As web3 and NFT products keep growing, the decentralized application (dApp) ecosystems expand and integrate with multi chain solutions. Crypto wallets play an essential role in this integration process and help dApp users sign transactions and safe keep assets. Online wallets (also called hot storage wallets) sometimes supplement email-based login and social login. Because of the fast growing adoption of digital assets, wallet solutions and platforms that connect to them became an obvious target for malicious actors. Looking back at the rest of this year it is essential to prepare for what’s ahead in the digital assets space. One crucial aspect of getting ready for after the bear market growth is looking at hacker activities and recent trends in the wallet security space. After all, crypto is becoming more institutionalized, bringing more risks into the industry with all the big players allocating their capital to Decentralized Finance (DeFi) solutions. Recent Hacks in 2022 Back in 2019 hackers mostly attacked centralized crypto exchanges. Nowadays those platforms have advanced Know-Your-Customer (KYC) and Anti-Money-Laundering (AML) tools in place and DeFi protocols became the new target. Let us dive deeper into this year’s examples of various DEFi hacks. The DeFi protocols had over $700 million worth of assets stolen across 11 protocols in October alone, according to . The overall loss from various hacker attacks this year appears to be over $3 billion. Despite the bear market, digital assets remain money-making projects that attract malicious actors looking for quick gains. Chainalysis The year started with a significant amount of over from a cross-blockchain bridge platform called Wormhole. Such bridges typically work by taking a digital coin and locking it in a contract to issue another asset on the bridged chain. When a hack like this happens, the main concern of users is whether their assets still remain backed by the platform. $300 million worth of ETH stolen The biggest hack in 2022 so far happened right after Wormhole in March. The popular gaming platform Axie Infinity because of a fake job description that one of their developers opened. The employee downloaded the file on the work computer, which enabled the hackers to corrupt four token validators and one Axie DAO validator. lost over $600 million Later in April a flash loan was used to worth of funds from a DeFi platform called Beanstalk Farms. This type of loans is used to borrow large amounts of digital currencies for minutes. They are meant to provide liquidity or take advantage of price arbitrage opportunities. The hackers gained a 67 percent voting stake in Beanstalk by using a flash loan to borrow and exchange assets into the governance token of the platform. drain over $180 million A smaller, yet significant, phishing attack led to in losses for liquidity providers of Uniswap. Hackers performed a phishing attack where they tricked the decentralized exchange’s users into clicking an airdrop link. As a result, the malicious actors gained access to more than 7,000 Ethereum addresses. $8.6 million In August, a DeFi cross-chain bridge called Nomad was hacked for over $190 million. The platform’s total value locked (TVL) went down from in just a few hours. The hack happened due to an implementation bug in a smart contract upgrade which caused the failure of messages authentication. When the attackers found this flaw in Nomad’s code, they started draining funds from the platform. This attracted other hackers to use the same transaction calldata. The hack was implemented almost as a “copy and paste” action from multiple attackers. $190,740,000 to $1,794 Later in September an algorithmic market maker Wintermute lost worth of assets. The attackers leveraged a bug in the Wintermute’s smart contract and gained access to over 70 different tokens. The hacker wasn’t identified, however, it was suspected that the attack came from Wintermute’s internal employees. $160 million Upcoming Security Trends Introducing better and more compliant KYC and AML solutions is perceived to be the number one remedy for enhancing wallets security across the industry. Wallet history checks provide tremendous help in assessing the hackers discovery process. Once there is any chance of tracking down who wallets belong to, the stolen funds could potentially be returned. Furthermore, DeFi companies keep hiring top talent for their security teams to withstand hacker attacks on a 24/7 basis. Every month there are new ways hackers get around the bult-in security of DeFi applications due to the novelty of the business itself. Getting to a better security level is only a matter of observing the latest attacks and analyzing how they could have been prevented. For cases like the Beanstalk attack, it is believed that one of the preventive measures is the one-day delay in enacting even emergency governance proposals. The voting power adjustment mechanism has to be carefully revised by DeFi projects in order to prevent granting malicious actors the means to control the platform itself. Final thoughts Unfortunately, all the hacks from the past few years undermined investors' confidence. However, the growing number of service providers with security tools give the industry hope. Defi projects now prioritize the security of their product over its efficiency and feature development. Knowing that they will stay long in the game due to enhanced security, transparency, and compliance with regulation keeps DeFi projects accountable and forward-thinking.

Uniswap

Axie Infinity

Maker

Dapp

Different

Discovery

Keep

Target

Twitter

Too Long; Didn't Read

Join online the xDay Hackathon - DeFi, AI, Gaming!

Crypto Hacks Trends - End of 2022

HackerNoon Mobile

Crypto Hacks Trends - End of 2022

Too Long; Didn't Read

People Mentioned

Companies Mentioned

Coins Mentioned

@demchuk

RELATED STORIES