🎉 The #CandyDrop Futures Challenge is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
2022 DeFi Eight Major Security Incidents Review: $4.3 Billion Loss Warns Project Parties and Users
DeFi Security Incident Review: Analysis of Major Cases in 2022
In 2022, the blockchain industry experienced more than 300 security incidents, with amounts reaching as high as $4.3 billion. This article will analyze in detail eight typical cases, most of which resulted in losses exceeding $100 million.
Ronin Bridge Incident
In March 2022, the sidechain Ronin Network of Axie Infinity was hacked, resulting in a loss of 173,600 ETH and 25.5 million USD, totaling nearly 600 million USD in value. Reports indicate that the hacker gained access to internal employees through social engineering tactics, ultimately controlling enough validator nodes to carry out the attack. This incident exposed the project's shortcomings in employee security awareness and internal security systems.
Wormhole Vulnerability Incident
The Wormhole cross-chain bridge suffered a vulnerability in the Solana side contract code, allowing attackers to forge "guardian" messages to mint Wormhole-wrapped ETH, resulting in a loss of approximately 120,000 ETH. This incident was primarily due to the use of deprecated functions, reminding developers to update their codebases in a timely manner and avoid using outdated functions.
Nomad Bridge Attack Incident
The cross-chain protocol Nomad suffered an attack due to initialization setting issues, resulting in a loss of approximately $190 million. The attackers were able to construct arbitrary messages to extract funds from the bridge, with a large number of addresses participating in this "money grabbing" operation. This case highlights the security challenges faced by open-source projects, as vulnerabilities can be easily exploited once they occur.
Beanstalk Flash Loan Attack
The algorithmic stablecoin project Beanstalk suffered a flash loan attack, resulting in a loss of approximately $182 million. The attacker exploited a vulnerability in the project's governance mechanism to obtain a large amount of voting power through a flash loan, submitting and immediately executing a malicious proposal. This incident exposed potential security risks in decentralized governance, such as the importance of proposal review mechanisms and time locks.
Wintermute Nice Number Private Key Leak
The market maker Wintermute suffered a loss of over $160 million due to the use of a flawed vanity address generation tool, which resulted in the compromise of the private key for the contract owner address. This incident serves as a reminder for project teams to exercise caution when using external tools and to conduct thorough security assessments.
Harmony Bridge Attack Incident
The cross-chain bridge Horizon of Harmony has been attacked, resulting in losses exceeding $100 million. According to analysis, this may have been caused by a private key leak, and the attack method is similar to the Ronin Bridge incident. This once again emphasizes the importance of key management and the necessity of strengthening internal security in the face of persistent threats.
Ankr Event
The Ankr project was attacked, with hackers minting a large number of tokens out of thin air and cashing out. This incident stemmed from malicious actions by internal personnel, exposing vulnerabilities in the project's permission management and internal controls. At the same time, other projects within the related ecosystem were also affected in a chain reaction, highlighting the interdependence of the DeFi ecosystem.
Mango Markets Manipulation Incident
The trading platform Mango Markets has suffered from price manipulation, with attackers manipulating the prices of low market cap tokens to borrow nearly $115 million in assets from the platform. This incident reveals the vulnerabilities in the business model design of certain DeFi projects, particularly the risks involved in handling low market cap and low liquidity assets.
These cases remind us that in the blockchain and Decentralized Finance (DeFi) fields, security is always the primary consideration. Project teams need to comprehensively assess potential risks, and users should also participate cautiously, fully understanding the project's business model and potential risks.