2022 was a brutal year for crypto investors. Hackers from around the world had a banner year stealing cryptocurrency from crypto-oriented businesses, as reported by blockchain analytics firm Chain analysis (opens in a new tab). On top of that, most cryptocurrencies experienced massive wipeouts, with Bitcoin alone – once touted by some crypto enthusiasts as a “store of value – dropping over 60% in a year, as of CNN (opens in a new tab). Finally, several major stock exchanges and securities firms, including Sam Bankman-Fried’s FTX (opens in a new tab) exchange, collapsed and resulted in the loss of vast amounts of stored consumer wealth.
So after a year of misery, who was behind the crypto hacks, who was affected, and what can you do to protect your digital assets going forward?
2022 is the big year of cryptohackers
Chainalysis identified $3.8 billion in cryptocurrency hacks last year, which is up 15% from 2021 ($3.3 billion) and a dramatic increase of $0.5 billion stolen in 2020. In recent years, there have been a massive escalation in exposure to crypto among the general public, thus their increased online holdings have become bigger (and easier) targets. Here’s the year-by-year hacking breakdown since crypto burst into the public eye in 2016.
Subscribe to Kiplinger’s Personal Finance
Be a smarter and better informed investor.
Save up to 74%
Sign up for Kiplinger’s free e-newsletter
Win and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more – straight to your email.
Pro and make progress with the best of expert advice – straight to your email.
Chain Analysis Report: Crypto Hack in 2022
(Image credit: Chainalysis)
Each of the increases in hacking roughly corresponds to the increase in public interest and investment in cryptocurrencies, as represented in this historical Bitcoin price chart from CoinDesk (opens in a new tab). As public interest and prices rose to new levels in 2018 and 2021/2022, a surge in hacking followed soon after.
bitcoin price chart 2016-2023
(Image credit: CoinDesk)
Chain analysis (opens in a new tab) identified “Decentralized Financial Protocols (De-Fi) protocols” – critical codes that support the operation of large crypto exchanges and businesses – as the biggest targets for hackers in both 2023 and 2022. De-Fi protocols accounted for 82% of all hacking in last year, up from 73% the year before.
For the uninitiated, decentralized finance (opens in a new tab) and the associated protocols are intended to replace traditional financial institutions with software that allows users to transact directly with each other via the blockchain, the digital ledger that underpins cryptocurrencies. As the report shows, smart-contract hacks via these De-Fi protocols are a major investor risk, short of losing your money through price speculation. Once a smart contract is hacked, it is usually impossible to get any money back.
NK hackers ruled the globe… again
North Korea (NK) stands alone in its dedication to cryptohacking. Chainalysis estimates that NK government-linked cybercrime outfits such as the Lazarus Group stole $1.7 billion in 2022, nearly half of the global annual total. A new UN cyber attack report (opens in a new tab) come to the same conclusion that NK stole more cryptocurrency in 2022 than any previous year, although their estimate of the total value of stolen funds varies.
The conversation (opens in a new tab) reports that NK is using stolen crypto to fund its sanctioned nuclear program, so its dedication to hacking isn’t likely to wane anytime soon. Chainalysis broke down the year-over-year trend, showing a huge increase in hacking activity in 2022 compared to previous years.
(Image credit: Chainalysis)
Biggest Crypto Hack in 2022
NordVPN (opens in a new tab) ranked the biggest crypto hacks of the past year, headlined by a few big names in the crypto industry. Were your crypto accounts among those affected?
- Ronin bridge hack – $600M+
Ronin is an Ethereum network built to handle crypto transactions for “Axie Infinity”, an online game based on winning NFTs (Non-Fungible Tokens). The game’s developers said hackers gained access (opens in a new tab) to internal “validator” systems and stole over $600 million in user funds. The US Treasury acknowledged the likelihood that North Korea’s Lazarus group was behind the bridge’s exploitation. Ronin bridge hack is the biggest cryptocurrency hack to date. - FTX wallet hack – $477M
During implosion of the FTX cryptocurrency exchange, an unknown perpetrator made a series of unauthorized transactions and stole $477 million of users’ crypto funds. Defendant FTX founder Sam Bankman-Fried said he believed it was “either a former employee or somewhere someone installed malware on a former employee’s computer.” - Wormhole Bridge Exploitation – $320M+
Wormhole allows users to send and receive crypto between multiple blockchains. An attacker found a vulnerability in the protocol’s smart contract and stole 120,000 tokens worth $321 million.
How to protect crypto assets
After another year of crypto investors losing their shirts to hackers, if you’re determined to stay in the game (even if it doesn’t seem like much fun), consider our list of tips to protect your digital currency.
- Do not hold your crypto on an exchange unless you plan to actively trade it. The only thing standing between a hacker and your money is your basic password. Large and smaller online crypto exchanges like FTX seem to be major targets for hacks and abuse, with little in the way of consistent regulation or security.
- Keep your crypto in your own physical “cold wallet” offline. Cold wallets (specifically hardware wallets) are physical devices that store your cryptographic offline and can only be connected to the blockchain using your private key. For no more than $150, hardware wallets that are similar to USB drives like Ledger (opens in a new tab) and Trezor (opens in a new tab) can store more cryptocurrencies and significantly reduce the risk of being hacked. Always have two-factor authentication (2FA) on all wallets and exchanges that allow it. Never give out your private key.
- Take care of the “seed phrase”, a string of words that gives a user access to all currency and data held in a crypto wallet, including funds and private keys. Newbies are often tricked into entering their seed phrase on a site they believe is legitimate or secure, but is actually a duplicate phishing landing page.
- When making a crypto transaction, double check that you are sending it to the correct wallet. A wallet address is a mixed string of letters and numbers that usually ranges from 20 to 42 characters, depending on the cryptocurrency. When sending money from an exchange to your personal wallet or vice versa, always use the “Copy address” function or copy and paste the address in the “Recipient” field. The same applies when you send payment to a friend or family member. Do not try to enter each character at a time, as this leaves a significant margin for error. When you’re ready to send your cryptocurrency, double-check the address. Then check it again.
- Use a virtual private network (VPN (opens in a new tab)) to protect your payment data when making crypto transactions.
