For an ecosystem, October proved to be nothing short of spooky, with as many as 44 attacks affecting at least 53 protocols and resulting in losses of $657.2 million.
At least $100 million has already been refunded to abused platforms, which is sort of a silver lining. However, losses in 2022 have reached about $3 billion, or double those of last year, at the end of what some are dubbed "Hacktober," according to security firm Peckshield.
Losses in October were caused by a variety of factors, such as wallets that had been hacked or otherwise compromised for vulgarity, insecure smart contract code, unaccounted-for game theory underlying protocol functionality, exploited cross-chain bridges, and oracle price manipulation.
The BNB chain had a hard fork to improve security after an unidentified hacker stole $100 million via a weakness in the platform's cross-chain bridge, one of the targeted protocols.
The solution did not come easily for fraudulent cryptocurrency lender Mango Markets. Avaraham Eisenburg, a well-known attacker, asserted that the exploit's methods were legitimate. Following a vote by the neighborhood, a deal was reached, Eisenburg received $47 million for his work, and $67 million was given back to the project.
Other initiatives had less success in recouping lost funds.
On its DeFi platform, cryptocurrency market creator WinterMute experienced a cyberattack that cost $160 million, but CEO Evgeny Gaevoy laughed off the loss and said the company was still solvent with more than twice that amount in equity.
FriesDAO, a decentralized autonomous organization, lost $2.3 million as a result of its reliance on an unreliable profanity-based wallet, a rather well-known attack method among bad actors.
Hackers also targeted Team Finance, stealing almost $15.8 million in tokens from the system by exploiting a flaw in the protocol during the conversion from Version 2 to Version 3.
Hackers stole $1.45 million in tokens from a smart contract used for the staking functionalities of the multi-chain cryptocurrency wallet service UvToken and delivered them to the authorized crypto mixer Tornado Cash.
The solution was scorched earth in the case of the NFT platform LiveArt. After hackers stole the assets from the business' Treasury Wallet 2, a wallet intended to hold assets for marketing and promotional efforts, it decided to burn 197 Seven Treasures NFTs and make up purchasers.