Decentralized Finance Security Incident Review: Major Case Analysis in 2022

In 2022, the blockchain industry experienced over 300 security incidents, with total losses reaching up to 4.3 billion USD. This article will analyze in detail 8 typical cases, most of which involve losses exceeding 100 million USD.

Ronin Bridge Incident

In March 2022, the sidechain Ronin Network of Axie Infinity was hacked, resulting in a loss of 173,600 ETH and 25.5 million USD, with a total value of about 625 million USD. It was reported that the North Korean hacker group Lazarus infiltrated the systems of Sky Mavis through social engineering techniques and ultimately gained control of 5 out of 9 validation nodes, completing the attack.

This incident has exposed serious issues in the project's employee safety awareness and internal security system. It also reflects that traditional hacker groups and nation-state actors are shifting their attack targets towards blockchain projects to directly obtain economic benefits.

Wormhole Event

The Wormhole cross-chain bridge suffered a loss of approximately 120,000 ETH due to an error in the signature verification code of the core contract on the Solana side, which allowed attackers to forge "guardian" messages to mint Wormhole-wrapped ETH.

This issue mainly arises from the use of deprecated functions. Developers are advised to use the latest version of the development tools to avoid similar problems.

Nomad Bridge Incident

The Nomad cross-chain bridge suffered from initialization settings issues, allowing attackers to replay valid transactions to extract funds, resulting in a loss of approximately $190 million. Some MEV bots also participated in this "money grabbing" incident.

This case reflects that once an open-source project has a vulnerability, it can be easily exploited. The project team needs to fully consider various abnormal scenarios and conduct comprehensive testing.

Beanstalk Incident

The algorithmic stablecoin project Beanstalk suffered a flash loan attack, resulting in a loss of approximately $182 million. The attacker exploited a vulnerability in the project's governance mechanism to gain a large amount of voting power through a flash loan and stole funds through malicious proposals.

This reflects the potential risks of decentralized governance mechanisms. It is recommended that projects establish proposal review mechanisms, voting lock-up periods, and time locks as safety measures.

Wintermute Incident

The market maker Wintermute suffered a loss of approximately $160 million due to the use of a vulnerable address generation tool called Profanity, which led to the compromise of a key contract's private key.

This reminds us to fully assess security risks when using open-source tools and not to overly rely on a single tool.

Harmony Bridge Event

The cross-chain bridge Horizon of Harmony was attacked, resulting in losses exceeding $100 million, suspected to be the work of a North Korean hacker group. Specific details have not been disclosed, but the method of attack may be similar to the Ronin Bridge incident.

Ankr Event

The Ankr project has encountered internal misconduct, resulting in a large number of tokens being maliciously minted and sold off, leading to a chain reaction.

This reflects the vulnerability of the DeFi ecosystem and the importance of internal permission management. It is recommended to adopt mechanisms such as multi-signature to enhance security.

Mango Event

A certain trader manipulated the price of MNGO tokens on the Mango platform using perpetual contracts and the spot market, resulting in large borrowings and causing the platform to incur losses of approximately $115 million.

This reflects that DeFi projects also have vulnerabilities in their business model design and need to consider various extreme situations. As users, one should also be cautious when participating in small-cap token trading.