REPORT: $49 BILLION LOST IN CRYPTO IN 2022 (INFOGRAPHICS)
There is no way around it — 2022 was a bad year for crypto.
In the half of the year alone, there were several high-profile incidents that shook the industry. One of the most notable was the failure of a large-cap stablecoin, UST, which resulted in the loss of billions of dollars worth of cryptocurrencies.
This led to a sharp decline in the value of many digital assets, and left many investors feeling uneasy about the security of their holdings.
In addition, there were also the multiple failures of centralized exchanges, driven by the FTX collapse, towards the end of the year.
Add in all the smaller hacks and scams that happened in the DeFi space, and you can see how all of these events have contributed to a growing sense of fear and uncertainty within the crypto community.
Let’s have a look at the toll for 2022!
Let’s have the headline figure out of the way: the total losses this year have amounted to $47.4b, compared to ‘just’ $8.7b in 2021. This is a more than 5-fold increase!
That being said, this was driven by several major cases as a result of the failures of centralized entities, along with a singular DeFi project, Terra Luna. The latter alone contributed to $40b worth of losses.
Before we get ahead of ourselves, let’s have a look at the Top 10 Losses from Crypto Scams, Hacks and Failures in 2022!
1. Terra Classic — $40b Lost (Stablecoin, May 8)
This case has been so well publicized that it needs no introduction.
The Terra Luna Network was built around its two native coins, $LUNC and $USTC (Then $LUNA and $UST). $USTC was an algorithmic stablecoin designed to hold a peg to the US dollar, while $LUNC acted as a satellite asset that absorbed the volatility of $USTC through a process of minting and burning, as well as arbitrage. Despite its promise, the network was hit by a series of events that led to its downfall.
In early May, the Luna Foundation Guard decided to create a new pool, called Curve4, featuring $FRAX, $USTC, $USDC and $USDT as assets. This move was seen as an attempt to undermine the popular Curve3 pool on the Ethereum network, which made use of the stablecoin $DAI. In preparation for the launch of Curve4, the Luna Foundation Guard withdrew 250 million $USTC from the Curve3 pool. At the same time, several large investors, or whales, began withdrawing significant amounts of $USTC from the anchor protocol, a crypto savings bank promising 20% interest per year.
The mass movement of funds caused an imbalance between $USTC and other stablecoins in the pool, leading to a devaluation of $USTC on exchanges. As a result of how each $USTC was designed to be redeemed for $1 worth of $LUNC, the fire sale of $USTC led to a rapid increase in the minting of $LUNC and a corresponding drop in its value. The panic caused by these events also led to a surge in activity on the Terra network, resulting in it going offline due to an overload of transactions.
Once the market cap of $LUNC fell below that of $USTC, it became clear that the redemption mechanism for $USTC was no longer a sure thing. The system was officially insolvent, and entered a death spiral.
Today, both $LUNC and $USTC trade at fractions of a cent, down from their highs of $116 and $1 respectively.
Block Data Reference
Whale Addresses:
- https://etherscan.io/address/0x8d47f08ebc5554504742f547eb721a43d4947d0a
- https://etherscan.io/address/0x4b5e60cb1cd6c5e67af5e6cf63229d1614bb781c
- https://etherscan.io/address/0x1df8ea15bb725e110118f031e8e71b91abaa2a06
- https://etherscan.io/address/0xeb5425e650b04e49e5e8b62fbf1c3f60df01f232
- https://etherscan.io/address/0x41339d9825963515e5705df8d3b0ea98105ebb1c
- https://etherscan.io/address/0x68963dc7c28a36fcacb0b39ac2d807b0329b9c69
- https://etherscan.io/address/0x9f705ff1da72ed334f0e80f90aae5644f5cd7784
2. Genesis — $2.8b Lost (CeFi Contagion, November 10)
The Genesis crypto trading platform has been hit hard by the recent market turmoil, with 2,800,000,000 $USD in outstanding loans on its balance sheet. As a counterparty to many in the digital asset space, the company is closely watched as an indicator of the industry’s overall health.
On November 10th, Genesis revealed that it had around 175,000,000 $USD trapped in an FTX trading account. In light of the situation, withdrawals were halted on the platform on November 16th due to “unprecedented market turmoil” following the collapse of FTX. While the company is working to resolve the situation without filing for bankruptcy, the future remains uncertain for Genesis and its investors.
Notably, customer funds that were deposited in Gemini’s Earn program were loaned to Genesis. The CEO of Gemini has since written an open letter to Barry Silbert, of parent company DCG, in a plea to return $900m of customer funds by 8 January 2023.
3. Celsius — $1.19m Lost (CeFi, July 13)
Celsius Network, a centralized exchange and borrowing and earning protocol, filed for Chapter 11 bankruptcy on July 13th. The following day, the company revealed a 1,190,000,000 $USD deficit on its balance sheet. Its liabilities totaled 5,500,000,000 $USD, while its assets were valued at 4,300,000,000 $USD.
The project had halted operations on its platform a month prior, citing “extreme market conditions” as the reason for this. The bankruptcy filing marked a significant blow to Celsius and its investors, most of whom are still out of pocket today.
As to the cause of the deficit, Celsius has been criticized for rehypothecation of customer funds to high risk investments, without transparently disclosing this to customers. These investments then took a loss, resulting in the capital hole and inability to service liabilities.
4. FTX — $1.0b Lost (CeFi, November 11)
This case needs no introduction.
FTX, Alameda Research, and 130 affiliated companies declared bankruptcy, with lost funds estimated to be worth between 1,000,000,000 and 2,000,000,000 $USD. The events leading up to the bankruptcy began when it was revealed that Alameda Research’s collateral was dominated by FTX’s native token, $FTT.
Alameda had a total of 14,600,000,000 $USD in assets, with 3,660,000,000 $USD worth of free $FTT tokens and 2,160,000,000 $USD in “FTT collateral” that was borrowed against, as well as significant amounts of $SOL and $SRM tokens.
The news sparked the realization that FTX may no longer have customer assets backed 1-to-1, prompting a run on FTX. In a span of a few days, panicked customers withdrew billions of dollars from the exchange.
As a result of this uncertainty, the $FTT token crashed by more than 95% in a 24-hour period. The value of $SOL was also affected, with 49,000,000 $SOL tokens being withdrawn from staking, causing the token price to drop by approximately 60%.
In response, FTX halted withdrawals on the exchange and declared bankruptcy. The impact of FTX’s bankruptcy was felt throughout the crypto industry, with many projects that relied on the exchange reporting losses. The news of the bankruptcy also caused a plunge in Bitcoin’s price from the $19–20k range to the $15–17k range we are seeing right now.
Block Data Reference
Attacker address:
- https://etherscan.io/address/0x59ABf3837Fa962d6853b4Cc0a19513AA031fd32b
- https://bscscan.com/address/0x59ABf3837Fa962d6853b4Cc0a19513AA031fd32b
5. BlockFi — $1.0b Lost (CeFi Contagion, November 11)
Crypto lending platform BlockFi has filed for bankruptcy following the collapse of FTX and Alameda Research hedge fund, both of which BlockFi cites as having “significant exposure” to the company.
The firm halted withdrawals on November 11, the day that FTX filed for bankruptcy.
In addition to filing for Chapter 11, BlockFi filed a lawsuit against Emergent Fidelity Technologies, owned by Sam Bankman Fried, demanding that collateral be turned over. According to the filing, BlockFi estimates its liabilities to be between $1 billion and $10 billion, with more than 100,000 creditors, the largest of which is Ankura Trust, owed approximately $729 million.
6. Voyager — $1.0b Lost (CeFi Contagion, May 26)
In late May 2022, publicly-listed Voyager crypto platform has filed for Chapter 11 bankruptcy, revealing more than $1 billion in liabilities.
Following the announcement, the Voyager stock price dropped over 12%.
Operations on the platform had been halted due to its significant exposure to the failed Three Arrows Capital, a crypto hedge fund that was unable to meet margin calls and also filed for bankruptcy. According to the filing, Voyager has estimated liabilities of between $1 billion and $10 billion.
7. Bitcoin Sheikh — $766m Lost (Ponzi Scheme, October 7)
The Bitcoin Sheikh project was arrested for operating a Ponzi scheme. While this does not represent a new loss, the authorities uncovered and seized assets worth $766 million.
The Brazilian authorities reported the discovery of a Ponzi scheme that was headed by Francisco Valdevino da Silva, otherwise called the “Bitcoin Sheikh”. They claimed that De Silva had exploited hundreds of people through the pretense of 20% returns.
According to the authorities, their token lacked proper liquidity or backing and even had a few celebrities on their list of exploited investors, such as Sasha Meneghel, a model who had lost $230,000.
8. Ronin Bridge — $625m Lost (Bridge Exploit, March 29)
Apart from CeFi failures, 2022 was also the year of the bridge exploit.
On March 29, the Ronin Network, an Ethereum-based sidechain that hosts the popular play-to-earn game Axie Infinity, discovered that its validator nodes had been compromised.
The attack resulted in the drainage of 173,600 Ethereum and 25.5M USDC from the Ronin bridge in two transactions. It is believed that the attacker used hacked private keys to forge fake withdrawals, accessing the system through a gas-free RPC node.
Binance was able to identify and recover $5.8 million in funds that had been spread across 86 accounts and moved to their exchange. In response to the hack, Binance led a funding round that raised $150 million to partially repay affected users and ensure the continuation of operations on the Ronin Network.
Block Data Reference
Hacker Address:
9. Wormhole Bridge — $625m Lost (Bridge Exploit, February 2)
In February 2022, the Wormhole bridge was compromised by an attacker who bypassed the verification process and made away with 120,000 $WETH.
The attacker minted 120,000 wETH on Solana, then redeemed 93,750 wETH for ETH worth $254 million onto the Ethereum. Using some of these funds, the attacker purchased SportX ($SX), Meta Capital ($MCAP), Finally Usable Crypto Karma ($FUCK), and Bored Ape Yacht Club Token ($APE).
The remaining wETH was swapped for SOL and USDC on Solana, with the hacker’s Solana wallet now holding 432,662 SOL ($44 million). It is believed that the issue was with the signature verification process, which allowed for an unverified call by the attacker.
Investors were made whole by Jump Trading, the mother company behind the Wormhole bridge, which replenished the stolen ETH.
Block Data Reference:
The attacker’s addresses:
- https://etherscan.io/address/0x629e7da20197a5429d30da36e77d06cdf796b71a
- https://solscan.io/account/CxegPrfn2ge5dNiQberUrQJkHCcimeR4VXkeawcFBBka
Transactions:
- https://solscan.io/tx/2zCz2GgSoSS68eNJENWrYB48dMM1zmH8SZkgYneVDv2G4gRsVfwu5rNXtK5BKFxn7fSqX9BvrBc1rdPAeBEcD6Es
- https://etherscan.io/tx/0x24c7d855a0a931561e412d809e2596c3fd861cc7385566fd1cb528f9e93e5f14
- https://etherscan.io/tx/0x8ab3c4adab6d1a21ec1fcd7dc96523e7dada92d1373ee6919aa6b10b51ebe8d1
- https://etherscan.io/tx/0x697869218add15e019f7a1904b7c3b435f9048ec3bcb9c84cf23e64916a41add
- https://etherscan.io/tx/0x6f17f122dca10e9c894af3766d93e97c08f8925eb3a20b894b810edb3d029ed0
- https://etherscan.io/tx/0x57a48345888cbfb2d442f272c6fd9d38f57f6f5608c00c4978860eea7dc927c
- https://solscan.io/account/CxegPrfn2ge5dNiQberUrQJkHCcimeR4VXkeawcFBBka#splTransfers
10. Nomad Bridge — $190m Lost (Bridge Exploit, August 1)
The Nomad bridge is an interoperability protocol that connects five different blockchains: Avalanche, Ethereum, Evmos, Milkomeda C1, and Moonbeam. An operational error made by the Nomad team, which was pointed out in an audit report by Quantstamp, enabled an initial attack on the protocol, in which 100 (WBTC) were extracted.
The error, which marked the zero root (0x00) as acceptable, allowed every message to be auto-proven by default and enabled the attacker to process transactions without any proving by calling the “process()” function.
This information spread within the community, and hundreds of EOA’s began extracting assets such as $WBTC, $FXS, $C3, $DAI, and $USDC from the bridge. Among the looters were both reputable hackers from previous exploits, such as the Rari Capital exploit, and white hat hackers who intended to return the funds. As of now, approximately $32 million have been returned to the Nomad Recovery Funds Address.
Block Data Reference
Attacker address:
Attacker contract address
Attack transactions:
- https://etherscan.io/tx/0x61497a1a8a8659a06358e130ea590e1eed8956edbd99dbb2048cfb46850a8f17
- https://etherscan.io/tx/0x29b67e0701ddd910ff6a069aa039015eb78b1ee6d99ad8da5d0ef63916f3fd57
- https://etherscan.io/tx/0xdf6bef0d8dee8b44863ac61092a711b877dcfe3d61da93d7289e0c6285af1b45
- https://etherscan.io/tx/0x3dbed4a1ebb2289273370ce0ef10302882927abe946299cf2ca3073f1a3dcdd9
Nomad Recovery Funds Address:
DeFi Exploit Trends
As can be seen from the scale of the losses in 2022, a large majority of losses were in CeFi and Stablecoins, seen in this case under the ‘Others’ category. This amounted to over $41 billion being lost, out of the $43 billion total. Trailing far behind in second place, we have access control issues, which resulted in a cool $1.1 billion being stolen. Finally, in third place, we have the good old rugpull, which amounted to $301.5 million in losses this year.
In terms of frequency, however, we have another story. In terms of sheer frequency, rugpulls remain the most common type of exploit — while they tend to be much smaller in value lost per attack, they are also the lowest hanging fruit for DeFi projects to make a cash grab.
A total of 153 cases occurred in 2022 — this means that there was, on average, more than one rugpull every 3 days!
The Growing Threat of Smart Contract Risk
Of all the exploits that happened in 2022, almost half (47.8%) were smart contract-related.
This highlights the fact that despite all the smart contract auditing and battle-testing that is happening in the DeFi space, smart contract risk has become one of the most prominent threats facing investors.
To this end, we are on a mission to provide a simple-to-use tool that allows users to scan any smart contract for risks in a trustless manner.
Funds Recovered
The trend we observed this year was that of an increasing amount of funds being recovered, either by Whitehat Hackers, or by agreed settlements.
In fact, the total amount of funds recovered in 2022 is significantly higher than that in 2021, at $901 million, as opposed to $648 million last year.
Types of Target
In terms of attack vectors, Tokens proved to be a popular target this year — this is unsurprising, especially given the low barrier to entry required to deploy a new token. A total of 106 scams involving tokens were recorded this year!
Other popular targets include decentralized exchanges (DEXes), as well as NFTs, clocking in at 39 and 35 cases respectively.
In terms of amounts, however, the losses from the Terra Luna stablecoin incident and the FTX CeFi fallout dominated all else, with the former contributing $40.2b in losses, and CeFi being the source for $8.1b in losses.
Funds Lost by Chain
Needless to say, in this case, the Terra Classic chain led the way when it came to amounts lost. In terms of other blockchains, though, Ethereum remained the runner up in this regard, seeing $1b lost in 2022.
The BNB Chain unfortunately continues to be a rugpull hotspot, with the highest frequency of rugs and scams at 201 cases — outpacing Ethereum at 89 cases and Solana or Polygon at 11 cases each.
Conclusion
The cryptocurrency and decentralized finance (DeFi) space has always carried some level of risk, but it is important for investors to take steps to protect themselves and stay informed about potential threats. This is why education is crucial, and at DEFIYIELD, we are dedicated to providing the necessary resources to help our users navigate this complex and constantly evolving space.
It is ultimately our own responsibility to stay vigilant and ensure that we are making informed investment decisions in the DeFi sector.
💙 Hey, thanks for reading!
Right now we are GIVING AWAY free copies of Security Bibles— the most comprehensive DeFi Security Guide brought to you by the DeFiYield team!
Grab your copy at: https://join.defiyield.app/
