2021 saw an incredible amount of adoption and interest in the cryptocurrency industry, leading to the increase in the development and investment of DeFi platforms.
Following the spike of interest, the total value locked (TVL) across the cryptocurrency industry reached upwards of $230bn.
However, hackers are catching on and beginning to target unaudited DeFi protocols with increasingly sophisticated attacks.
Coin Rivet runs through the top five biggest cryptocurrency hacks faced in 2021:
Poly Network – $611m
The Poly Network hack in August was the biggest cryptocurrency exploit… ever!
More than $600m in assets were stolen from the multi-chain protocol, including $264m worth of assets stolen from Ethereum wallets, $250m from Binance Smart Chain wallets and $85m from Polygon.
Following the hack, the cryptocurrency industry banded together to stop the funds being used and ‘laundered’ by the hacker.
Then, in a surprising turn of events, the hacker decided to return $260m of stolen funds after being ‘hunted’ by various security firms such as Slowmist and Chainalysis.
The fallout led to the hacker – known as ‘Mr White Hat’ – to first be offered a role as ‘chief security adviser’ by Poly Network before returning the rest of the stolen funds in exchange for a 161 ETH bounty.
BitMart – $196m
The BitMart hack saw a total of $196m in assets stolen from two of the platform’s ‘hot wallets’ on Ethereum and BSC in December.
The assets stolen from the wallets included mostly ‘memecoins’ such as SHIB alongside a variety of BSC-based tokens that offer similar utility.
Following the hack, rumours circulated within the platforms Telegram channel, where it was dismissed as ‘fake news‘.
Upon further investigation, BitMart CEO Sheldon Xia confirmed that a “large-scale security breach” occurred and that funds were stolen. Little is still known about the cause of the exploit.
Cream Finance – $148m
DeFi platform Cream Finance was hacked twice in 2021, first for $18m in August followed by a larger $130m exploit in October.
The first saw $18m in ETH stolen thanks to a smart contract issue before the second hacker was able to use ‘flash loans’ to repeatedly lend and borrow funds across multiple wallets.
In total, the hacker managed to get away with a massive trough of assets including 2,760 ETH, 76 BTC and more than $10m in stablecoins.
Vulcan Forged – $140m
In December, the play-to-earn NFT game Vulcan Forged had a total of $140m of PYR tokens stolen from compromised wallets.
A majority of the assets were taken from users wallets, which were linked to an integrated wallet service called Venly.
The exploit saw the ‘private keys’ of 96 addresses being compromised and allow the attacker to drain the contents of their wallets, which also included vast amounts of ETH and MATIC.
Following the hack, the team reimbursed users from its treasury.
Badger Finance – $120m
The final hack on our list again occurred in December when BadgerDAO faced a ‘front-end’ attack that saw more than $120m in ETH and BTC stolen from the platform.
Taking advantage of contract ‘approvals’ – which allows the smart contract to interact with the funds within a wallet – the hacker ‘inserted’ additional approvals and was able to send user funds to their own wallet in secret.
Following the reveal of the exploit, the Badger team announced it had paused all smart contracts before investigating further.
Popular crypto platform Celsius was also affected, reportedly losing 896 Bitcoin ($50m) thanks to the exploit.
*All information was correct at the time of writing.
Disclaimer: The views and opinions expressed by the author should not be considered as financial advice. We do not give advice on financial products.