Hacktober: A Roundup of the Crypto Industry Hacks and Heists in October

InfoNesia.xyz – Despite the current crypto market downturn, bad actors have continued to cash out large amounts of money from the crypto-verse via hacks. Here’s a roundup of the major hacks, heists, and security breaches in the digital assets and DeFi ecosystem in October 2022.

DeFi Protocols Lose Nearly $800 Million

Hacks and heists are fast becoming synonymous with the blockchain ecosystem and the menace seems not to be going away anytime soon. The amount of hacks and security breaches in the past months has been alarming. For context, as of October 13, 2022, over 11 DeFi protocols recorded more than $718 million in losses due to hacks, according to Chainalysis research.

Unlike centralized exchanges, which have to a large extent, improved their resiliency to hacks over time, DeFi protocols have been increasingly susceptible to exploits, partly because they’re mostly based on open-source code and some of these projects do not thoroughly audit their code before going live.

Cross-chain bridges, in particular, have been repeatedly attacked this year. According to data from Chainalysis, over three bridges were breached this month alone; most notably, a bridge used by Binance, the world’s largest crypto exchange, fell victim to a $100 million heist.

For the uninitiated, a cross-chain bridge is a decentralized application that enables the transfer of assets from one blockchain to another. Cross-chain bridges increase token utility by facilitating cross-chain liquidity between distinct blockchains.

October 2022 has gone into the history books as the month with the highest hack incidents in a single day since DeFi became a thing.

Four Exploits in One Day

October 11, 2022, is a clear example of how bad the month has been for some DeFi projects. In a single day, four protocols suffered a combined $120 million loss to hackers

Mango Markets, a decentralized exchange, fell victim to hackers who stole $117 million from the platform. It was reported that the bad actors managed to manipulate the price of the native MNGO token and orchestrated their dirty acts.

According to OtterSec, a security audit platform, the hacker manipulated the price of Mango (MNGO) collateral, draining the platform of massive loans. The hacker then took out a $116 million loan, leaving Mango’s treasury with a negative balance of 116.7 million.

Mango Markets offered to give the hackers $47 million as a bug bounty and would not press charges against them and in return, they would refund the remaining $67 million to the protocol. However, the hackers responded that they would return the tokens only if the Mango Markets agreed to pay off an unrelated debt taken from Solana’s lending protocol, Solend.

A few hours later, TempleDAO was hacked, and $2.3 million was stolen, equating to around 4% of the platform’s total value locked (TVL). The attackers took advantage of improper access control in a staking-related smart contract. As a result, the attacker could forge another smart contract to call a specific function in that contract and request the movement of funds. The hacker then moved the funds into the sanctioned crypto mixer, Tornado Cash.

That same day, QANplatform tweeted that its smart contract bridge had been hacked and that the attacker had already withdrawn the tokens. The hackers made away with 1.46 billion QANX tokens worth around $1.8 million at the time of the hack, representing almost half of the token’s existing supply of 3.3 billion. The attackers then sold over 30% of the stolen funds on Uniswap, sending the token price crashing by over 90%

Ethereum-based Rabby Swap also lost $200,000 this month, as an attacker managed to exploit a vulnerability in the project’s smart contracts.

Hacktober Continues

On October 6, 2022, The Binance blockchain, also known as BNB Chain and Binance Smart Chain, suddenly suspended transactions and fund transfers after discovering a vulnerability in the BSC Token Hub cross-chain bridge. BNB Chain later revealed that 2 million BNB tokens worth approximately $568 million were stolen from the platform due to the loophole.

However, the hacker managed to withdraw about $110 million because the majority of the stolen tokens, worth about $430 million, couldn’t be transferred, due to the suspension of the BNB Chain.

Crypto wallet provider, BitKeep was not spared in the wave of October hacks. On October 17, the platform revealed that $1 million was drained from its protocol in a swap feature exploit. BitKeep subsequently suspended its swap service and announced a reward bounty in a bid to fish out the hackers.

On October 27, a hacker used $2,700 to drain $15.8 million from liquidity protocol, Team Finance. The attacker exploited the flawed V2 to V3 migration feature, which had previously been audited and made away with 880 ETH plus 6.4 million DAI tokens, amongst others.

The platform then urged the attackers to contact them for a bounty. Such arrangements have become a norm in the wake of recent high-profile hacks in the DeFi sector.

More recently, Ethereum-based DAO, FriesDAO suffered an exploit. The hacker stole $2.3 million worth of FRIES tokens from the platform by accessing their ‘deployer wallet.’

Apart from DeFi platforms and crypto projects, regular individuals have also been targeted. On October 27, it was reported that almost 700 ETH, (around $1 million at the time, was stolen from two private wallets by the notorious scammer, “Monkey Drainer.” The hacker used phishing attacks to steal cryptos like Bitcoin, Ethereum, Tether & famous sports NFTs from the victims’ wallets.