2022 DeFi Eight Major Security Incidents Review: $4.3 Billion Loss Warns Project Parties and Users

robot
Abstract generation in progress

DeFi Security Incident Review: Analysis of Major Cases in 2022

In 2022, the blockchain industry experienced more than 300 security incidents, with amounts reaching as high as $4.3 billion. This article will analyze in detail eight typical cases, most of which resulted in losses exceeding $100 million.

Cobo Decentralized Finance Security Course (Part 1): Review of Major DeFi Security Events in 2022

Ronin Bridge Incident

In March 2022, the sidechain Ronin Network of Axie Infinity was hacked, resulting in a loss of 173,600 ETH and 25.5 million USD, totaling nearly 600 million USD in value. Reports indicate that the hacker gained access to internal employees through social engineering tactics, ultimately controlling enough validator nodes to carry out the attack. This incident exposed the project's shortcomings in employee security awareness and internal security systems.

Wormhole Vulnerability Incident

The Wormhole cross-chain bridge suffered a vulnerability in the Solana side contract code, allowing attackers to forge "guardian" messages to mint Wormhole-wrapped ETH, resulting in a loss of approximately 120,000 ETH. This incident was primarily due to the use of deprecated functions, reminding developers to update their codebases in a timely manner and avoid using outdated functions.

Nomad Bridge Attack Incident

The cross-chain protocol Nomad suffered an attack due to initialization setting issues, resulting in a loss of approximately $190 million. The attackers were able to construct arbitrary messages to extract funds from the bridge, with a large number of addresses participating in this "money grabbing" operation. This case highlights the security challenges faced by open-source projects, as vulnerabilities can be easily exploited once they occur.

Beanstalk Flash Loan Attack

The algorithmic stablecoin project Beanstalk suffered a flash loan attack, resulting in a loss of approximately $182 million. The attacker exploited a vulnerability in the project's governance mechanism to obtain a large amount of voting power through a flash loan, submitting and immediately executing a malicious proposal. This incident exposed potential security risks in decentralized governance, such as the importance of proposal review mechanisms and time locks.

Wintermute Nice Number Private Key Leak

The market maker Wintermute suffered a loss of over $160 million due to the use of a flawed vanity address generation tool, which resulted in the compromise of the private key for the contract owner address. This incident serves as a reminder for project teams to exercise caution when using external tools and to conduct thorough security assessments.

Harmony Bridge Attack Incident

The cross-chain bridge Horizon of Harmony has been attacked, resulting in losses exceeding $100 million. According to analysis, this may have been caused by a private key leak, and the attack method is similar to the Ronin Bridge incident. This once again emphasizes the importance of key management and the necessity of strengthening internal security in the face of persistent threats.

Ankr Event

The Ankr project was attacked, with hackers minting a large number of tokens out of thin air and cashing out. This incident stemmed from malicious actions by internal personnel, exposing vulnerabilities in the project's permission management and internal controls. At the same time, other projects within the related ecosystem were also affected in a chain reaction, highlighting the interdependence of the DeFi ecosystem.

Mango Markets Manipulation Incident

The trading platform Mango Markets has suffered from price manipulation, with attackers manipulating the prices of low market cap tokens to borrow nearly $115 million in assets from the platform. This incident reveals the vulnerabilities in the business model design of certain DeFi projects, particularly the risks involved in handling low market cap and low liquidity assets.

These cases remind us that in the blockchain and Decentralized Finance (DeFi) fields, security is always the primary consideration. Project teams need to comprehensively assess potential risks, and users should also participate cautiously, fully understanding the project's business model and potential risks.

Cobo Decentralized Finance Security Course (Part 1): Review of 2022 DeFi Security Major Events

Cobo Decentralized Finance Security Course (Part 1): Review of Major DeFi Security Events in 2022

DEFI-10.77%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 6
  • Share
Comment
0/400
TokenRationEatervip
· 08-04 16:47
4.3 billion Be Played for Suckers should
View OriginalReply0
PositionPhobiavip
· 08-01 19:56
The market is just going back and forth, with no real progress...
View OriginalReply0
GraphGuruvip
· 08-01 17:32
Selling misery again.
View OriginalReply0
GasWastervip
· 08-01 17:32
Let the hacker take away 400 million, and still dare to say they have a security system?
View OriginalReply0
SchrodingerPrivateKeyvip
· 08-01 17:29
Every day Be Played for Suckers makes me dizzy.
View OriginalReply0
GateUser-9ad11037vip
· 08-01 17:27
So dumb, able to lose so much.
View OriginalReply0
Trade Crypto Anywhere Anytime
qrCode
Scan to download Gate app
Community
English
  • 简体中文
  • English
  • Tiếng Việt
  • 繁體中文
  • Español
  • Русский
  • Français (Afrique)
  • Português (Portugal)
  • Bahasa Indonesia
  • 日本語
  • بالعربية
  • Українська
  • Português (Brasil)