Crypto Losses in 2022 by Immunefi

In total, we have seen a loss of $3,948,856,037 across the web3 ecosystem in

  1. $3,773,906,837 was lost to hacks in 2022 across 134 specific incidents and $174,949,200 was lost to fraud in 2022 across 34 specific incidents. Most of that sum was lost by four specific projects: Ronin Network, BNB Chain, Wormhole, and FTX.

Key Takeaways in 2022 • The 5 major exploits of the year totaled $2,361,000,000 alone, accounting for 59.8% of all losses in 2022. • In 2022, hacks continued to be the predominant cause of losses at 95.6%, in comparison to frauds, scams, and rug pulls which comprised only 4.4% of the total losses. • In 2022, DeFi continued to be the main target of successful exploits at 80.5% as compared to CeFi at 19.5% of the total losses. • The two most targeted chains in 2022 were BNB Chain and Ethereum. BNB Chain surpassed Ethereum and became the most targeted chain in 2022, with 65 incidents, while Ethereum witnessed 49 incidents. • In total, $204,157,000 of stolen funds have been recovered across 12 specific instances. This number represents just 5.2% of the total losses in 2022.

216 Bitcoin Stolen From A Main Bitcoin Dev

Luke Dashjr, one of the original core developers for Bitcoin, claims that someone swiped hundreds of BTC from his accounts late last year—leaving him to start 2023 with nothing but an empty wallet and a heart full of woe.

Dashjr, who has worked for the Bitcoin Project for the past twelve years, took to Twitter on Sunday to lament the apparent hacking episode. While seemingly distraught, the dev didn’t initially offer much explanation as to how any of this was supposed to have happened.

After allegedly thieving Dashjr’s personal coin bounty, the hacker supposedly funneled the money to another crypto address, where the assets currently sit. The wallet shows a total of some 216.93 BTC, equivalent to some $3.6 million.

According to Dashjr, a cybercriminal managed to get ahold of his PGP key, which then led to a compromise of his hot wallet. PGP, which stands for “Pretty Good Privacy,” is a popular security program designed to protect web users via encryption. PGP is typically used to encrypt certain kinds of sensitive information, though it isn’t entirely clear in this instance how a compromise of Dashjr’s key would have enabled the hacking episode.

Many Twitter users responded to Dashjr’s claims with sympathy, offering condolences for his stolen millions. However, more than a few people weren’t so sure about the developer’s claims. Most were just perplexed as to how something like this could actually happen.

Lawsuit Against Last Pass for Stolen Private Keys

A class action lawsuit against LastPass alleges that a data breach in August resulted in the theft of $53,000 in bitcoin. An unnamed plaintiff alleges that negligence in the password management company's data security practices led to the Thanksgiving weekend theft.

The plaintiff, using the alias "John Doe," claims he purchased the bitcoin over a period of three months beginning July 2022. He then updated the master password of his LastPass account in order to store the highly sensitive bitcoin private keys. This aligned with the standard "best practices" of the company, the lawsuit says.

The lawsuit says LastPass initially disclosed the breach in August and said users faced no significant risks, and the plaintiff deleted his private information from the customer vault. But it appears his actions were a little too late. "On or around Thanksgiving weekend of 2022, plaintiff's Bitcoin was stolen using the private keys he stored with LastPass," the lawsuit says.

The lawsuit claims the plaintiff is at continued risk and the loss is due to the company's negligent data security practices. It also alleges breach of contract, breach of implied contract, unjust enrichment and breach of fiduciary duty.

GDS Flash Loan Attack - $187k Stolen

The GDS project on BSC was the victim of a flash loan attack. This attack resulted in a total loss of $187,000 and caused the price of GDS currency to plummet.

The main reason for this is that the reward calculation in the code logic only considers weight, and does not take into account factors such as time. The team behind the project has now shut down the logic execution state

ROE Finance Price Manipulation Attack - $80k Stolen

Mango Markets Hacker Charged w/ Fraud

“Highly profitable trading strategy” guy charged by FTC with fraud.

The Commodity Futures Trading Commission filed charges against Avraham Eisenberg on Monday, accusing him of manipulating the Mango Markets decentralized exchange and stealing over $110 million in digital assets. The news comes a week after the Department of Justice charged Eisenberg with the October 11, 2022 hack.

“The goal of Defendant’s scheme was straightforward: to artificially inflate the value of his swap contract holdings on Mango Markets through price manipulation so that he could ‘borrow’ a significant amount of digital assets that he had no intention to repay,” the CTFC wrote in its filing.

Crypto and Banking Apps Targeted by “GodFather” Malware