$62M crypto stolen in Dec was the ‘lowest monthly figure’ in 2022: CertiK

Published at: Jan. 2, 2023

Cryptocurrency hackers and exploiters seemingly slowed down for the 2022 holidays as December saw $62.2 million worth of cryptocurrencies stolen, the “lowest monthly figure” of the year according to CertiK.

The blockchain security company tweeted a list of the month's most significant attacks on Dec. 31. It highlighted the $15.5 million worth of exit scams as the method that stole the most value over the month followed by the $7.6 million worth of flash loan-based exploits.

#CertiKStatsAlert Combining all the incidents in December we’ve confirmed ~$62.2M lost to exploits, hacks and scams.The lowest monthly figure this year. Exit scams were ~$15.5MFlashloans were ~$7.6M See the details below pic.twitter.com/1ub3mYVv6K

— CertiK Alert (@CertiKAlert) December 31, 2022

A later tweet on Jan. 1 confirmed the 23 largest exploits were responsible for around 98.5% of the $62.2 million figure, with the $15 million Helio Protocol incident on Dec. 2 the largest of the month.

The protocol, which manages the stablecoin HAY (HAY), suffered a loss when a trader took advantage of a price discrepancy in Ankr Reward Bearing Staked BNB (aBNBc) to borrow millions worth of HAY.

At the time, decentralized finance (DeFi) protocol Ankr suffered a separate exploit where an attacker minted 20 trillion aBNBc causing its price to plummet. The Helio trader quickly deposited aBNBc tokens to borrow 16 million HAY causing the loan to be significantly undercollateralized leading to the protocol's loss and a depeg of its stablecoin.

The second largest incident of the month was the $12.9 million exploits of Defrost Finance’s v1 and v2 protocols on Dec. 23 where an attacker carried out a flash loan attack by adding a fake collateral token and a malicious price oracle to liquidate the protocol.

Days after the exploit, the hacker returned the funds stolen from the v1 protocol to an address controlled by Defrost, though funds are yet to have been returned for the v2 hack.

CertiK labeled the exploit an “exit scam” due to the fact an admin key was required to conduct the attack. Defrost denied the allegations to Cointelegraph claiming the key was compromised.

Related: Crypto’s recovery requires more aggressive solutions to fraud

The December figure is much lower than the month prior, seeing an 89.5% decrease from the $595 million worth of exploits across 36 major incidents CertiK recorded in November 2022, a figure largely skewed by the $477 million hack of crypto exchange FTX.

#CertiKStatsAlert 36 major attacks were recorded in November totalling a loss of ~$595 Million. As always, make sure a project has an audit & KYC before investing!Remember to always #DYOR and read the audit reports! pic.twitter.com/UhiDU2itAm

— CertiK Alert (@CertiKAlert) December 1, 2022

Overall for 2022, just the largest 10 exploits of the year funneled around $2.1 billion to the spaces bad actors largely taking place on cross-blockchain bridges and DeFi protocols.

Tags
Related Posts
Security firms are making it more difficult for scammers to get away with DeFi project hacks
The rise of community-oriented blockchain security companies may be making it more difficult for alleged bad actors to get away without a trace. Early Wednesday, CertiK issued a community alert regarding Flurry Finance, where its smart contracts were allegedly breached by hackers, leading to $293,000 worth of funds being stolen. Shortly after the incident, CertiK published the wallet addresses of the alleged perpetrator, the address of the malicious token contract, and a PancakeSwap pair address allegedly involved in the attack, leading to a warning issued on BscScan. While the firm audited the project's smart contracts, it appears that the exploit …
Adoption / Feb. 23, 2022
British Army’s social media accounts hacked by crypto scammers
The British Army’s official Twitter, Facebook and YouTube accounts were breached on Sunday for almost four hours, with scammers promoting rip-off nonfungible token (NFT) collections and cryptocurrency scams. Just after 2:00 pm EST on Sunday, the United Kingdom Ministry of Defence (MOD) Press Office tweeted it was aware the Army’s social media accounts were compromised and had begun an investigation. Nearly four hours later, close to 5:45 pm EST, the Office provided an update that the account breaches were resolved. The British Army's official Twitter account also apologized for the posts, saying it would conduct an investigation and “learn from …
Defi / July 4, 2022
DeFi was the most attacked ecosystem in 2022: Finance Redefined
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. The DeFi ecosystem started 2023 on a bullish note, similar to the broader cryptocurrency market. However, the bullish start to the year didn’t diminish the damage caused by vulnerabilities and attacks in 2022. A new research report has highlighted that DeFi was the most vulnerable crypto ecosystem, at the receiving end of 113 exploits out of the total 167. On top of that, blockchain security experts have warned the trend could continue in 2023. …
Ethereum / Jan. 13, 2023
Developers seek solutions for Web3-related scams from internet browsers
A big concern for users in decentralized finance (DeFi) involves the industry’s susceptibility to exploits. A report from Privacy Affairs revealed hackers stole $4.3 billion worth of cryptocurrency in the time period from January to November 2022 — a 37% increase from the previous year. Such exploits harm the integrity of companies and fuel skeptics from outside of the space in their case against cryptocurrencies. However, in a Feb. 2 announcement from Web3 Builders Inc., the company revealed a suite of tools to combat this issue. The initial browser extension TrustCheck was created to flag Web3-related scams before users continue …
Adoption / Feb. 2, 2023
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023