While 2022 has proved to favor crypto hackers, with the majority of months exceeding last year’s count, December slowed down the pace a bit.
As per data from CertiK, a firm that provides security and audit services to decentralized finance, Web3, and other tech projects, hackers stole $62.2 million worth of cryptocurrencies. The figures reported have been the “lowest monthly figures” of the year, as per the stats.
Recently, the security firm tweeted a list of the month’s most significant attacks and highlighted the $15.5 million worth of exit scams as the method that stole the most asset value over the month. Following it was the $7.6 million worth of flash loan-based exploits.
Another tweet from the firm confirmed that the 23 largest exploits were responsible for around 98.5% of the reported total, i.e., $62.2 million. Amongst the largest exploits, the Helio Protocol incident on December 2 was the largest incident of the month.
Sources reveal that the protocol that manages the stablecoin HAY (HAY), an over-collateralized stablecoin pegged to the USD, also suffered a loss. The loss occurred when a trader exploited the price discrepancy in Ankr Bearing Staked BNB (aBNBc) to borrow millions worth of HAY. Ankr is a decentralized (DeFi) protocol based on the BNB chain.
The incident was confirmed on December 2, and at the time, Ankr suffered a separate exploit where an attacker minted 20 trillion aBNBc, causing its price to decline. The Helio trader quickly deposited aBNBc tokens to borrow 16 million of the stablecoin HAY. Unfortunately, this caused the loan to be severely undercollateralized, leading to the protocol’s loss and eventual depeg of its stablecoin.
Now, reports reveal that the $12.9 million exploits of Defrost Finance’s v1 and v2 protocols on December 23 were reported to be the second-largest incident of the month. In this case, an attacker performed a flash loan attack by adding a fake collateral token and a malicious price attack to liquidate the protocol.
Interestingly, a few days after the incident, the hacker returned the funds stolen from the v1 protocol to an address owned by Defrost; however, the funds stolen from the v2 protocol have not yet been returned.
The security firm called the exploit an “exit scam,” given that an admin key was required to conduct the attack; however, Defrost did not explicitly comment on it and just said that the key was compromised.
However, the figures for December were much lower than the month prior, given an 89.5% decrease from the $595 million worth of exploits across 36 major incidents reported in November. In addition, the figures for the second-last month of 2022 were skewed by the $477 million hack of the crypto exchange FTX.
Similarly, Todayq News reported $760 million was estimated to be stolen in digital assets in October alone. The hacks in October have come from malicious actors committing 44 exploits affecting 53 protocols. In 2022, the ten largest exploits covered around $2.1 billion to bad actors, majorly on cross-blockchain bridges and DeFi protocols.