Private Key Compromise attacks in 2022

An owner-key compromise added a fake collateral token to Defrost Finance on Avalanche, liquidating all positions for ~$12M. Most funds were returned to users.

$4.4M drained from Raydium's Solana liquidity pools after malware stole the pool-admin private key, then used admin functions to withdraw fees.

Stolen Ankr developer key let an attacker mint 60 trillion aBNBc, which Helio accepted as collateral to lend out $16M of HAY before Binance froze $3M.

Attacker drained $28M from Deribit BTC/ETH/USDC hot wallets; the largest crypto-options exchange covered it from its balance sheet, cold storage untouched.

Wintermute lost $160M from a hot wallet whose Profanity-generated vanity address used a 32-bit PRNG seed that let any 'random' key be brute-forced. They knew.

~9,231 Solana wallets lost $4.1M after Slope Wallet's app logged users' seed phrases in plain text to a Sentry server, traced back via on-chain forensics.

Validator private-key compromise drained 173,600 ETH and 25.5M USDC from the Ronin bridge — the largest crypto hack at the time.

A private-key compromise drained $10M from Dego Finance across Ethereum and BNB Chain, sweeping liquidity pools and user wallets with active token approvals.