As we reported recently hackers have exploited a consensus protocol in the Web3 music platform Audius to make off with $1.1 million USD.
- Single lines of ill-conceived code gave hackers access to cryptoassets worth hundreds of millions of dollars
- Most of the hacked companies are continuing operations after undergoing audits or upgrading their security
But the Audius hack is a drop in ocean when you consider that nearly-$2 billion dollars USD of funds have been lost to hacks through the first half of 2022, according to Blockchain security firm Beosin.
The fiat value of hacked assets are on pace to top the $3.2 billion lost in 2021, according to crypto security firm Chainalysis, even amid a drastic slide in cryptocurrency valuations. Blockworks compiled some of the year’s largest crypto hacks to see what went wrong and how protocols fared after being hacked.
- Crypto.com, January, $35 million
In late January, a hacker managed to disable two-factor authentication on the crypto exchange Crypto.com and extract bitcoin and ether from customer accounts. CEO Kris Marszalek initially denied customer funds were lost before acknowledging the hack days later. The company said it is transitioning to “multi-factor authentication” in response to the exploit.
- Qubit QBridge Hack, January, $80 million
A hacker manipulated a smart contract bug on the Binance-based Qubit Finance’s QBridge to mint wrapped ether tokens without depositing funds. The lost assets forced the developers behind Qubit to trim the protocol’s staff and reclassify as a decentralized autonomous organization (DAO).
- Wormhole, February, $325 million
A hacker exploited smart contracts on the Solana-to-Ethereum bridge to mint and cash out on wrapped ether without depositing collateral. Jump Crypto, the venture capital firm behind Wormhole, replenished the stolen funds to keep Solana-based platforms affected by the hack solvent. Wormhole renamed its bridge Portal and currently holds over $480 million, according to crypto data firm DeFi Llama.
- IRA Financial Trust, February, $37 million
The crypto-focused retirement and pension platform was pilfered when hackers accessed a “master key” that bypassed all security measures to customer accounts. IRA Financial Trust has since sued Gemini, the crypto exchange where customer funds were stored, for alleged negligence leading to the hack.
- Cashio, March, $52 million
A string of fake accounts used an “infinite mint glitch” to put up worthless collateral for Cashio’s CASH stablecoin. The coin’s peg cratered to zero and has not recovered, according to data from CoinGecko.
- Axie Infinity Ronin Bridge, March, $625 million
The largest-ever crypto hack measured in fiat dollars came after hackers gained control over a majority of the cryptographic keys securing the play-to-earn game’s cross-chain bridge. Four of the nine keys were stolen when an Axie developer clicked on a fake job offer PDF, according to The Block. The Ronin Bridge has since reopened with more validators, though the game is haemorrhaging users.
- Beanstalk, April, $182 million
A hacker used a “flash loan,” where funds are borrowed and repaid in the same transaction, to accumulate enough assets to control the stablecoin’s governance protocol. The hacker passed a proposal donating funds to Ukraine before making off with the collateral. Developers paused the protocol while undergoing audits and raising funds, but plan to reopen deposits in early August.
- Fei Protocol, April, $80 million
A “reentrancy” bug in the lending protocol’s code allowed a hacker to take out a loan while also withdrawing the collateral put up on the loan. Fei users passed a proposal to make investors whole through “the DAO repaying the bad debt on behalf of the hacker.” The Fei stablecoin remains at its dollar peg, per CoinGecko.
- Harmony Bridge, June, $100 million
The North Korea-linked Lazarus group accessed two of the Binance and Ethereum bridge’s five security keys, approving transactions siphoning assets from the bridge. Harmony now requires four of five validator keys to reach a consensus on transactions, and is yet to announce its plan to compensate users.
The information provided on this page does not constitute investment advice, financial advice, trading advice, or any other sort of advice and it should not be treated as such. This content is the opinion of a third party and this site does not recommend that any specific cryptocurrency should be bought, sold, or held, or that any crypto investment should be made. The Crypto market is high-risk, with high-risk and unproven projects. Readers should do their own research and consult a professional financial advisor before making any investment decisions.
Although the material contained in this website was prepared based on information from public and private sources that AudiusX.com believes to be reliable, no representation, warranty or undertaking, stated or implied, is given as to the accuracy of the information contained herein, and AudiusX.com expressly disclaims any liability for the accuracy and completeness of the information contained in this website.
AudiusX is dedicated providing you the latest news about Audius (AUDIO), and other decentralized Web3 projects in the crypto industry. Our goal at AudiusX is to provide you with the best unbiased, and most exclusive information, about the crypto industry, decentralized music streaming, music NFTs and music in the metaverse.