DeFi Security Incident Review: Analysis of Major Security Incidents in 2022

In 2022, the Web3 industry experienced several major security incidents, with statistics showing over 300 blockchain security accidents occurring throughout the year, involving an amount as high as $4.3 billion. This article will focus on reviewing 8 typical cases, most of which incurred losses exceeding $100 million, profoundly reflecting the security challenges currently faced in the Decentralized Finance field.

Ronin Bridge Incident

On March 23, 2022, the sidechain Ronin Network of the NFT game Axie Infinity was hacked, resulting in a loss of 173,600 ETH and 25.5 million USD, with a total value of approximately 625 million USD.

Attackers gained the trust of internal employees through social engineering methods, infiltrating the system and taking control of multiple verification nodes. This incident exposes serious flaws in the project's employee security awareness training and internal security system.

Wormhole Incident

The cross-chain bridge Wormhole suffered from a vulnerability in the Solana side contract code, which allowed attackers to forge "guardian" messages and mint approximately 120,000 ETH. The root cause of this incident lies in the use of deprecated functions, reminding developers to promptly update to the latest version of the codebase.

Nomad Bridge Incident

The cross-chain protocol Nomad suffered a loss of approximately $190 million due to an initialization setting issue, which allowed attackers to replay valid transactions to extract locked funds. This incident highlights the importance of security audits during the project's initialization phase and the potential risks posed by automated tools such as MEV bots.

Beanstalk Incident

The algorithmic stablecoin project Beanstalk suffered a flash loan attack, resulting in losses of approximately $182 million. The attacker exploited a vulnerability in the project's governance mechanism to obtain a large amount of voting power through malicious proposals. This serves as a reminder for project teams to fully consider various attack scenarios when designing governance mechanisms.

Wintermute Incident

Market maker Wintermute lost approximately $160 million due to the use of the vulnerable address generation tool Profanity, which led to the compromise of their private keys. This serves as a warning to project teams to conduct thorough security assessments when using third-party tools.

Harmony Bridge Incident

The cross-chain bridge Horizon has been attacked, resulting in losses exceeding $100 million. Analysis suggests it may have been carried out by the North Korean hacker group Lazarus, with methods similar to the Ronin Bridge incident. This reflects the increasing threat of state-sponsored hacker organizations to blockchain projects.

Ankr Incident

The Ankr project suffered an attack on its contract due to malicious actions by internal personnel, resulting in a loss of approximately 15 million USD. This exposes serious vulnerabilities in the project's permission management and private key storage.

Mango Incident

The DeFi platform Mango suffered a market manipulation attack, resulting in a loss of about $115 million. The attacker exploited the characteristics of low liquidity in small-cap tokens to manipulate prices through long and short hedging. This reflects the need for DeFi projects to comprehensively consider various extreme market conditions.

The above case reflects that the security threats faced by DeFi projects come not only from technical vulnerabilities but also from multiple aspects such as governance mechanisms, internal management, and market manipulation. Project teams need to establish a comprehensive security protection system, and users should also enhance their risk awareness and participate cautiously in various DeFi projects.