December 2022 proved to be the month that had the least crypto stolen last year, although there were still 23 major incidents, as highlighted by CertiK data.
Crypto hackers and exploiters seemed to have slowed down for the 2022 holidays as December saw nearly $62.2 million worth of cryptos stolen, the “lowest monthly figure” of the year, based on CertiK data.
The blockchain security firm on December 31 tweeted a list of the month’s most notable attacks. It highlighted the $15.5 million worth of exit scams as the method that stole the most value over the month. It was followed by the $7.6 million worth of flash loan-based exploits.
Combining all the incidents in December we’ve confirmed ~$62.2M lost to exploits, hacks and scams.
The lowest monthly figure this year.
Exit scams were ~$15.5M
Flashloans were ~$7.6M
See the details below 👇 pic.twitter.com/1ub3mYVv6K
— CertiK Alert (@CertiKAlert) December 31, 2022
In a later tweet on January 1, CertiK confirmed that the 23 biggest exploits were responsible for nearly 98.5% of the $62.2 million figure, with the $15 million Helio Protocol incident on December 2, the biggest of the month.
The protocol, which manages the stablecoin HAY (HAY), suffered a loss when a trader took advantage of a price discrepancy in Ankr Reward Bearing Staked BNB (aBNBc) to borrow several millions worth of HAY.
At that time, the decentralized finance (DeFi) protocol Ankr suffered another exploit where an attacker minted 20 trillion aBNBc, which made its price plunge deeply. The Helio trader rapidly deposited aBNBc tokens to borrow 16 million HAY, making the loan to be considerably under-collateralized, resulting in the protocol’s loss and a depeg of its stablecoin.
The second biggest incident of the month was the $12.9 million exploits of Defrost Finance’s v1 and v2 protocols on December 23, where a hacker executed a flash loan attack by adding a fake collateral token and a malicious price oracle to liquidate the protocol.
Days after that exploit, the hacker returned the funds stolen from the v1 protocol to an address controlled by Defrost, although funds are yet to have been returned for the v2 hack.
CertiK labeled the exploit an ‘exit scam’ due to the fact an admin key was needed to execute the attack. Defrost denied the allegations to reporters, alleging that the key was compromised.
Buy Crypto NowThe December figure is considerably lower than the month before, seeing an 89.5% drop from the $595 million worth of exploiters in 36 major incidents CertiK recorded in November, a figure majorly skewed by the $477 million hack of the FTX crypto exchange.
36 major attacks were recorded in November totalling a loss of ~$595 Million.
As always, make sure a project has an audit & KYC before investing!
Remember to always #DYOR and read the audit reports! pic.twitter.com/UhiDU2itAm
— CertiK Alert (@CertiKAlert) December 1, 2022
In general, for 2022, just the biggest 10 exploits of the year funneled nearly $2.1 billion to the criminals, majorly on cross-blockchain bridges and decentralized finance protocol.