In less than 2 weeks, October is already the worst month of the year in terms of hacks in the decentralised finance (DeFi) community. Cross-chain bridges unsurprisingly remain the preferred targets of hackers for their large liquidity and often exploitable vulnerabilities. According to a report by Chainalysis, 2022 is set to be the worst year for hacks.
Hacks are pouring in this October
According to a report published by Chainalysis on October 11, this month is already the worst month of the year in terms of hacks in the cryptocurrency space – and there are still about 20 days left before it ends.
1/ After four hacks yesterday, October is now the biggest month in the biggest year ever for hacking activity, with more than half the month still to go. So far this month, $718 million has been stolen from DeFi protocols across 11 different hacks. pic.twitter.com/emz36f6gpK
– Chainalysis (@chainalysis) October 12, 2022
In the 11 days prior to the report, $720 million was stolen via 11 different hacks in the decentralised financial sector (DeFi). In total, over the current year, more than $3 billion has already been stolen in cryptocurrencies through no less than 125 hacks.
If the rest of the year follows the same trends, 2022 could well become the worst year in terms of hacks for DeFi, while 2021 had already surpassed the previous records. The day after Chainalysis published its data, the Solana (SOL) blockchain platform Mango Markets suffered a $114 million loss due to price manipulation.
Annual amounts hacked in the cryptocurrency ecosystem
With the $560 million hack of the BSC Token Hub and that of Mango Markets, the BNB Chain and Solana are so far the blockchains with the biggest losses this month, as this chart from The Block Data explicitly shows:
Stolen amounts sorted by period and blockchain
Bridges now prime targets for hackers
We can also see that from 2015 to 2019, exchanges were still the preferred target of hackers. However, the latter have worked considerably on the security of hosted funds, and have gradually been abandoned by malicious individuals in favour of decentralised finance.
Indeed, since 2020, we can see a considerable increase in hacks in the DeFi sector. In the current year, 90% of the hacks come from the latter.
Classification of hacks by targeted sector
Unsurprisingly, cross-chain bridges remain prime targets for hackers looking for large sums of money, as they are inherently large sources of liquidity and tend to have exploitable flaws. As an example, 82% of the funds stolen this month were from cross-chain bridges.
Graphical diagram of cryptocurrencies stolen via bridges (blue) versus other types of hacks (yellow)
According to Jasper Lee, technical manager at auditing company Soohio.io, too many protocols still put their security in perspective:
For protocols or dApps that have not been thoroughly audited, they are an easy and reliable short-term profit. Poorly protected protocols are low-hanging fruit for hackers, who take advantage of their too-easy-to-access locks.”
