Top 10 hacks in the crypto sector in 2022

Posted on April 20, 2022 at 1:11 PM

Top 10 hacks in the crypto sector in 2022

The decentralized finance (DeFi) space has grown significantly over the past few years, but the growth has also come with the challenge of exploits. Given that DeFi is relatively new, it is not surprising that many protocols have been hacked.

The year 2021 saw a huge number of funds stolen from the protocol. However, 2022 is already breaking the record. Within the first few months of 2022, the number of hacks in the crypto space has increased by 695%, and so far, around $1.3 billion has been stolen.

Below is a list of the top ten most popular hacks in the crypto space:

Ronin Network

The Ronin Network suffered from the largest DeFi exploit of 2022 and the largest DeFi hack of all time. The hackers managed to drain around $625M from the protocol. The Ronin Network is popular for hosting a leading play-to-earn game, Axie Infinity.

The hack happened on the Ronin Bridge that allows users to transfer assets to and from the Ronin Network. The hackers obtained 5 out of 9 validator keys required, allowing them to create fake withdrawals. The hackers wrote transactions on the chain and later validated these transactions using stolen keys.

Sky Mavis, the Axie Infinity P2E game developer, discovered this attack six days after it happened. The platform explained that the attack was caused by the failure to withdraw permissions granted towards the end of last year to handle an increased number of players.

Sky Mavis has since reimbursed the stolen funds. It received $150M in a funding round led by Binance, which saw participation from other popular crypto firms. The protocol later announced that it would reimburse the remaining funds using its personal accounts.

The Ronin Network hack was recently attributed to hacking groups based in North Korea. The FBI and the US Treasury Department have attributed the Lazarus and APT38 hacking groups to the exploit.

Wormhole Bridge

The Wormhole Bridge hack is the second-largest DeFi exploit of 2022. The hack resulted in a $325M loss worth of Ether (ETH) tokens. Wormhole is a communication bridge between the Ethereum and Solana blockchains.

The hacker exploited the Wormhole Bridge and redirected ETH to their personal wallet. This was caused by a fault in the smart contract bridging the two blockchains. The hack on the Wormhole Bridge created concern over the vulnerability of cross-chain bridges.

A month before this hack happened, Vitalik Buterin, the co-founder of the Ethereum blockchain, had said that the future of the decentralized finance ecosystem would be multichain but not cross-chain. He said that there were critical vulnerabilities in the security of bridges that were used in different blockchains.

A report from a blockchain analytics platform said that the hack was caused by the failure of the Wormhole bridge to validate guardian accounts, leading to the attacker managing to mint 120,000 worth of wETH tokens without any ETH backing these tokens.

Shortly after the hack, the Jump Trading Group, involved in Wormhole’s development, announced it would take credit for replacing the stolen 120,000 Ethereum tokens. The team further announced it had fixed the vulnerability.

Qubit Finance

At the end of January, Qubit Finance was also exploited by hackers. The exploit resulted in a more than $80 million loss. Qubit Finance is a protocol based on the Binance Smart Chain. The cryptocurrency wallet addresses associated with the attack stole 206,809 Binance Coin (BNB).

The hack happened on QBridge, and it was done to create a large number of xETH collateral that was later used to steal all the BNB tokens stored on QBridge. Reports by security researchers said that the attacker used a deposit option in the QBridge contract to mint around 77,162 qXETH. The attackers lied to the protocol that they had deposited money into the protocol, but they had not.

The hacker exploited the protocol multiple times, and they converted all of the stolen assets into Binance Coin before withdrawing them into their wallet addresses. This attack was ranked as the seventh-largest one in the DeFi space.

Another major hack also happened on the exchange in January. The hack was initially reported by users who claimed that their funds on the exchange had been stolen. confirmed the hack a few days later, saying that 483 users were affected. The hacker managed to withdraw more than $15M worth of Ether (ETH) and $19M worth of Bitcoin (BTC). $66,200 worth of other cryptocurrencies were also stolen, with the total losses tallying to more than $34M. said that it had detected malicious activity where transactions were being executed without a two-factor authentication process being complemented by a user. The exchange halted withdrawals for around 14 hours following the breach as investigations were done. did not reveal how the attacker approved the transactions without completing the two-factor authentication needed for all users. The platform also announced beefing up security to prevent similar attacks.

Beanstalk Protocol

The latest exploit on the DeFi sector happened on Beanstalk farms. The exploit happened on April 18, and it resulted in a $182M loss of collateral following a security breach triggered by two malicious governance proposals and a flash loan attack.

The exploit of the protocol was caused by malicious governance proposals BIP-18 and BIP-19. The exploiter issued the proposals and later requested the protocol to donate funds to Ukraine. However, the proposals were being made by a malicious actor who had created a sinkhole for the funds.

The exploiter managed to walk away with $1 billion in flash loans secured from the Aave protocol and denominated in stablecoins, including DAI (DAI), USD Coin (USDC) and Tether (USDT). The attacker used the funds to garner enough assets needed to control more than 67% of the protocol’s governance and approve their own proposals.

After stealing the cryptocurrencies, the attacker exchanged BEAN tokens for Ether (ETH) and later sent the tokens to Tornado Cash to anonymize the transactions. The attacker also sent 250,000 to the crypto donation wallet for the Ukrainian government.

WonderHero NFT

Non-fungible token (NFT) platforms have also been victims of increased hacking attacks in the cryptocurrency space. WonderHero, a popular GameFi multi-platform for iOS and Android devices, was also exploited. The hacker started selling the stolen assets immediately, making it hard for the platform to make a recovery.

The exploit in April 2022 led to losses of 80 million WND tokens valued at around $30M when the exploit was reported by a cybersecurity firm. After the breach, WonderHero immediately closed its website and halted all transactions using in-game liquidity. The platform also asked users to halt transactions with WND tokens. 

An analysis of the breach showed that the attacker compromised the private key for WonderHero’s core wallet. The private key details could have been possibly leaked to the attacker. The hacker transferred the stolen WND tokens to the PancakeSwap DEX and exchanged them for around 70 BNB tokens.


In January, the Opensea NFT marketplace suffered a massive exploit allowing the attacker to exploit users on the platform and luring them to buy fake NFTs at extremely high prices. The hacker managed to steal 332 ETH valued at around $754,000 following this exploit.

The exploit was conducted on some of the most valuable NFTs, such as the Bored Ape Yacht Club (BAYC) and the Mutant Ape Yacht Club (MAYC). The attacker bought the NFT at the low prices they were initially listed on the platform before selling them later at the ongoing market prices.

The specific NFTs affected during the exploit were BAYC #9991, BAYC #8924 and MAYC #4986. The hacker behind the exploit was also a user on OpenSea. This was not the first such exploit on Opensea. It was reported that when users list their assets on the marketplace but decide to cancel the listing later, they are charged a high fee and the value of the assets declines. However, those who want to avoid the high fee found an alternative.

Instead, users can transfer the assets they want to be cancelled into a different wallet, which removes the listing on OpenSea. However, the asset remains listed on the marketplace through the OpenSea API.

The bug preventing the transferred assets from being delisted on Opensea was detected in December last year, but OpenSea did not issue any patches. However, the popularity of NFTs could have attracted hackers to exploit the marketplace.

Deus Finance

Deus Finance, multi-token decentralized finance (DeFi) marketplace, suffered an exploit in March 2022. The platform lost more than $3 million worth of DAI stablecoin and Ether (ETH).

The hackers behind the attack exploited and manipulated a price oracle for flash loans, resulting in the loss of user funds. The hackers also manipulated the value of the StableV1 AMM – USDC/DEI. The protocol used the trading pair to set the price oracle for its flash loans.

Cybersecurity experts revealed that the attackers stole 200,000 DAI tokens and 1101.8 ETH. Reports estimate that the total amount stolen could be higher than the $3 million that was previously reported. Later, the attacker sent the stolen funds through Tornado Cash, a coin mixer tool.

After the exploit was disclosed, Deus Finance acknowledged it. It further said that it had shut down the DEI lending contract. The protocol further claimed that DEUS and DEI were not affected following the exploit.


Tinyman was the first protocol to be exploited in 2022. The network was breached by unauthorized users who accessed the network’s pools after compromising a known vulnerability on the protocol’s smart contracts.

The protocol said that the breach resulted in the theft of ASAs during the first few hours, which triggered high volatility. Tinyman issued a statement saying that the hack activated wallet addresses and deposited a seed fund used for the breach. The hackers conducted the attack by targeting pools and later swapped a portion of their funds and minted Pool tokens.

The hackers exploited an unidentified bug in the Pool Tokens burn process, allowing the hackers to exploit it and acquire two similar assets and not two different assets. The platform added that the attackers specifically chose the assets to steal because they were highly valuable compared to ALGO, the native token for the Algorand ecosystem.

Tinyman’s report added that the hacker swapped pools using stablecoins to derive high value, withdraw the assets to other on-chain cryptocurrency wallets, and send some tokens to centralized exchanges (CEXs).

Tinyman issued a statement to its users saying that the affected users would be reimbursed and that the team was working on a compensation plan. It further said that it could not hinder any transaction made on the blockchain because contracts had a permissionless nature.

Multichain bridge

In January, the Multichain platform asked its users to revoke the approvals given for six tokens to be used in protecting assets from exploitation by malicious persons. Following this exploit, one hacker stole $1.43M, while another hacker offered to reimburse 870% of the stolen funds to the protocol while maintaining the rest as a tip.

The amount stolen from the Multichain hack was equivalent to around $3M. The six tokens that were vulnerable to this exploit included Wrapped Ethereum (WETH), Peri Finance Token (PERI), Wrapped BNB (WBNB), Polygon (MATIC), Official Mars Token (OMT) and Avalanche (AVAX).

The exploit triggered much backlash from users that accused the platform of failing to give them adequate details on the matter. One of the users lost $960,000 worth of ETH to the hacker if they returned the stolen funds.

The company also added that the crucial vulnerability causing the breach had been reported and patched. It also reminded users to revoke their approval of the six tokens. The breach caused a major uproar among users who accused the platform of failing to do enough to protect them.


The DeFi total value locked (TVL) has increased significantly over the past year, and so have the threats to networks. Every month of 2022 has recorded a new exploit, and more could be on the way. So far, $1.3B has been stolen, and a very small amount has been reimbursed to the protocols. This calls for DeFi protocols to increase their security, given that billions of dollars’ worth of user funds have been invested in decentralized finance projects.

Top 10 hacks in the crypto sector in 2022
Article Name
Top 10 hacks in the crypto sector in 2022
The year 2021 saw a huge number of funds stolen from the protocol. However, 2022 is already breaking the record. Within the first few months of 2022, the number of hacks in the crypto space has increased by 695%, and so far, around $1.3 billion has been stolen.
Publisher Name
Publisher Logo

Share this:

Related Stories:


Get the latest stories straight
into your inbox!