Crypto hackers stole a record $3.8B in 2022. Don't be next.

(Image credit: Getty Images)

published 9 February 2023

2022 was a brutal year for crypto investors. Hackers from around the world had a banner year for stealing cryptocurrency from crypto-oriented businesses, as reported by blockchain analysis firm Chainalysis. On top of that, most cryptocurrencies experienced massive wipeouts, with Bitcoin alone — once touted by some crypto-enthusiasts as a "store of value — falling over 60% in a year, per CNN. Lastly, several major exchanges and investment firms, including Sam Bankman-Fried's FTX exchange, collapsed resulting in the loss of massive amounts of stored consumer wealth.

So after a year of misery, who was behind the crypto hacks, who was affected, and what can you do to protect your digital assets going forward?

2022 crypto hackers' big year

Chainalysis identified $3.8 billion in cryptocurrency hacks last year, which is 15% up on 2021 ($3.3 billion) and dramatically up on the $0.5 billion stolen in 2020. The past few years have seen a massive escalation in exposure to crypto among the general public, and so their increased online holdings have become larger (and easier) targets. Here’s the year-over-year hacking breakdown since crypto burst into the larger public eye in 2016.

Subscribe to Kiplinger’s Personal Finance

Be a smarter, better informed investor.

Save up to 74%

https://cdn.mos.cms.futurecdn.net/hwgJ7osrMtUWhk5koeVme7-200-80.png

Sign up for Kiplinger’s Free E-Newsletters

Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.

Profit and prosper with the best of expert advice - straight to your e-mail.

Chainalysis report: Crypto hacks in 2022

Each of the surges in hacking roughly corresponds to surges in public interest and investment in cryptocurrencies, as represented in this historical Bitcoin price chart from CoinDesk. As public interest and prices spiked to new levels in 2018 and 2021/2022, a rise in hacking followed soon after.

Chainalysis identified “Decentralized finance (De-Fi) protocols” — critical codes supporting the operation of major crypto exchanges and businesses — as the biggest targets of hackers, both in 2023 and 2022. De-Fi protocols accounted for 82% of all hacking last year, up from 73% the year before.

For the uninitiated, decentralized finance and the associated protocols are intended to replace traditional financial institutions with software that allows users to transact directly with each other via the blockchain, the digital ledger that underpins cryptocurrencies. As the report shows, smart-contract hacks via these De-Fi protocols are a major investor risk, short only to losing your money through price speculation. Once a smart contract is hacked, it’s generally impossible to recover funds.

NK hackers led the globe... again

North Korea (NK) stands alone in its dedication to crypto hacking. Chainalysis estimates that NK government-linked cybercrime outfits like the Lazarus Group stole $1.7 billion in 2022, nearly half the global yearly total. A new United Nations cyberattack report reaches the same conclusion that NK stole more cryptocurrency in 2022 than any other previous year, though their estimate of the total value of stolen funds differs.

The Conversation reports that NK uses stolen crypto to fund its sanctioned nuclear program, so its dedication to hacking isn’t likely to abate anytime soon. Chainalysis broke down the trend year by year, showing a huge increase in hacking activity in 2022 over any previous year.

Biggest crypto hacks of 2022

NordVPN ranked the largest crypto hacks of the past year, headlined by a few major names in the crypto industry. Were your crypto accounts among those affected?

Ronin bridge hack — $600M+
Ronin is an Ethereum network built to handle crypto transactions for “Axie Infinity”, an online game based around winning NFTs (non-fungible tokens). The game’s developers said hackers gained access to internal “validator” systems and stole over $600 million in user funds. The U.S. Treasury Department acknowledged the likelihood that North Korea’s Lazarus Group was behind the bridge’s exploit. The Ronin bridge hack is the largest cryptocurrency hack to date.
FTX wallet hack - $477M
During the implosion of the FTX cryptocurrency exchange, an unknown perpetrator performed a series of unauthorized transactions and stole $477 million worth of users’ crypto funds. Indicted FTX founder Sam Bankman-Fried said he believed it was “either an ex-employee or somewhere someone installed malware on an ex-employee’s computer.”
Wormhole bridge exploit - $320M+
Wormhole allows users to send and receive crypto between multiple blockchains. An attacker found a vulnerability in the protocol’s smart contract and stole 120,000 tokens worth $321 million.

How to protect your crypto assets

After another year of crypto investors losing their shirts to hackers, if you are determined to stay in the game (although it doesn't seem that much fun) you could consider our list of tips to safeguard your digital currency.

Don't keep your crypto on an exchange unless you plan to actively trade it. The only thing standing between a hacker and your funds is your basic password. Major and minor online crypto exchanges like FTX seem to be major targets for hacks and malfeasance, with little in the way of consistent regulation or security.
Keep your crypto in your own physical “cold wallet” offline. Cold wallets (specifically hardware wallets) are physical devices that store your crypto offline and can only be connected to the blockchain using your private key. For no more than $150, hardware wallets that look similar to USB drives such as Ledger and Trezor can store multiple cryptocurrencies and significantly reduce your risk of getting hacked. Always have two-factor authentication (2FA) on all wallets and exchanges that allow it. Never give out your private key.
Carefully guard your “seed phrase,” a series of words that give a user access to all currency and data held in a crypto wallet, including funds and private keys. Beginners often are scammed by entering their seed phrase into a site they think is legitimate or secure, but is actually a duplicate phishing landing page.
When making a crypto transaction, double-check that you’re sending it to the right wallet. A wallet address is a mixed string of letters and numbers generally ranging from 20 to 42 characters, depending on the cryptocurrency. When sending money from an exchange to your personal wallet or vice versa, always use the "Copy Address" feature or copy and paste the address into the "Recipient" field. The same applies when sending payment to a friend or family member. Do not try to type in each character one at a time, as this leaves a significant margin for error. Once you're ready to send your cryptocurrency, check the address one more time. Then check it again.
Use a Virtual Private Network (VPN) to shield your payment data when making crypto transactions.

Ben Demers manages digital content and engagement at Kiplinger, informing readers through a range of personal finance articles, e-newsletters, social media, syndicated content, and videos. He is passionate about helping people lead their best lives through sound financial behavior, particularly saving money at home and avoiding scams and identity theft. Ben graduated with an M.P.S. from Georgetown University and a B.A. from Vassar College. He joined Kiplinger in May 2017.