Crypto is crumbling, and DeFi hacks are getting worse

The amount of crypto stolen in the first quarter of 2022 has already surpassed criminal hackers’ 2021 haul. There aren’t any easy fixes.

DeFi teetering on a cliff.

The biggest hacks of 2022 were carried out by attackers spotting vulnerabilities in smart contracts and protocols, especially in cross-chain bridges and flash loan protocols.

Illustration: Christopher T. Fong/Protocol

Until recently, DeFi seemed like it was on an exponential trajectory upwards. With the collective value of crypto peaking near $3 trillion, hackers saw a big opportunity. The only thing that may slow them down is the precipitous drop in the value of the tokens they’re going after.

DeFi hacks have been getting worse and worse, with no clear solutions in sight. According to a recent report by blockchain security firm PeckShield, the amount of money netted from DeFi hacks in the first four months of 2022, $1.57 billion, has already surpassed the amount netted in all of 2021, $1.55 billion. A report by Chainalysis found a similar trend, with the hacker haul in the first three months of 2022 exceeding a record set in the third quarter of 2021.

The biggest contributors to the worst quarter the industry has seen — or the best, if you’re a criminal — were Axie Infinity’s Ronin bridge exploit ($650 million), the Wormhole network exploit ($320 million) and the Beanstalk Farms governance attack ($180 million).

A thread connects all three: The biggest hacks of 2022 were carried out by attackers spotting vulnerabilities in smart contracts and protocols, especially in cross-chain bridges and flash loan protocols. The rising tide of digital theft threatens to undermine confidence in cryptocurrency broadly and bring down regulators’ wrath on a still-nascent industry.

Erin Plante, senior director of Investigations at Chainalysis, told Protocol that because blockchain code is typically public, hackers can view it easily to spot vulnerabilities and manipulate the protocol to exploit it.

Plante added that there was a “dramatic shift to exploiting DeFi protocols” in 2022, due to “code exploits and flash loans,” as opposed to the social engineering attacks that typified previous years’ hacks. This could explain why DeFi hacks have become so massive in 2022: Attackers no longer rely on a large number of people falling for phishing scams, but are instead able to attack the DeFi protocols directly.

Cross-chain bridges have become a target for attackers mainly because of an increased surface area that allows for more attack vectors than typically exist on a single blockchain. Bridges also usually have a smaller developer community, which means a smaller number of validator nodes that must sign off before transactions are recognized. In the Axie Ronin bridge attack, only five out of nine validator nodes needed to be signed, an opportunity the hacker targeted.

There is perhaps another alarming statistic for regulators. 2022 has also been the biggest year for North Korean-affiliated hacking groups so far, according to the Chainalysis report. Last month, the U.S. Treasury linked the Ronin bridge hack to North Korea’s Lazarus hacking group, listing its wallet address in the Specially Designated Nationals List and sanctioning the funds.

This is especially worrying given a recent United Nations report that found crypto laundered by North Korean hackers was used to fund nuclear and missile programs, making the issue a matter of international security.

As the wheels of government enforcers and regulators churn slowly, DeFi companies need to move quickly to ensure that open-source code isn’t taken advantage of by attackers. Ronghui Gu, CEO of blockchain security firm CertiK, said projects need to take a proactive, end-to-end approach with their security.

“This means having smart contract audits of every line of code, both before launch and any time the code is changed,” Gu said.

Other security measures include on-chain monitoring tools to protect smart contracts after deployment, as well as avoiding centralization, another big attack vector in 2021. Centralization played a key role in the Axie hack: The attacker managed to gain control of four Ronin validator nodes in one go through social engineering and gained access to another through a bug.

Gu suggested that project owners could also submit themselves to background checks, a controversial measure. Some “undoxxed” crypto figures pride themselves on operating under pseudonyms, while others advertise themselves as “doxxed,” disclosing their real, verified identities to build trust with token buyers and software developers.

While Plante echoed the same sentiments, she added that there is also “a need for the community to come together and support each other and protect each other and attempt to ward off these attackers,” leveraging Web3’s community ethos. It will take collective effort to secure the blockchain — and if the industry doesn’t provide it, Washington might just step in.


Sealed finds a market in home decarbonization

Sealed offers homeowners the chance to save money and help protect the planet.

Sealed is convincing homeowners to look at their HVAC systems and insulation in order to save energy and money.

Photo: Gabe Souza/Portland Portland Press Herald via Getty Images

Shiny silver panels hug the walls of Andy Frank’s attic; they vaguely remind me of a child’s robot Halloween costume. A sticky-looking foam lines both the gaps in the attic’s floorboards and the roof, plugging up holes where squirrels could have once taken shelter.

The space is positively sweat-inducing, even for the mere minute I have my head poking above the trapdoor.

Keep Reading Show less
Lisa Martine Jenkins

Lisa Martine Jenkins is a senior reporter at Protocol covering climate. Lisa previously wrote for Morning Consult, Chemical Watch and the Associated Press. Lisa is currently based in Brooklyn, and is originally from the Bay Area. Find her on Twitter ( @l_m_j_) or reach out via email (

Now that most organizations are returning to the office, there are varying extremes – some leaders demand that employees return to the office, with some employees revolting and some rejoicing to be together again. On the other hand, some companies have closed physical offices and made remote work permanent; creating a sigh of relief for some employees and creating frustration for others.

Most of us are somewhere in between, trying our best to take a measured approach at building the right hybrid strategy tailored to company culture. Some seemingly have begun to crack the code, while the majority are grappling with the when, how, why, and who of this new hybrid work reality.

Keep Reading Show less
Nathan Coutinho

Nathan Coutinho leads Logitech's global conferencing business strategy and analyst relations. A Swiss company focused on innovation and quality, Logitech designs products and experiences that have an everyday place in people's lives.Coutinho leads strategy and execution of Logitech's video conferencing solutions, from personal solutions to highly-scalable conference rooms.Coutinho has more than 25 years of experience in the IT industry with various roles in executive leadership, consulting, engineering, marketing and technical sales.


Experts say tech companies need to prepare for the next SCOTUS decision

HR experts said companies need to be proactive about protections for contraception, privacy and LGBTQ+ rights.

Experts say tech leaders need to start thinking about future Supreme Court rulings.

Photo: Anna Moneymaker/Getty Images

Tech companies are still trying to prepare for a post-Roe world. But it might already be time to think about what the Supreme Court is planning next.

When the Supreme Court overturned Roe v. Wade Friday, Justice Clarence Thomas wrote in a concurring opinion that the court should also reconsider rulings protecting contraception and same-sex relationships, citing Griswold, Lawrence and Obergefell. If those decisions were ever overruled, it would have massive implications for everyone, but especially for employees living in states where same-sex marriage is at risk of becoming illegal without a federal shield.

Keep Reading Show less
Lizzy Lawrence

Lizzy Lawrence ( @LizzyLaw_) is a reporter at Protocol, covering tools and productivity in the workplace. She's a recent graduate of the University of Michigan, where she studied sociology and international studies. She served as editor in chief of The Michigan Daily, her school's independent newspaper. She's based in D.C., and can be reached at


What’s next for tech in a post-Roe world

From employee support to privacy concerns, tech companies play a critical role in what’s to come for abortion access in the U.S.

States banning abortion means that tech will play a critical role in what’s to come for abortion access in the U.S.

Photo: Al Drago/Bloomberg via Getty Images

The end of Roe v. Wade has sent the world of tech scrambling. Many companies are now trying to quickly figure out how to protect workers in states where abortion will be banned, while also facing potential privacy and legal ramifications.

Here’s a look at tech companies’ roles and responses to the ruling. We will update this page as news and events change.

Keep Reading Show less
Alex Eichenstein

Alex Eichenstein (@alexeichenstein) is Protocol's social media editor. Previously, she managed social media and audience engagement efforts at the Center for Public Integrity. She earned an B.A. in English, women and gender studies and political science from the University of Delaware. She lives in Washington, D.C.


You’re thinking about Apple Pay Later all wrong

Apple’s “buy now, pay later” product has a distinctly different distribution strategy that means it doesn’t directly threaten Affirm, Klarna and Afterpay.

Apple Pay Later emerges as a distinctly different product than what Klarna and Affirm offer.

Image: Apple; Protocol

Apple’s entry into the “buy now, pay later” market was one of its worst-kept secrets: Analysts had been predicting the company’s rollout of a pay-later service as early as 2020. The most common read on the move was predictable: Apple was here to smash the competition. The company has a track record of jumping into new sectors late and still managing to come out on top — the iPod came out when there were tons of MP3 players on the market.

But some analysts have a starkly different view. When you look at it under the hood, Apple Pay Later emerges as a distinctly different product than what Klarna and Affirm offer, they say — and one that isn’t much of a market predator.

Keep Reading Show less
Veronica Irwin

Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.

Latest Stories