Skip to content

2022 Was the Year of Crypto Hacks Thanks to DeFi, North Korea

Apart from the implosion of some of the industry's biggest players, 2022 also saw an undercurrent of cyberattacks against decentralised protocols.

Table of Contents

An undercurrent of cyber attacks made its way through the crypto industry in 2022, draining US$3.8 billion from cryptocurrency-based businesses, up from US$3.3 billion in 2022 and US$500 million in 2021.

According to data from Chainalysis, hacking activity spiked in March and October 2022, with the latter becoming the biggest single month ever for cryptocurrency hacking in which US$775.7 million was stolen in 32 separate attacks.

Source: Chainalysis

DeFi protocols and cross-chain bridges remain the biggest victims

According to Chainalysis, DeFi protocols as victims accounted for 82.1% of all cryptocurrency stolen by hackers — a total of US$3.1 billion — up from 73.3% in 2021, with 64% of the US$3.1 billion coming from cross-chain bridges.

This is because cross-chain bridges are essentially "huge, centralised repositories" of funds backing the assets that have bridged to the new chain, which means that any error in the underlying smart contract code can be easily exploited by attackers.

Related: Chainalysis’ Ulisse Dell’Orto - “DeFi is Definitely the Future of Finance”

North Korea's ongoing cyber threat

Data from Chainalysis also indicates that North Korea-linked hackers stole nearly US$1.7 billion across several attacks on various protocols, with experts cited by Chainalysis agreeing that the country is likely using the stolen cryptocurrencies to fund its nuclear weapons program.

In recent times, North Korea's infamous Lazarus Group, which is widely believed to be backed by country's authoritarian regime, has been targeting the crypto industry, and is responsible for a number of high-profile hacks including the US$100 million on the Harmony Horizon Bridge and the US$650 million heist from NFT game Axie Infinity's Ronin Bridge.

According to Chainalysis, US$1.1 billion out of the US$1.7 billion that was stolen by North Korean hackers were drained from DeFi protocols.

However, the firm also revealed that the hackers tended to send the stolen funds back to other DeFi protocols to swap for more liquid assets, not because the decentralised protocols are effective for money laundering (they actually have more transparency as compared to centralised exchanges), but because the attacks usually resulted in the cybercriminals acquiring large quantities of illiquid tokens that are not listed on centralised exchanges.

Related: A Closer Look at Crypto Hacking’s Preferred Mixer - Tornado Cash

North Korean cybercriminals have also been adapting to the recent sanctions on cryptocurrency mixers, which help to obfuscate the origins and owners of the stolen funds. Chainalysis believes that the hackers are now using a new mixer known as "Sinbad", after prominent mixer Tornado Cash was sanctioned by the OFAC (Office of Foreign Assets Control) in August.


The events of 2022 have prompted regulators to tighten oversight on the crypto industry. Many countries including Singapore have also attempted to bridge the gap between the TradFi (traditional finance) and crypto industry, in a bid to provide more accountability for users.

However, it's also important to note that when developed properly, DeFi can arguably be even more secure than TradFi or centralised services (just look at FTX) thanks to blockchain technology's immutable and transparent nature. This means that instead of relying on third parties such as TradFi institutions to increase adoption and enforce regulatory actions, the crypto industry should also look at how to better equip itself internally.

This might include recognising the current failures within the ecosystem, boosting smart contract security, and/or even developing a collective standard for developers to adhere to.