These Were the Worst Hacks of 2021 (So Far!)
DeFi

These Were the Worst Hacks of 2021 (So Far!)

Over $1.5 billion has been stolen across the top 10 crypto hacks, with the majority occurring on DeFi protocols. Find out more about how these hacks transpired.

These Were the Worst Hacks of 2021 (So Far!)
Source: rekt.news/leaderboard

In the last year, over $1.5 billion has been stolen across the top 10 largest hacks alone, with an average of $159.2 million stolen per attack.

Unlike earlier years, the vast majority of these funds were stolen from DeFi protocols, including Poly Network, Compound, and Cream Finance (which was hacked several times in 2021 alone). Centralized exchange (CEX) hacks featured less prominently, with just two of the top 10 largest hacks associated with CEXs. 

By far the largest hack this year occurred back in August when Poly Network — a blockchain interoperability protocol and bridge — was drained of a combined $611 million worth of ether (ETH), NEO and tether (USDT). The hack will go down in history as one of the largest of all time.

The second-largest hack is attributed to BitMart, a rather obscure exchange that lost $196 million after the private keys to its wallets were stolen. To date, the hackers have still not been caught nor have the funds been recovered.

Though not a hack per se, Compound Finance lost more than $140 million worth of COMP tokens thanks to a bug that allows users to drain COMP from the protocol. One user was able to drain close to $30 million in a single transaction before the faulty code was patched. A small fraction of the funds that were erroneously sent to users has been recovered thanks to their goodwill.

Earlier this week, the Polygon-based NFT marketplace Vulcan Forged was breached, resulting in 23.7% of the project's circulating supply being stolen from a total of 96 wallets. The management behind the project has now reimbursed almost everybody affected by the hack. Nonetheless, the PYR token has seen around one-third of its value deleted in the last two days.

Cream Finance earned itself a bad rep this year after suffering back-to-back hacks that cost its users millions. In the largest of these hacks, Cream Finance lost a staggering $130 million, after a user successfully executed a flash loan attack against the protocol and got away with ~$130 million worth of CREAM LP and ERC-20 tokens.

A variety of other platforms also suffered gut-wrenching losses as a result of hacks this year, including:

  • Badger: Hacked earlier this month, seeing $120 million stolen by an attacker that was able to compromise an API key to inject malicious code to the website. 

  • AscendEx: Reported that one of its hot wallets was breached on December 12, resulting in an estimated $77 million being drained from one of its hot wallets. The platform has pledged to reimburse all affected users. 

  • EasyFi: A hacker was able to breach an EasyFi admin's computer to install a malicious version of MetaMask, which allows them to steal a combined $59 million — comprised of $6 million stablecoins and $53 million in EASY tokens.

  • Uranium Finance: The Binance Smart Chain-based DeFi platform Uranium Finance suffered a $50 million exploit back in April, as a hacker was able to exploit its balancer modifier logic to get away with millions worth of a variety of different assets.

  • bZx: A DeFi lending platform that suffered a phishing attack, resulting in $55 million being stolen. The platform also suffered flash loan attacks earlier in the year, allowing an unknown hacker to exploit its janky code to get away with millions.

With DeFi hacks on the rise, insurance products are beginning to look increasingly attractive. Unless of course, they end up being exploited too.

This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators. This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice. The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.
4 people liked this article