The Nine Biggest Crypto Hacks of 2022

  • A few lines of poorly thought-out code gave hackers access to hundreds of millions of dollars worth of crypto-assets
  • Most of the hacked companies continue operations after undergoing audits or upgrading their security

Hackers exploited a software flaw in Web3 music platform Audius to make off with $1.1 million on Saturday, but the funds are a drop in the nearly $2 billion bucket of funds lost to hacks through the first half of 2022, according to Blockchain security firm Beosin.

The fiat value of hacked assets is on pace to top the $3.2 billion lost in 2021, according to crypto security firm Chainalysis, even amid a drastic drop in cryptocurrency valuations. Blockworks compiled some of the biggest crypto hacks of the year to see what went wrong and how the protocols fared after being hacked.



  • Crypto.comJanuary 17, $35 million
    • In late January, a hacker managed to disable two-factor authentication on crypto exchange Crypto.com and withdraw bitcoin and ether from customer accounts. CEO Kris Marszalek initially refused customer funds were lost before acknowledging the hack days later. The company said it is moving to “multi-factor authentication” in response to the exploit.
  • Qubit QBridge Hack, January 27, $80 million
  • wormhole, February 2, $325 million
    • A hacker exploited smart contracts on the Solana-to-Ethereum bridge to create and pay out wrapped ether without posting collateral. Jump Crypto, the venture capital firm behind Wormhole, replenished the stolen funds to keep Solana-based platforms affected by the hack solution. Wormhole renamed the bridge portal and currently has over $480 million, according to crypto data firm DeFi Llama.
  • IRA Financial TrustFebruary 8, $37 million
    • The crypto-focused retirement and retirement platform was stolen when hackers gained access to a “master key” that bypassed all customer account security measures. IRA Financial Trust has since sued Gemini, the crypto exchange where customer funds were stored, for alleged negligence that led to the hack.
  • cashio, March 22, $52 million
    • A number of fake accounts used an “infinite mint glitch” to post worthless collateral for Cashio’s CASH stablecoin. The coin’s peg cratered to zero and has not recovered, according to data from CoinGecko.
  • Axie Infinity Ronin BridgeMarch 28, $625 million
  • beanstalk, April 17, $182 million
    • A hacker used a “flash loan,” where funds are borrowed and repaid in the same transaction, to accumulate enough assets to control the stablecoin’s governance protocol. The hacker accepted a proposal to donate money to Ukraine before taking off the security. Developers halted the protocol while they underwent audits and raised funds, but plan to reopen deposits in early August.
  • The Fei Protocol, April 30, $80 million
    • A “reentrancy” flaw in the lending protocol’s code allowed a hacker to take out a loan while withdrawing the collateral placed on the loan. Fei users passed a proposal to make investors whole through “DAO that repays the bad debt on behalf of the hacker”. The Fei stablecoin remains on its dollar peg, per CoinGecko.
  • The Harmony BridgeJune 23, $100 million

Attend DAS, the industry’s favorite institutional crypto conference. Use code NYC250 to get $250 off tickets (available this week only) .


  • Jack Kubinec

    Blockwork

    Editorial intern

    Jack Kubinec is an intern in the Blockworks editorial team. He is a rising senior at Cornell University where he has written for the Daily Sun and serves as editor-in-chief of the Cornell Claritas. Contact Jack at [email protected]

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *