Crypto Hackers Stole a Record $3.8 Billion in 2022. Don’t Be Next.

2022 was a brutal year for crypto investors. Hackers from around the world had a banner year for stealing cryptocurrency from crypto-oriented businesses, as reported by blockchain analysis firm Chainalysis(opens in new tab). On top of that, most cryptocurrencies experienced massive wipeouts, with Bitcoin alone — once touted by some crypto-enthusiasts as a “store of value — falling over 60% in a year, per CNN(opens in new tab). Lastly, several major exchanges and investment firms, including Sam Bankman-Fried’s FTX(opens in new tab) exchange, collapsed resulting in the loss of massive amounts of stored consumer wealth.

So after a year of misery, who was behind the crypto hacks, who was affected, and what can you do to protect your digital assets going forward?

2022 crypto hackers’ big year

Chainalysis identified $3.8 billion in cryptocurrency hacks last year, which is 15% up on 2021 ($3.3 billion) and dramatically up on the $0.5 billion stolen in 2020. The past few years have seen a massive escalation in exposure to crypto among the general public, and so their increased online holdings have become larger (and easier) targets. Here’s the year-over-year hacking breakdown since crypto burst into the larger public eye in 2016.

Each of the surges in hacking roughly corresponds to surges in public interest and investment in cryptocurrencies, as represented in this historical Bitcoin price chart from CoinDesk(opens in new tab). As public interest and prices spiked to new levels in 2018 and 2021/2022, a rise in hacking followed soon after.

Chainalysis(opens in new tab) identified “Decentralized finance (De-Fi) protocols” — critical codes supporting the operation of major crypto exchanges and businesses — as the biggest targets of hackers, both in 2023 and 2022. De-Fi protocols accounted for 82% of all hacking last year, up from 73% the year before.

For the uninitiated, decentralized finance(opens in new tab) and the associated protocols are intended to replace traditional financial institutions with software that allows users to transact directly with each other via the blockchain, the digital ledger that underpins cryptocurrencies. As the report shows, smart-contract hacks via these De-Fi protocols are a major investor risk, short only to losing your money through price speculation. Once a smart contract is hacked, it’s generally impossible to recover funds.

NK hackers led the globe… again

North Korea (NK) stands alone in its dedication to crypto hacking. Chainalysis estimates that NK government-linked cybercrime outfits like the Lazarus Group stole $1.7 billion in 2022, nearly half the global yearly total. A new United Nations cyberattack report(opens in new tab) reaches the same conclusion that NK stole more cryptocurrency in 2022 than any other previous year, though their estimate of the total value of stolen funds differs.

The Conversation(opens in new tab) reports that NK uses stolen crypto to fund its sanctioned nuclear program, so its dedication to hacking isn’t likely to abate anytime soon. Chainalysis broke down the trend year by year, showing a huge increase in hacking activity in 2022 over any previous year.

Biggest crypto hacks of 2022

NordVPN(opens in new tab) ranked the largest crypto hacks of the past year, headlined by a few major names in the crypto industry. Were your crypto accounts among those affected?

  • Ronin bridge hack — $600M+
    Ronin is an Ethereum network built to handle crypto transactions for “Axie Infinity”, an online game based around winning NFTs (non-fungible tokens). The game’s developers said hackers gained access(opens in new tab) to internal “validator” systems and stole over $600 million in user funds. The U.S. Treasury Department acknowledged the likelihood that North Korea’s Lazarus Group was behind the bridge’s exploit. The Ronin bridge hack is the largest cryptocurrency hack to date.
  • FTX wallet hack – $477M
    During the implosion of the FTX cryptocurrency exchange, an unknown perpetrator performed a series of unauthorized transactions and stole $477 million worth of users’ crypto funds. Indicted FTX founder Sam Bankman-Fried said he believed it was “either an ex-employee or somewhere someone installed malware on an ex-employee’s computer.”
  • Wormhole bridge exploit – $320M+
    Wormhole allows users to send and receive crypto between multiple blockchains. An attacker found a vulnerability in the protocol’s smart contract and stole 120,000 tokens worth $321 million.

How to protect your crypto assets

After another year of crypto investors losing their shirts to hackers, if you are determined to stay in the game (although it doesn’t seem that much fun) you could consider our list of tips to safeguard your digital currency.

  • Don’t keep your crypto on an exchange unless you plan to actively trade it. The only thing standing between a hacker and your funds is your basic password. Major and minor online crypto exchanges like FTX seem to be major targets for hacks and malfeasance, with little in the way of consistent regulation or security.
  • Keep your crypto in your own physical “cold wallet” offline. Cold wallets (specifically hardware wallets) are physical devices that store your crypto offline and can only be connected to the blockchain using your private key. For no more than $150, hardware wallets that look similar to USB drives such as Ledger(opens in new tab) and Trezor(opens in new tab) can store multiple cryptocurrencies and significantly reduce your risk of getting hacked. Always have two-factor authentication (2FA) on all wallets and exchanges that allow it. Never give out your private key.
  • Carefully guard your “seed phrase,” a series of words that give a user access to all currency and data held in a crypto wallet, including funds and private keys. Beginners often are scammed by entering their seed phrase into a site they think is legitimate or secure, but is actually a duplicate phishing landing page.
  • When making a crypto transaction, double-check that you’re sending it to the right wallet. A wallet address is a mixed string of letters and numbers generally ranging from 20 to 42 characters, depending on the cryptocurrency. When sending money from an exchange to your personal wallet or vice versa, always use the “Copy Address” feature or copy and paste the address into the “Recipient” field. The same applies when sending payment to a friend or family member. Do not try to type in each character one at a time, as this leaves a significant margin for error. Once you’re ready to send your cryptocurrency, check the address one more time. Then check it again.
  • Use a Virtual Private Network (VPN(opens in new tab)) to shield your payment data when making crypto transactions.