DeFi Security Incident Review: Analysis of Major Cases in 2022

In 2022, the blockchain industry experienced over 300 security incidents, with amounts involved reaching as high as $4.3 billion. This article will analyze in detail 8 typical cases, most of which involve losses of over $100 million.

Ronin Bridge Incident

On March 23, 2022, the sidechain Ronin Network of Axie Infinity was hacked, resulting in a loss of 173,600 ETH and 25.5 million USD. Reports suggest that the North Korean hacker group Lazarus is connected to this incident. The hackers infiltrated the system through social engineering and ultimately gained control of 5 out of 9 validation nodes, successfully executing the attack.

This incident exposed the weak security awareness of company employees and the vulnerabilities in the internal security system. It also shows that traditional hacker organizations and state-level forces are gradually shifting their targets towards blockchain projects to directly obtain economic benefits.

Wormhole Incident

The core contract on the Solana side of the Wormhole cross-chain bridge has a signature verification error, allowing attackers to forge "guardian" messages to mint Wormhole-wrapped ETH, resulting in a loss of approximately 120,000 ETH.

This issue mainly arises at the code level, using some deprecated functions. Developers should promptly update to the latest version to avoid similar problems.

Nomad Bridge Incident

The Nomad cross-chain bridge Replica contract was initialized with a trusted root set to 0x0, and when modifying the trusted root, the old root was not invalidated, allowing attackers to construct arbitrary messages to steal funds, resulting in losses exceeding $190 million.

This is a typical initialization setting issue. Hackers extract locked funds by replaying valid transactions. A large number of MEV bots are involved, turning the event into a "money grab."

This also reflects the double-edged sword effect of open source code – while it facilitates auditing, it also makes it easier for hackers to analyze. Once a vulnerability is discovered, the project may face a fatal blow.

Beanstalk Incident

The algorithmic stablecoin project Beanstalk suffered a flash loan attack, resulting in a loss of approximately $182 million. The attacker used a flash loan to obtain a large amount of tokens to vote for a malicious proposal and immediately executed a profit.

This case exposes the risks of decentralized governance. Projects need to consider implementing proposal review mechanisms, voting weight distribution, and security measures such as time locks.

Wintermute Incident

Market maker Wintermute used a vulnerable vanity address generation tool to create a contract address, resulting in the contract Owner's private key being compromised and funds being transferred away.

This reminds us to be cautious when using open-source tools and to conduct a thorough security assessment.

Harmony Bridge Incident

The Harmony cross-chain bridge Horizon has lost over 100 million USD, reportedly due to a private key leak. Analysis suggests that this may also be the work of North Korean hacker groups.

North Korean hackers have frequently targeted the cryptocurrency industry in recent years, and many companies have suffered from their phishing attacks.

Ankr Incident

Ankr's staking contract was controlled by a former employee using private keys, resulting in a large number of tokens being maliciously minted. This exposes serious issues in the project's permission management and internal security system.

Mango Incident

Attackers exploited the business model vulnerability of the Mango trading platform, profiting over 100 million USD by manipulating the prices of low market cap tokens.

This reminds project parties to fully consider various extreme scenarios for testing. Users participating in the project should also pay attention to whether there are exploitable vulnerabilities in the business model.