Just as we thought we could wind down for the holiday season, this was clearly not the case as December came with even more nasty surprises, in the form of crypto hacks and scams.
Compared to the previous year, where December saw over $600 million worth of losses, we actually observed a year on year decrease, to $41 million of losses in December. Moreover, $12 million was recovered.
In total, with the number of high profile losses such as Terra Luna and FTX, the total losses this year have amounted to $47.4b, compared to ‘just’ $8.7b in 2021.
However, this was driven by two major cases as a result of the failures of centralized entities, rather than native DeFi applications. With that said, let’s take a brief look at the top 5 cases this month.
On December 23, 2022, the cryptocurrency platform DeFrost announced that it had suffered a security breach due to a missing reentrancy lock in its flashloan() and deposit() functions.
This allowed an attacker to manipulate the share price of the LSWUSDC token, resulting in a gain of approximately $173,000 for the attacker. It was later discovered that the attacker had also exploited the protocol’s vaults by adding a fake collateral token and replacing the price oracle with a malicious one using the setOracleAddress() function.
This led to the liquidation of user collateral in DeFrost’s vaults, with an estimated loss of $12 million.
Over the past week, we have also carried out a deeper investigation on the DeFrost finance case, to ascertain whether this was an inside job as suspected.
Needless to say, our findings were beyond belief, with shocking revelations that the project itself had been funded by monies that had originated from a previous rug pull, where the founders stole $7 million. Among other implausible claims, DeFrost’s team alleged that all 4 of their multisig wallets had been compromised at the same time, and then used to deploy a malicious oracle.
As you can see from the timeline above, the plot runs so deep that a dedicated article on the case was in order.
To read the full details of the case, check out our full article here.
Block Data Reference
Attacker address:
Exploit transaction:
Sample transaction:
On 26 December 2022, some BitKeep multi-chain wallet users reported being affected by a hack on the APK version 7.2.9 of the app.
The hack was made possible due to a vulnerability in the API server used by the wallet app, which allowed the attacker to access the app’s database and steal critical user information such as private keys.
As a result, users have lost a total of $8 million in funds on BSC, Ethereum, TRON, and Polygon.
Block Data Reference
Attacker addresses:
On 10 December 2022, the decentralized finance (DeFi) platform Lodestar Finance suffered a security breach that exploited a vulnerability in its GMX Liquidity Pool Token (GLP) Oracle price logic.
Lodestar is a borrowing and lending protocol that is based on the Compound fork and was initially built and launched on the Arbitrum network. Its goal is to bring decentralized money markets to the Arbitrum community. According to reports, the attacker manipulated the plvGLP oracle price using flashloans to create a large plvGLP collateral position. The plvGLP token is a receipt token for users who stake GLP on Plutus DAO.
The attackers then increased the plvGLP/GLP exchange rate, resulting in significant borrowing power. They were then able to compound their borrowings through loops, effectively draining the protocol. The Lodestar team is currently working to address the vulnerability and compensate affected users.
The incident serves as a reminder of the importance of security in the DeFi space, and the need for protocols to carefully consider and address potential vulnerabilities, such as accepting lower liquidity tokens as collateral.
Block Data Reference
Attacker contract:
Attacker address:
Exploit TX:
On December 2, 2022, The Ankr protocol, a decentralized infrastructure with a robust ecosystem, fell victim to an exploit.
The staking contract on the BNB Chain was compromised through an access control vulnerability, allowing the attacker to replace the contract’s implementation with a malicious, unverified version.
As a result of this attack, the malicious contract was used to mint an enormous quantity of $aBNBc tokens — 10,000,000,000,000 to be precise. These tokens were then exchanged for 5,500 $BNB and 5,340,000 $USDC.
The attack has had a significant impact on the value of $aBNBc, with the token’s price dropping nearly 99%. Additionally, almost all of the liquidity has been drained from PancakeSwap and ApeSwap pools.
The stolen funds were largely transferred through TornadoCash, AnySwap, and CelerBridge, and at present, there is only 100 $BNB remaining in the attacker’s original address.
In response to the exploit, the implementation of the staking proxy has been replaced with a new, unverified version. It is imperative that users exercise caution and carefully verify any contracts before interacting with them to prevent similar losses from occurring in the future.
Block Data Reference
Attacker address:
Malicious transactions:
On December 16, 2022, the private key of the Pool Owner account was compromised, resulting in the theft of approximately $4.4 million worth of cryptocurrency from nine of Raydium’s constant product liquidity pools.
The affected pools were ETH-USDC, RAY-SOL, RAY-USDC, RAY-USDT, SOL-USDT, SOL-USDC, stSOL-USDC, UXP-USDC, and ZBC-USDC.
The attacker was able to drain the funds by repeatedly calling the withdrawPNL function, which allows for the withdrawal of fees from the pools.
To do so, they exploited the SetParams and AmmParams::SyncNeedTake functionality to increase the expected fees that could be withdrawn.
Block Data Reference
Pool owner account:
As can be seen from the scale of the losses in December, a large majority of losses were in rug pulls. This amounted to over $12 million being lost. Not far behind were phishing attacks, which amounted to $8 million in losses. Flash loan attacks rounded up the top 3, accounting for $5.8 million in losses.
The trend we observed last month of increasing recoveries of funds lost continues to take hold in December. A total of $12 million was recovered, making up more than a quarter of all funds lost this month. By comparison, only $1.2 million was recovered in December 2021.
Interestingly, the total amount of funds recovered in 2022 is significantly higher than that in 2021, at $901 million, as opposed to $648 million last year.
In terms of sheer frequency, rug pulls remain the most common type of exploit — while they tend to be much smaller in value lost per attack, they are also the lowest hanging fruit for DeFi projects to make a cash grab. A total of 3 rug pulls happened this month, marking a slowdown as compared to November 2022.
However, the fact that 15 cases of exploits happened this December implies that someone is losing money in at least one event every 2 days!
In terms of attack vectors, DEXes proved to be a popular target this month — this is unsurprising, given the large amount of liquidity usually locked on these protocols. Other popular targets include CeFi platforms and DeFi tokens; similar suspects to in November. DEXes also led the way in terms of amount lost, with $116.7m being lost in DEXes in December 2022.
Similarly to previous month, the BNB Chain unfortunately continues to be a rug pull hotspot, with the highest amount of funds being lost in December 2022 at $13.8 million. This is trailed in second place by Avalanche at $12.8 million, driven mainly by the large DeFrost case that we covered.
In terms of frequency, however, it is Ethereum that saw the highest number of exploits this month, despite a lower amount in total losses compared to BNB chain.
The decentralized finance (DeFi) space has always carried some level of risk, but it is important for investors to take steps to protect themselves and stay informed about potential threats. This is why education is crucial, and at De.Fi, we are dedicated to providing the necessary resources to help our users navigate this complex and constantly evolving space. It is our responsibility to stay vigilant and ensure that we are making informed investment decisions in the DeFi sector.
January 2 • 8 minutes
October 2025 saw a total of $38.63 million lost across nine distinct security incidents in both centralized and decentralized platforms.
October 29 • 5 minutes
The third quarter of 2025 marked yet another turbulent period for the DeFi and wider crypto ecosystem, with $434,124,000 lost to exploits, scams, and security failures across both centralized and decentralized platforms.
October 1 • 14 minutes
June 2025 witnessed another alarming month for Web3 security, with a total of $114,768,000 lost during 11 separate attacks
June 30 • 10 minutes
May 2025 saw both DeFi and CeFi security once again under attack, with $275,953,000 lost across just 8 recorded incidents
May 31 • 8 minutes
April 2025 witnessed a large escalation in exploit volume and value, with a massive $5,919,684,000 being stolen in 10 confirmed events.
April 30 • 10 minutes
Q1 2025 marked one of the worst quarters in blockchain exploit history, with total recorded losses topping $2,052,584,700 across 37 incidents
March 31 • 8 minutes
© De.Fi. All rights reserved.
