This Was the Worst Year for Crypto Hacks. Here’s How 2023 Can Be Better

OpenZeppelin’s Stephen Lloyd Webber writes about the plague of exploits that drained billions from crypto protocols – and how Web3 can better secure itself.

AccessTimeIconDec 19, 2022 at 8:29 p.m. UTC
Updated Sep 28, 2023 at 2:24 p.m. UTC
AccessTimeIconDec 19, 2022 at 8:29 p.m. UTCUpdated Sep 28, 2023 at 2:24 p.m. UTC
AccessTimeIconDec 19, 2022 at 8:29 p.m. UTCUpdated Sep 28, 2023 at 2:24 p.m. UTC

Over the past 12 months, crypto has seen a troubling flood of attacks and exploits. There have been too many to track – this is an issue that desperately needs to be addressed.

Fortunately, there’s hope. Protocols can up their game when it comes to auditing code, monitoring network activity and setting clear attack response plans when an exploit does occur. If the industry takes note and implements these protections, it’s very plausible years like this will remain in the rear view mirror.

Stephen Lloyd Webber works in product marketing at OpenZeppelin, a crypto cybersecurity tech company. This article is part of CoinDesk’s Crypto 2023 series.

The plague of attacks

According to Chainalysis, 2022 is on track to be the worst year on record for funds stolen through hacks and exploits. Some $3 billion was stolen, at last count.

The Ronin hack is particularly notable. In March, North Korean-linked Lazarus Group expropriated about $620 million worth of ETH and USDC from the Ronin Network, a sidechain built for the popular Web3 game Axie Infinity.

What’s most surprising is it took over a week for this attack to be discovered. Law enforcement officials have been able to recover about $30 million of the stolen funds and Binance has been able to freeze an additional $5.8 million, but the majority of assets remain under the hackers’ control.

Funds have also not yet been recovered from the Wormhole bridge attack in February. This bridge, which connects Ethereum, Solana, Avalanche and other blockchain networks, was not the first to be attacked, but it might be the most notable. Somehow an attacker was able to mint 120,000 wrapped ether, or wETH, without having to put up any collateral. They then converted that free wETH into regular ETH and SOL, netting themselves $320 million. While these funds have not been recovered, Jump Trading did step in to inject Wormhole with 120,000 ETH to bring the bridge back into operation.

The list goes on and on. Nomad bridge lost $190 million. Wintermute, a decentralized finance (DeFi) platform, was hit for $160 million. Even a Binance BNB Network bridge was exploited for $100 million. Something needs to be done to make cryptocurrency services more secure against hacks and exploits.

How to move forward

The good news is things don’t have to stay as dire as they are now. We will see far fewer attacks, or at least mitigate their impact, in 2023 and beyond if crypto platforms and protocols are willing to expand their defensive efforts. This can come in a variety of forms, but all involve improved monitoring as well as proactive systems in place to respond when an event does occur.

The first line of defense is for all smart contract code to be carefully audited by reputable, third-party sources. The results of these audits should also be transparently shared with the community, to properly disclose any problems found and what was done to fix them.

However, a one-time security audit isn’t enough (as we’ve seen by the multiple DeFi platforms that were audited and hacked). Instead, every time the code is updated, new audits should be performed. This will ensure no new issues are being introduced. Even a small change to the code can have unforeseen ramifications, and it’s crucial for teams to adopt a more security-centric stance as they develop and deploy smart contracts.

Audits are essential, but if they were enough the crypto space wouldn’t be seeing so many of these exploits. Even thoroughly tested and well-audited code needs to be deployed in such a way that allows teams the ability to guard against potential risk vectors. Without robust security and operational monitoring that keeps track of the state of privileged accounts as well as wider interrelationships between system components and blockchain state, users will not be able to trust that their funds are secure.

This is why there is a need for a more real-time, proactive approach to security for decentralized services. Projects need to have systems in place that actively monitor transactions on a given platform and can detect anomalous or suspicious activity such as sudden spikes in usage, changes in price or interaction with blacklisted accounts as well as governance proposals submitted using flash loans.

In many cases, the first sign of an attack is exactly that – transactions are unusually large and/or many are going to the same address in a very short period of time. Being able to detect these events as they happen can help teams stay informed about potential threats. It also opens the door for such measures to be automated, eliminating or minimizing the need for human interaction.

Lastly, even the most finely tuned operational and security monitoring is limited in helpfulness without some form of response system in place as well. A team that has thoroughly mapped the attack vectors of their systems can plan their responses well in advance of an actual security incident. Smoke tests and thorough planning are a key step in this direction so that based on the alerts each relevant actor can assess the situation and respond to it quickly. This means steps to halt and reverse damage can be taken in hours or even minutes, instead of days or weeks.

Even in the event that there is a loss of funds, a prompt response is crucial to prevent further loss of funds. It may also help bolster trust in the team behind a protocol, even if the system has already been shown to be in jeopardy.

As a security-first mentality becomes ubiquitous, it will also help to deter attackers from attempting such exploits in the first place, as they will know that they will be spotted immediately. Community-led security monitoring efforts help ensure the security of the overall ecosystem by incentivizing such monitoring and allowing anyone to have a window into the operational health of protocols on the blockchain.

To be sure, there isn’t necessarily a “one size fits all” solution for every project out there, but all protocols could benefit from a combination of recurring audits, active security and operational monitoring of their networks, and an automated incident notification and response system.

Such actions have proven to be indispensable, and they are measures taken by leading players in the Web3 ecosystem such as Compound Finance and Matter Labs. If more teams take measures such as these, hopefully 2022 will be the last year where crypto is setting records for the most money ever stolen through an exploit. The sooner the broader industry gets on board, the sooner these events can largely be left in the past.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk offers all employees above a certain salary threshold, including journalists, stock options in the Bullish group as part of their compensation.

Stephen Webber

Stephen Lloyd Webber works in product marketing at OpenZeppelin, a crypto cybersecurity tech company.