Defi Exploits and Hacks Increased in the Year Ending, Here Are Some Details

Over the previous 30 days, there has been a rash of crypto hacks and assaults. To begin with, on December 2, the cross-chain DeFi protocol Ankr was struck by a $5 million vulnerability, with the platform alleging that the theft was an inside operation. Recently, Bitkeep, a decentralised multi-chain digital wallet, was stolen for $8 million on December 27 after users downloaded a tainted APK version of the protocol.

According to DeFiLlama, bad actors misused cryptocurrency platforms to the tune of $3.2 billion in 2022. The enormous sum not only highlighted security flaws in multiple protocols but also eroded trust in decentralised financial initiatives as a whole.

However, the hacker responsible for the assaults refunded a portion of the proceeds the next day. Certik, a security analytics firm, investigated the sequence of events and found that the $12 million in cash withdrawn were part of an exit scam.

On December 26, during the Defrost vulnerability saga, hackers stole $8 million from Bitkeep, a multichain wallet. It was then revealed in an analytical report that exploiters attracted consumers using phishing websites.

Another negative week for the top 100 DeFi coins, with little to no price movement. On the weekly charts, nearly all tokens were trading in the red.

Related Read: DeFi Hacks in 2022

Most Prominent DeFi Hacks

Hack on Defrost Finance

First Attack

On December 24, Defrost, a decentralized leveraged trading platform, was attacked, resulting in the loss of customer cash. The team revealed the vulnerability on Twitter, stating it was a flash loan attack exclusive to their V2 product and that no other verticals were affected.

1606455304841236480

However, the platform told consumers that the attack was restricted to its V2 product, and that V1 was unaffected. "As the team delves further, please be aware that the V1 is unaffected - the initial version of Defrost has no flash loan capability," the Defrost team stated in another tweet, assuaging any concerns about additional losses.

Also Read: DeFi is transforming the way forward

Second Attack

Just when users believed the worst was over, Defrost revealed that its V1 product had also been hacked, resulting in a far wider onslaught. "The same - or a different - hacker also stole the owner key for a second, far bigger attack on the V1. "We are presently investigating how the aggressors obtained the key and exploited it to abuse the protocol," the platform said in a December 25 tweet.

1606853029332123648

According to sources, the attacker exploited Defrost's V1 product using an owner key. With this key, the hacker was able to generate a bogus collateral token and manufacture 100 million H20 tokens, a stablecoin native to the Avalanche system.

After all, was said and done, the hacker was able to escape with $12 million in tokens.

Last Outcome

Amid the suspicions of an exit fraud, Defrost tweeted a wallet address on its Twitter page, requesting that the attacker refund the stolen cryptocurrency. They also offered a reward of 20% of the stolen monies. These precautions appear to have paid immediate benefits, since the attacker restored all stolen funds on December 26. The bounty includes $9.9 million in DAI and $3.3 million in ETH.

The DeFi platform indicated in its most recent update that it will convert the returned monies into stablecoins, which will be moved from Ethereum to Avalanche before being restored to their rightful owners. The platform will analyze user holdings before the assault and then issue refunds.

Bitkeep Wallet Exploit

BitKeep, a multi-chain crypto wallet, disclosed a hacking event in which consumers lost millions of dollars in multiple cryptocurrencies.

According to the project's staff, preliminary investigations indicate that certain APK package downloads were hijacked and deployed with malicious code inserted by hackers.

“If your funds are stolen, the application you download or update may be an unknown version (unofficial release version) hijacked,”- Bitkeep Wrote in the telegram group.

BitKeep also recommended consumers who downloaded the APK version move their cash to an App Store or Google Play wallet. Users should ideally do this using a newly generated wallet address, as the addresses produced by the infected APK may have been disclosed to hackers.

FTX Exploit

The largest crypto event of 2022—and possibly the biggest news story—was the catastrophic collapse of the super-popular digital asset exchange FTX, which lost billions of dollars in money.

It declared Chapter 11 bankruptcy on November 12, but that wasn't the end of its problems: the celebrity-endorsed exchange was then targeted by an unknown attack.

Several wallets purportedly belonging to FTX were emptied of around $640 million in tokens. The monies were subsequently transferred to several exchanges and transformed into various cryptocurrencies.

It's still unclear who took the assets. FTX's new management's attorney, James Bromley, stated during the exchange's first court hearing that a "significant proportion" of the exchange's assets are missing or had been stolen.

DeFi FAQs

Can DeFi be hacked?

This year, hackers stole billions of dollars in digital assets, primarily through DeFi breaches.

What is DeFi exploit?

The US Federal Bureau of Investigation (FBI) has cautioned that criminals are increasing their efforts to attack DeFi (decentralized finance) vulnerabilities to steal cryptocurrency. The agency has noted an increase in smart contract hacking and is inviting investors who have been victims of connected theft to contact them.

Can a DeFi wallet get hacked?

Decentralized wallets are vulnerable to personal hacks on DEX, but centralized wallets are vulnerable to API hacks. Decentralized wallets are unlocked, however, centralized wallets might be locked due to violated regulations.

Can DeFi be tracked?

Downloading monitoring software is the easiest method to keep track of your defi portfolio. The software and functionality you require will be determined by your trading habits, but remember that sometimes less is more.

Can you make money from DeFi?

The most straightforward approach to creating a passive income with DeFi is to deposit your cryptocurrency on a platform or protocol that will give you an APY (annual percentage yield) for it.

Why is Bitcoin not DeFi?

DeFi is concerned with developing decentralized programs that allow users to spend their money without relying on a third party, whereas Bitcoin is concerned with developing a new type of digital currency that can be used for online transactions.