2022 was the year that emphasized the importance of self-custody, and in this week's retrospective, we revisit the top five security incidents and the lessons we've learned. These events will serve as a valuable reference in the future.

5) $625 million stolen in Ronin Network exploit

We'll start with the theft of $625 million through the exploitation of the Ronin Network in the spring of 2022. Players were earning tokens in the video game Axie Infinity, which was connected to the ethereum sidechain, Ronin Network. However, in March, an attacker hacked the network's private keys and exploited validator nodes, resulting in a loss of around $625 million. The attack was later linked to a North Korean hacking group known as Lazarus, and about $30 million was recovered in September.

The main lesson to learn from this incident is that the security of crypto projects is only as strong as their weakest link, which often refers to the underlying network infrastructure. Sidechains, bridges, and other forms of tokenization rely on trust, which needs to be minimized while dealing with third parties.

4) Celsius freezes for bankruptcy, leaving user funds stranded

In the fourth position, we have the incident where Celsius froze and left its users' funds stranded due to bankruptcy. This happened during a cold snap in summer when bitcoin prices had decreased by over 50% year-to-date, and lending platforms like Celsius were struggling.

Initially, Celsius suspended withdrawals and cited "extreme market conditions" while assuring users that it was working to stabilize liquidity. However, it later came to light that the issue was not with liquidity but rather the reserves. In July, Celsius declared bankruptcy, revealing a shortfall of $1.2 billion, and affected users can reportedly file claims until January.

The key takeaway from this event is that liquidity issues should not arise for exchanges and lending platforms if they genuinely possess the assets they claim to have. To understand the risks of obscured supply, check out this in-depth exploration of "fake bitcoin."

3) Tornado Cash developer arrested in Amsterdam

If conducted on-chain, transactions involving Bitcoin and other cryptocurrencies are publicly visible. Corporations and governments can now monitor fund movements between addresses due to blockchain analytics. However, there is one way to protect privacy: coin mixing.

In August, the US Treasury Department targeted Tornado Cash, an open-source mixing platform, alleging it was being used for money laundering. The ethereum-based platform was sanctioned, and developer Alexey Pertsev was arrested in Amsterdam a few days later for his supposed involvement. Pertsev is still being detained as of December 2022.

This event highlights that government officials frequently associate a desire for privacy with criminal activity, even though there are many legitimate reasons for wanting to maintain privacy. As nations address this issue in the years to come, one significant question to consider is whether open-source code is protected as free speech.

🔑 Key Insight: Government officials frequently conflate a desire for privacy with criminal activity, but there are many legitimate reasons for seeking privacy. This arrest raises many questions that nations will grapple with in years to come, but here's an important one: Is open-source code free speech?

2) Canada blacklists bitcoin addresses tied to trucker protest

At the beginning of 2022, a group of truckers and supporters started blockading border crossings from Canada into the US to protest against COVID-19 restrictions. Some of the supporters began fundraising to continue the protest.

However, the Canadian government was not receptive, and officials leveraged emergency powers to crack down on individuals affiliated with the demonstration. To do so, the government relied on institutions to freeze bank accounts and sanction bitcoin addresses linked to the convoy, even those who had simply donated to the cause.

🔑 Key Insight: Freezing protestors' financial assets is a significant action. While the bitcoin network remained unaffected, the government's reaction was significant and highlighted the importance of self-custody in safeguarding financial freedom, as argued in this op-ed by our CEO, Nick Neuman, in Fortune.

1) Game over for FTX

During his Congressional testimony earlier this month, new FTX CEO John Ray expressed his lack of trust in any of the exchange's documents, given its now-bankrupt status. Ray faces a challenging task, as the records are disorganized, and the cluster of affiliated entities and corporations is overwhelming. Additionally, former CEO Sam Bankman-Fried is due to appear in court.

Ultimately, the crucial fact since the company's mid-November bankruptcy is the loss of $8 billion of customer funds.

🔑 Key Insight: $8 billion is a staggering amount that can be difficult to grasp. To put it into perspective, imagine a professional sports team, complete with players, coaches, uniforms, concession stands, merchandise, and fans both in the arena and at home. Now, imagine that entire team ceasing to exist. That's how significant $8 billion is.