BlocksInform
Cryptocurrency pirates and exploiters apparently slowed down for the 2022 vacation as December saw 62.2 million dollars of stolen cryptocurrencies, the "lowest monthly number" of the year, according to certik.
The secure blockchain company on dec. 31 tweeted about the most important attacks of the month. It highlighted the $15.5 million worth of exit scams as the method that stole the most value over the month, followed by the $7.6 million worth of flash loan-based exploits.
Combining all the incidents in December we’ve confirmed ~$62.2M lost to exploits, hacks and scams.
This year's lowest monthly number.
Exit scams were ~$15.5M
Flashloans were ~$7.6M
See the details below pic.twitter.com/1ub3mYVv6K
— CertiK Alert (@CertiKAlert) December 31, 2022
A later tweet on Jan. 1 confirmed that the 23 largest exploits were responsible for around 98.5% of the $62.2 million figure, with the $15 million Helio Protocol incident on Dec. Two of this month's most important.
The protocol, who administers the HAY (HAY) stablecoin, incurred a loss when a trader leveraged a price spread in Ankr Reward Bearing Staked NBB (aBNBc) to borrow millions of dollars from HAY.
At the time, the decentralized finance (DeFi) protocol Ankr suffered a separate exploit where an attacker minted 20 trillion aBNBc, causing its price to plummet. The Helio trader quickly deposited aBNBc tokens to borrow 16 million HAY, causing the loan to be significantly undercollateralized, leading to the protocol's loss and a depeg of its stablecoin.
The second largest incident of the month was the $12.9 million exploits of Defrost Finance’s v1 and v2 protocols on Dec. 23, where an attacker carried out a flash loan attack by adding a fake collateral token and a malicious price oracle to liquidate the protocol.
Days after the exploit, the hacker returned the funds stolen from the v1 protocol to an address controlled by Defrost, though funds are yet to have been returned for the v2 hack.
Certik described the feat as an "exit scam" because an administration key was needed to carry out the attack. Defrost denied the allegations to Cointelegraph, claiming the key was compromised.
Related: Crypto’s recovery requires more aggressive solutions to fraud
The December figure is much lower than the month prior, seeing an 89.5% decrease from the $595 million worth of exploits across 36 major incidents CertiK recorded in November, a figure largely skewed by the $477 million hack of crypto exchange FTX.
36 major attacks were recorded in November totalling a loss of ~$595 Million.
As usual, ensure that a project is audited.
Remember to always #DYOR and read the audit reports! pic.twitter.com/UhiDU2itAm
— CertiK Alert (@CertiKAlert) December 1, 2022
Overall for 2022, just the largest 10 exploits of the year funneled around $2.1 billion to bad actors, largely on cross-blockchain bridges and DeFi protocols.
