October proved to be nothing if not spooky for an ecosystem that saw as many as 44 exploits affect at least 53 protocols accounting for $657.2 million in total losses.
In something of a silver lining, at least $100 million has already been returned to exploited platforms. However, with the end of what some are calling "Hacktober," losses in 2022 so far come in at nearly $3 billion, double those of last year, according to security firm Peckshield.
Numerous causes contributed to losses in October, including wallets compromised by a profanity hack or otherwise, insecure smart contract code, unaccounted-for game theory behind protocol functionality, exploited cross-chain bridges and oracle price manipulation.
Among targeted protocols, the BNB chain executed a hard fork to restore security after an unknown hacker stole $100 million via a vulnerability in the platform’s cross-chain bridge.
For exploited crypto lender Mango Markets, the answer did not come as simply. Known attacker Avaraham Eisenburg claimed actions behind the exploit were legal. Following a community vote, an agreement was struck, and Eisenburg walked away with $47 million for his efforts, returning $67 million to the project.
Other projects were less successful in terms of recovering lost funds.
Crypto market maker WinterMute saw a hack for $160 million on its DeFi platform, but CEO Evgeny Gaevoy shrugged off the loss and indicated the firm was solvent with more than twice that amount in equity.
Decentralized autonomous organization FriesDAO lost $2.3 million because it relied on an insecure profanity-based wallet, a somewhat known attack vector among malicious actors.
Hackers also hit Team Finance, taking advantage of a bug in the Version 2 to Version 3 migration on the protocol to drain around $15.8 million in tokens from the platform.
A smart contract dedicated to multi-chain crypto wallet service UvToken's staking functions was hit by hackers who made off with $1.45 million in tokens that were then sent to sanctioned crypto mixer Tornado Cash.
In the case of NFT platform LiveArt, the answer came in the form of scorched earth. It opted to burn 197 Seven Treasures NFTs and compensate buyers after hackers stole the assets from the company’s Treasury Wallet 2, a wallet used to store assets dedicated to marketing and promotional campaigns.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.