Review of Major Security Incidents in the DeFi Field in 2022

In 2022, the blockchain industry experienced over 300 security incidents, with amounts involved reaching as high as 4.3 billion dollars. This article will analyze in detail 8 typical cases, with most losses exceeding 100 million dollars.

Ronin Bridge Incident

In March 2022, the Axie Infinity sidechain Ronin Network was hacked, resulting in approximately $625 million worth of assets being stolen. The attackers gained the trust of internal employees through social engineering tactics, allowing them to infiltrate the system and control multiple validation nodes. This exposed issues with weak internal security awareness and vulnerabilities in the security system.

Wormhole Event

The Wormhole cross-chain bridge was exploited by hackers due to a code vulnerability, resulting in a loss of approximately 120,000 Ethereum. The main reason was the use of some deprecated functions. This serves as a reminder for developers to update their code in a timely manner and to use the latest versions to avoid similar issues.

Nomad Bridge Incident

The Nomad bridge contract had its trusted root incorrectly set during initialization, allowing attackers to construct arbitrary messages for fund theft, resulting in losses of nearly $200 million. This originated from the negligence of the project team during the initialization settings, highlighting the vulnerabilities of open-source projects.

Beanstalk Event

Beanstalk suffered a flash loan attack, resulting in a loss of approximately $182 million. The attacker exploited a vulnerability in the project's governance mechanism to obtain a large number of tokens via a flash loan, voting in favor of malicious proposals and executing them immediately. This reflects the potential risks that may exist in decentralized governance mechanisms, highlighting the need for reasonable security measures such as time locks.

Wintermute Incident

Wintermute suffered a loss of over $160 million due to the use of the vulnerable address generation tool Profanity, which led to the compromise of private keys. This serves as a warning to exercise caution when using third-party tools and to conduct thorough security assessments.

Harmony Bridge Incident

Harmony cross-chain bridge Horizon lost over 100 million dollars, suspected to be due to private key leakage. This reiterates the importance of protecting and managing critical private keys.

Ankr Event

Ankr encountered internal malfeasance, resulting in a large number of tokens being maliciously minted. This exposes the project's vulnerabilities in permission management and internal controls, highlighting the necessity of security measures such as multi-signatures.

Mango Incident

Mango Markets suffered a market manipulation attack, resulting in losses of approximately $115 million. The attackers exploited issues such as the platform's lack of liquidity. This reflects the need for DeFi projects to comprehensively consider various extreme situations when designing their business models.

These cases remind us that Web3 projects still have a long way to go in terms of security. Project teams need to continuously improve their security systems, and users should also raise their risk awareness and participate cautiously.