20 of the Biggest Cryptocurrency Scams of the Past Year

BadgerDAO, a decentralized finance, or DeFi, protocol that allows users to use bitcoin as collateral to secure loans has fallen victim to a large hack, with $120.3 million stolen from users of the protocol, according to security researchers PeckShield. One user had around 900 bitcoin ($50.8 million) worth of tokens stolen in a single transaction, and another lost $5 million worth of tokens, TheBlock reported.

It seems hackers were able to use a stolen API key to BadgerDAO’s account on Cloudflare, the project’s content delivery network, and managed to exploit the older “web 2.0” technology. Badger CEO has implored for the funds to be returned, though it was not reported whether the money was returned. Meanwhile, Badger began a recovery and restitution phase.

Ethereum-based lending DeFi platform Cream Finance allows users to loan and speculate on cryptocurrency price variations. It is known for drawing in billions of dollars in investor funds. StealthLab explained that “Hackers used flash loans, a type of uncollateralized lending, to exploit poorly protected protocols.” The hackers likely stole all of the company’s assets and tokens running on the ethereum blockchain.

Blockchain security firms PeckShield and SlowMist first detected the hack, and Cream Finance confirmed that its “ethereum C.R.E.A.M. v1 lending markets were exploited,” with the attacker removing a total of $130 million worth of tokens from these markets.

This was the third time Cream Finance was hacked in 2021, with $38 million worth of tokens stolen in February and $19 million to $29 million in August, depending on reports. All these attacks were flash loan exploits.

Decentralized cross-chain exchange Boy X Highspeed was hacked in November 2021, with the hackers making off with $139 million in November 2021. CEO Neo Wang said the hack was probably the result of a leaked administrator key and possibly an inside job. He further told CoinDesk that the hacker either “broke into the keyholder’s computer or might have been one of BXH’s technical staff.” The “inside job” theory is supported by findings from security firm PeckShield.

The company set up a total reward of $10 million to those who help identify the hackers and retrieve the funds and offered the hackers a reward if they return the money. BXH also plans to return all stolen funds to users if the money is returned.

Play-to-earn (P2E) games platform Vulcan Forged Hackers was hacked in December, with the hackers stealing 4.5 million PYR, the platform’s native token, worth $140 million at the time, according to the company’s announcement and reports. The platform, which also runs a decentralized exchange and a non-fungible token marketplace, said the attacker gained access to the private keys (which function like digital signatures) of 96 wallets and proceeded to empty them.

While the platform offered a $500,000 bounty on information that would help identify the attacker, it proceeded meanwhile to reimburse nearly all affected wallets using Vulcan Forged’s treasury, a fund that crypto projects use to save money for crises.

Bitmart, a crypto trading platform, claimed to be hacked on Dec.4, 2021, with the hackers withdrawing $150 million worth of altcoins. According to CNBC, however, blockchain security and data analytics firm Peckshield estimates the loss at closer to $200 million in 20 different tokens, including binance coin, safemoon, and shiba inu.

The security breach was mainly caused by a stolen private key, the exchange said, affecting its ethereum and binance smart chain “hot wallets” — a wallet connected to the internet that allows owners relatively easy access to their coins at the expense of potential exposure.

Though BitMart said it will “use our own funding to cover the incident and compensate affected users,” as of January, many victims say they have yet to see the funds returned. Some have questioned why BitMart is not using its insurance to reimburse the stolen funds.