With Nearly $600M Stolen, ‘Uptober’ Quickly Became Known as ‘Hacktober’
2022 has been dubbed the year of crypto hacks and October is the month with the most hacks for the year. According to crypto analysis firm Chainalysis more than $3 billion worth of crypto has been lost in hacks this year alone. In October alone, an estimated $718 million was stolen from DeFi protocols across eleven hacks.
In the past, the most prominent crypto hacks targeted centralized exchanges (CEX). These days, hacks occur mainly on DeFi platforms and cross-chain bridges. Three cross-chain bridges were attacked in October; the losses recorded were nearly $600 million; while leading the pack of the most recent DeFi protocol hacks is Solana’s Defi platform, Mango Protocol.
Solana, a Hotbed of Hacks
Hacks are not new in the crypto space. Solana has been attacked a few times. In the latest attack, Mango Markets, a Solana-based DeFi protocol, lost over $100 million in a hack. The attacker manipulated a price oracle which enabled the attacker to manipulate the price of the protocol’s governance token MNGO and to take under-collateralized cryptocurrency loans.
Twenty-four hours following the attack, the Total Value of Assets Locked (TVL) on the Mango Protocol dropped from $1.32 billion to about $985 million.
Interestingly, the attacker later sent an ultimatum to the Mango community. Posting a proposal titled “Repay bad debt” on Mango’s DAO platform, the attacker demanded that the Mango treasury use its $70 million, available in USDC, to repay bad debt. The hacker then promised to send stolen MNGO and SOL tokens to specified wallets provided the terms of the proposal were met. The proposal was later defeated and declined.
Before Solana’s October hack, thousands of Solana wallets were drained in a multi-million dollar hack in August. An attacker withdrew funds from approximately 8,000 Phantom hot wallets on the Solana network. The attack was linked to complications related to importing accounts into the wallet.
Binance was not Spared
Operators of the largest CEX and one of the most active ecosystems, Binance, were victims of a Binance Chain hack. In the exploit, the attacker had tricked the BNB Token Hub Bridge into sending 2 million BNB tokens into the attacker’s wallet. The overall size of the attack was over $500 million. Moments after the attack, Binance halted its chain by asking all forty-four of its validators to temporarily suspend the network. Halting of the Binance Chain led to concerns about centralization in the Binance Chain network.
Hacks take various forms and strategies from rouge hackers. Some hacks are a result of social engineering attacks on users, whereby a user ‘willingly’ divulge confidential information after falling prey to a social engineering trick; others come very sophisticated and require lots of planning and effort.
How to Curb the Menace of Crypto Hacks
Hacks are an unpleasant experience both for a project team and the end users. Hackers sharpen their “tools” always, looking for new vulnerabilities.
One of the ways to mitigate crypto hack incidents is by thorough code auditing. When code, mainly smart contract codes, go through thorough security auditing, developers of projects could catch a vulnerability early and tackle it before it leads to an exploit. Users of crypto products should also be given both basic and advanced crypto security courses. When users learn and know how to spot a social engineering trick there will be fewer victims of certain types of hacks in the crypto space.
To prevent hacks caused by APIs and blockchain Oracles, the emergence of fully decentralized blockchain infrastructures would help curb some of the hacking menaces. Some prominent hacks have been caused by external data from APIs being compromised — users of FTX recently suffered this type of attack. The Mango markets hack was caused by a loophole in a price oracle, found by the attacker. With a fully decentralized Web3 infrastructure, data served to dApps will be directly on-chain, and will not be susceptible to hacks.