Unfortunately, crypto hacks have become a part of our everyday life. There are now so many crypto hacks that we can even write monthly roundups about them. In August alone, there were 4 hacks where more than 200 million US dollars were stolen.
According to a recent report by crypto analysis firm Chainanalysis, cross-chain bridges are one of the biggest security problems in the crypto industry. A cross-chain bridge connects two blockchains or two cryptoecosystems. More than two-thirds of all cryptocurrencies stolen in 2022 were stolen via cross-chain bridge hacks.
August 2022: Over $250 million lost
According to blockchain security firm SlowMist Hacked, crypto hacks lost around $263 million in total in August 2022.
SlowMist stated that exploitation of smart contract vulnerabilities, discord hacks, front-end attacks, and BGP hijacking were the 5 most common attack vectors.
In early August, there was one of the most devastating hacker attacks in the crypto industry to date: the Nomad Hack.
Crypto Hack #1: Nomad Bridge
200 million dollars stolen
On August 1, 2022, criminals stole approximately $200 million worth of cryptocurrencies from Nomad Bridge user accounts. The number of hacker wallet addresses involved (300) is particularly noteworthy. Some of the hackers even tried to target Nomad employees to get even more money.
To a smart contract upgrade arose a security hole in the Nomad Bridge system. A security expert wrote:
“It turned out that during a routine upgrade, the Nomad team initialized Trusted Root with the value 0x00. Unfortunately, in this case, this had the slight side effect of automatically confirming each message.“
The platform introduced a “bounty program” after the hack, offering the hackers 10% of the stolen funds if they returned the money.
By the time the article was published, $36 million had already been returned. Also, $7.5 million in cryptocurrencies was sent to an unknown wallet address.
Crypto Hack #2: Acala Network
Generated $52 million
On August 14, 2022, Twitter user 0xTaysama noticed suspicious activity on Polkadot-based DeFi platform Acala. He explained that “an error in the iBTC/AUSD pool” could be the cause of a hack.
The hacker was able to use an exploit (“vulnerability”) generating $1.2 billion in USD. After that, the price of this Acala Network stablecoin dropped by 99%. So far, the Acala team has not been able to restore the peg to the US dollar. At the time of writing this article, the USD price is hovering around the $0.90 mark.
The platform developers confirmed that there was an error due to incorrect setting of the iBTC/aUSD liquidity pool. In addition, the Acala team halted the operation of the network to prevent the hackers from withdrawing aUSD or other cryptocurrencies.
Furthermore, some on-chain analysts stated that other users may also be exploiting the flaw to steal thousands of dollars worth of DOT.
Crypto Hack #3: Solana
$5.8 million stolen
On the 2nd-3rd In August, hackers stole $5.8 million worth of SOL, USDC and other cryptocurrencies from online wallets in the Solana ecosystem. Around 8000 wallets including slope, phantom and trust wallets were affected.
Before the hackers apparently gained access to user data. Therefore, a third-party service could have been compromised by an attack.
The Solana team believes that the hack started in software that was popular among network users.
The hackers apparently used a vulnerability in Slope, a Solana mobile wallet, to carry out the hack. According to the official Twitter account “Solana Status” however, only Slope’s online wallets are affected. Other Solana wallets, including Slope’s offline wallet, are said to pose no threat.
The Solana team advised users to consider the reliability and take advantage of the security benefits of cold wallets to avoid future security issues.
We have contacted Solana for a comment, but have unfortunately not received a response.
Crypto Hack #4: ZB.com
4.8 million dollars stolen
ZB.com bills itself as “the world’s most secure digital exchange”. Ironically, the exchange was hacked on August 2, 2022, and $4.8 million was stolen.
According to data from PeckShield, 20 digital assets including USDT, MATIC, AAVE and SHIB were delisted and sold against Ethereum on various decentralized exchanges soon after.
ZB.com suspended withdrawals and deposits after the hack, citing temporary maintenance as the reason. Then the sudden failure of some core applications was reported. This led many in the crypto community to believe that it could be what is known as an exit scam. In an exit scam, the owners of a crypto project dupe users while at the same time withdrawing all funds from the project.
How do you protect yourself from hacks?
With so many hacks and security breaches in the crypto industry, it is important to stick to basic protections. This includes the prefers a cold wallet over a warm wallet, never reveals a recovery phrase, and stores it on paper in different places. You must have one too Two-factor authentication use, act carefully and Double check links and emails before opening them.
All information on our website has been investigated to the best of our knowledge and belief. The journalistic contributions are for general information purposes only. Any action taken by the reader based on the information on our website is entirely at his own risk.