi hacks amounted to $1.5 billion, and in the first few months of 2022, the amount was $1.4 billion. Some of the prominent DeFi hacks are discussed below.
Ronin Network is an Ethereum-based side-chain for a popular play-to-earn game called Axie Infinity. The hacker managed to exploit the Ronin Bridge by forging fake withdrawals. The exploit was worth $625 million and hacked into ETH and USDC assets.
Nomad Bridge helped swap tokens like Ethereum, Moonbeam, Evmos and Avalanche. Multiple hackers used the same methods to attack it 1,175 times, stealing $190 million from the cross-chain bridge.
Wintermute used address generation tools for creating unique addresses for its users, greatly reducing transaction costs. But this was just 32 characters long and easily hackable with the right tools. They were then hacked into $160 million worth of assets.
Wormhole Bridge – the infamous protocol worked as a token bridge, allowing users to exchange tokens across multiple blockchains like Ethereum, Oasis, Terra, Avalanche and Solana. Interestingly they were taken down by their own flawed decentralized governance protocol and their facility to provide flash loans. The hack was worth $254 million.
Many hacks have happened in the crypto and DeFi space, exposing weak links and pressure points. Developers are working to make them more secure and robust.