October has been quite the month for rug pulls and exploits, with all of them amassing into total losses of over $1 billion, and new losses of over $200 million, a staggering amount for just one month.
Monthly Statistics for October 2022
Year-on-year, we have seen an increase in funds lost from $442m to over $1b, a huge increase. More funds were recovered this year in a fortunate turn of events, with over $100m being returned from the hackers.
A similar story can be said for the year-to-date statistics. From January to October, as much as $43b was lost this year.
By comparison, only $7.9b was lost for the same period in 2021.
Overall, in terms of recoveries, a similar amount of funds were ultimately recovered in both years. In January to October 2022, a cool $889m was recovered from hackers and scammers.
Some encouraging signs can be seen in the data — February 2022 saw the largest amount of funds being recovered, while October 2022 came in 4th in the same metric.
This seems to indicate a positive trend of the Crypto space actively working on better ways to recover stolen or hacked funds.
By comparison, a similar $646m was recovered in the same period in 2021. Notably, in 2021, a spike was seen in funds recovered in August — this was due to over $600m being recovered from the Poly Network exploit, which was itself carried out by a white hat hacker.
Funds Lost by Chain in October 2022
Interestingly, for October 2022, an overwhelming percentage of losses came from Centralized Exchange platforms. This was largely due to the Bitcoin Shiekh incident, which contributed almost all of the $766m loss on centralized exchanges.
Another unique thing that happened this month was how Solana saw the biggest losses at $116m — surpassing the typical suspects, BNB Chain ($94.9m) and Ethereum ($32.8m). This was of course driven heavily by an abnormally large exploit on Mango Markets.
Finally, we also did see that Polygon ranked well, with the lowest amount of lost funds in October. Ironically, however, this $190,000 loss was due to a flash loan exploit on QuickSwap, a blue-chip decentralized exchange on Polygon.
In terms of frequency, the prize in October 2022 still goes to BNB Chain, with 26 out of 37 cases this month occurring there.
Types of Exploit in October 2022
The most common exploit types in October were the rug pull and the exploit,which saw 15 and 14 cases this month respectively.
The most popular target for hackers this month was the token, with 22 such cases of tokens being exploited or dumped by rogue developers.
In terms of funds lost, however, CeFi exploits, DEX exploits and Bridge hacks took centre stage, with each type of target seeing tens or even hundreds of millions lost, from a small number of exploits.
Top 5 Cases for October 2022
With that said, let’s take a brief look at the top 5 cases.
The Bitcoin Sheikh project was arrested for operating a Ponzi scheme. While this does not represent a new loss, the authorities uncovered and seized assets worth $766 million.
The Brazilian authorities reported the discovery of a Ponzi scheme that was headed by Francisco Valdevino da Silva, otherwise called “Bitcoin Sheikh”. They claimed that De Silva had exploited hundreds of people through the pretense of 20% returns.
According to the authorities, their token lacked proper liquidity or backing and even had a few celebrities on their list of exploited investors, such as Sasha Meneghel, a model who had lost $230,000.
The Mango Markets, which is a DeFi exchange on Solana, got exploited due to market manipulation, where the attacker made a profit of exactly $116 million.
Using two addresses, the attacker pumped the MNGO token’s price and later used the tokens to obtain a $166 million loan from numerous pools.
Using the first address, the attacker purchased MNGO tokens worth 5,000,000 USDC and generated an open position. The second address was then used to purchase the same number of tokens to open a long position for hedging.
As a result, the hacker essentially pumped the token price because of the lack of liquidity within the pool. Following that, on the MangoDAO, the attacker began a proposal that entailed restoring the deposit funds of the user for immunity, which turned the users against the MangoDEX.
One interesting thing to note here is that an FTX address funded the hacker’s address.
Fortunately, the team was able to recover $69 million of the stolen funds from the hacker. Following the end of a proposal that returned a portion of the funds, the Mango Team marked $47,000,000 for the hacker as a bug bounty and returned the rest of the $69,000,000.
On Twitter, Abraham Eisenberg, who was responsible for the removal of the funds, stated that it wasn’t illegal since the actions he executed were a part of the project’s design.
Attacker address: [https://solscan.io/account/yUJw9a2PyoqKkH47i4yEGf4WXomSHMiK7Lp29Xs2NqM](https://solscan.io/account/yUJw9a2PyoqKkH47i4yEGf4WXomSHMiK7Lp29Xs2NqM)
The native cross-chain bridge known as the BNB Token Hub, which lies between the BNB Smart and Beacon Chains, was exploited, causing a mint of 2,000,000 BNB to the attacker’s address. To mint those BNB tokens, the hacker utilized a low-level proof vulnerability and then started to bridge those funds to the Ethereum and Fantom chains.
Security experts collaborated with various validators to save most of the funds. However, the hacker was able to bridge $89,530,887 by using the Stargate and AnySwap bridges. 53% of the funds stolen went to Ethereum, 33% went to Fantom, and the remaining went to other chains.
The attacker’s address was blacklisted by Tether. The $421,000,000 that remained stayed frozen in the hacker’s address.
Later on, 4.5 million and 1.7 million USDT of the funds stolen were blacklisted and unreachable on the Ethereum and Avalanche chains, whereas the 2 million USDT on the Arbitrum chain still needs to be blacklisted.
Attacker address: [https://bscscan.com/address/0x489a8756c18c0b8b24ec2a2b9ff3d4d447f79bec](https://bscscan.com/address/0x489a8756c18c0b8b24ec2a2b9ff3d4d447f79bec)
Malicious transactions: [https://bscscan.com/tx/0x05356fd06ce56a9ec5b4eaf9c075abd740cae4c21eab1676440ab5cd2fe5c57a](https://bscscan.com/tx/0x05356fd06ce56a9ec5b4eaf9c075abd740cae4c21eab1676440ab5cd2fe5c57a) https://bscscan.com/tx/0xebf83628ba893d35b496121fb8201666b8e09f3cbadf0e269162baa72efe3b8b
Affected contracts: [https://bscscan.com/address/0x0000000000000000000000000000000000002000](https://bscscan.com/address/0x0000000000000000000000000000000000002000) https://bscscan.com/address/0x0000000000000000000000000000000000001004
The Freeway Protocol halted its services, stating it experienced “unprecedented volatility.” Following that incident, both the names and images of the team were deleted from its official website. The staking platform promised 43% annual returns, and gathered numerous different assets from its users.
After it halted withdrawals, FWT, its native token, saw a drop of over 75% in just 24 hours. On October 23rd, the team tweeted that they had made a decision to “diversify their asset base” and temporarily stop purchasing supercharger simulations until they had “implemented their new strategies.” Following this, the token’s market capitalization decreased from $75,000,000 to approximately $15,000,000. The estimated funds lost is around $60 million.
The Transit Swap, a multi-chain DEX that operates on both the Binance and Ethereum chains, was exploited. Here, approximately $28,900,000 worth was stolen from users’ addresses. The hacker utilized malicious smart contracts so that he could take advantage of the project’s swap contracts on both chains. Because of a vulnerability the swap contracts had, the hacker was able to exploit the transferFrom() function to drain the approved assets of users and then send them to a different EOA address.
Following the hack, within 24 hours, Transit Finance revealed that they had collaborated with other security teams and managed to recover 65% of the stolen funds. As a result, they published an article containing a list of addresses that were involved in the exploit and stated that the total amount of funds recovered was from the hacker that had the largest portion of those funds. Not only that, but the team is actively working to recover the rest of the funds while formulating various bug bounty rules.
Attacker address: [https://bscscan.com/address/0x5f0b31aa37bce387a8b21554a8360c6b8698fbef](https://bscscan.com/address/0x5f0b31aa37bce387a8b21554a8360c6b8698fbef) https://etherscan.io/address/0x5f0b31aa37bce387a8b21554a8360c6b8698fbef
Address funds transferred: [https://bscscan.com/address/0x75f2aba6a44580d7be2c4e42885d4a1917bffd46](https://bscscan.com/address/0x75f2aba6a44580d7be2c4e42885d4a1917bffd46) https://etherscan.io/address/0x75f2aba6a44580d7be2c4e42885d4a1917bffd46
Malicious contracts: [https://bscscan.com/address/0x8ca8fd9c7641849a14cbf72faf05c305b0c68a34](https://bscscan.com/address/0x8ca8fd9c7641849a14cbf72faf05c305b0c68a34) https://etherscan.io/address/0x17ff6c94ba3a49c72ef2f10782de8a6152f204ea
Recovery transactions: [https://etherscan.io/tx/0x3da1843247070fbcfcf9c8d0e02dcd660ea882640fc842625b675aabc45e6a2a](https://etherscan.io/tx/0x3da1843247070fbcfcf9c8d0e02dcd660ea882640fc842625b675aabc45e6a2a) https://bscscan.com/tx/0xd941c6012656dae9fe16882becffdf41d91836b19bbcea659cad65f5049c5f83 https://bscscan.com/tx/0x53495bd2fddefd179ef107e43d5d2dea922ceda4bb1c9bc183e265dcc6474e02
As we can see from the increasing amount of funds lost year on year, DeFi has never been riskier. Thus, it is crucial that we continue to educate ourselves on the dangers of investing in unknown DeFi protocols, and remain alert to potential risks.
To see what threats your personal wallet is currently exposed to, check out our Shield, a first-of-its-kind way to quickly scan your wallet for threats and revoke them in under 10 seconds.
Stay safe, and happy farming!
For more De.Fi updates you can visit us at:
🌐 Website | 📱 Telegram | 🐦Twitter
Check our **De.Fi Blog** !
Good luck in farming!
November 1 • 9 minutes
In this blog, we'll walk through what Gnosis token approvals are and how you can audit + revoke them using the free De.Fi Shield tool.
April 19 • 7 minutes
During Q1 2024 ... total losses amounting to $414,875,820 across a range of exploits and security incidents.
April 1 • 10 minutes
Among the many options available, Phantom Wallet has emerged as a popular choice for those in the Solana ecosystem, sparking questions about its safety, legitimacy, and features.
March 22 • 17 minutes
A total of $148,690,165 was lost across various platforms and chains due to diverse exploits.
March 2 • 11 minutes
Celo token approvals can go by many names including token permissions, smart contract permissions, token allowances, etc.
February 23 • 7 minutes
The top three largest governance hacks resulted in $414M in losses over the years
February 12 • 5 minutes
© De.Fi. All rights reserved.
