Topic: DeFi hacks [history] - page 13. (Read 19375 times)
The list of hacks is quite impressive, although everyone says that decentralized exchanges are safe, and statistics say the opposite, there are hackers who withdraw huge amounts, so there is no 100% confidence anywhere in the crypto world.
Crypto-Related Crime Hit Record $14B in 2021—But Shrank by Volume: Chainalysis
Crypto scammers bagged a whopping $14 billion last year. Still, crime is becoming a much smaller part of the industry.
Andrew Asmakov(C)
https://decrypt.co/89854/crypto-related-crime-hit-record-high-14b-2021-chainalysis
"As Chainalysis reported last month, revenues from crypto scams in 2021 were up 81% on the previous year (corrected to 82% in today’s report) to $7.8 billion.
Of this total, so-called rug pulls—a malicious practice where developers build a seemingly legitimate crypto project only to get away with investors' money—accounted for 37% of all crypto scam revenue, or more than $2.8 billion.
“Many investors could likely have avoided losing funds to rug pulls if they’d stuck to DeFi projects that have undergone a code audit—or if [decentralized exchanges] required code audits before listing tokens,” Chainalysis said.
Cryptocurrency theft grew even more, according to the report, with about $3.2 billion worth of crypto stolen in 2021—a staggering 516% increase compared to 2020."
Crypto Crime Trends for 2022: Illicit Transaction Activity Reaches All-Time High in Value, All-Time Low in Share of All Cryptocurrency Activity
https://blog.chainalysis.com/reports/2022-crypto-crime-report-introduction/
Crypto Scam Revenue Up 81% in 2021, Hits $7.7 Billion: Chainalysis
DeFi rug pulls accounted for 37% of all crypto scam revenue in 2021, up from 1% in 2020, according to the blockchain data platform.
https://decrypt.co/88453/crypto-scam-revenue-hit-7-7-billion-2021-chainalysis
Crypto scammers bagged a whopping $14 billion last year. Still, crime is becoming a much smaller part of the industry.
Andrew Asmakov(C)
https://decrypt.co/89854/crypto-related-crime-hit-record-high-14b-2021-chainalysis
"As Chainalysis reported last month, revenues from crypto scams in 2021 were up 81% on the previous year (corrected to 82% in today’s report) to $7.8 billion.
Of this total, so-called rug pulls—a malicious practice where developers build a seemingly legitimate crypto project only to get away with investors' money—accounted for 37% of all crypto scam revenue, or more than $2.8 billion.
“Many investors could likely have avoided losing funds to rug pulls if they’d stuck to DeFi projects that have undergone a code audit—or if [decentralized exchanges] required code audits before listing tokens,” Chainalysis said.
Cryptocurrency theft grew even more, according to the report, with about $3.2 billion worth of crypto stolen in 2021—a staggering 516% increase compared to 2020."
Crypto Crime Trends for 2022: Illicit Transaction Activity Reaches All-Time High in Value, All-Time Low in Share of All Cryptocurrency Activity
https://blog.chainalysis.com/reports/2022-crypto-crime-report-introduction/
Crypto Scam Revenue Up 81% in 2021, Hits $7.7 Billion: Chainalysis
DeFi rug pulls accounted for 37% of all crypto scam revenue in 2021, up from 1% in 2020, according to the blockchain data platform.
https://decrypt.co/88453/crypto-scam-revenue-hit-7-7-billion-2021-chainalysis
Over 4,000 ‘Criminal Whales’ Hold $25 Billion Worth of Crypto: Report
Criminal crypto balances surged from $3 billion to $11 billion, mostly due to the crypto market's rise in 2021 but also an increase in hacks.
https://decrypt.co/92995/over-4000-criminal-whales-hold-25-billion-worth-crypto-report
"New Chainalysis data has found that 4,068 “criminal whales” hold $25 billion worth of cryptocurrency. The firm defines criminal crypto whales as any private wallet that holds $1 million or more of cryptocurrency and has received 10% or more of those funds through illicit addresses. (In other words, not all of that $25 billion is illicit.)"
Criminal crypto balances surged from $3 billion to $11 billion, mostly due to the crypto market's rise in 2021 but also an increase in hacks.
https://decrypt.co/92995/over-4000-criminal-whales-hold-25-billion-worth-crypto-report
"New Chainalysis data has found that 4,068 “criminal whales” hold $25 billion worth of cryptocurrency. The firm defines criminal crypto whales as any private wallet that holds $1 million or more of cryptocurrency and has received 10% or more of those funds through illicit addresses. (In other words, not all of that $25 billion is illicit.)"
The DeFi team of the Dego protocol reports the hacking of its address providing liquidity on UniSwap and PancakeSwap and the liquidity for Dego pairs has been withdrawn, the team reports that the incident is being investigated and the amount of losses is being determined.
Here is another message about the attack, it seems that the DeFi QiDao Protocol project lost tokens for a total of $13 million, thanks to the exploit, hackers managed to withdraw tokens QI, WETH, USDC, SDT, MOCA, STACK, sdam3CRV and MATIC. Although the project team itself recognizes the fact of the exploit, but claims that users' funds are safe, but analysts see a different picture. 
The DeFi Meter project lost about $4.3 million as a result of a hacker attack, 1391 ETH and 2.74 BTC were withdrawn from the project, as the developers said, the hacker used the vulnerability of the automatic unpacking of gas tokens in the protocol, such as ETH and BNB.
DeFi the KLAYswap project announced a hacking incident, as a result of which the project lost about 2.2 billion KRW, or about $1.83 million, the hacker managed to create a third-party js link on the KLAYswap external interface, as a result of which the user was sent to a fake KLAYswap page.
Details are here: https://medium.com/klayswap/klayswap-incident-report-feb-03-2022-f20ba2d8e4dd
Details are here: https://medium.com/klayswap/klayswap-incident-report-feb-03-2022-f20ba2d8e4dd
It looks like cross-blockchain bridge Wormhole was hacked as a result of the exploit and, according to preliminary estimates, lost more than $326 million. dev's Wormhole itself confirmed a total loss of 120,000 ETH and announced that funds would be added to the bridge to stop the wrapped ETH on Solana. This is one of the biggest hacks in the history of DeFi.
https://www.coindesk.com/tech/2022/02/02/blockchain-bridge-wormhole-suffers-possible-exploit-worth-over-250m/
UPD: The venture capital company Jump Crypto, which owns Certus One, which is the developer of the Wormhole cross-chain bridge, announced that it has invested 120,000 ETH in the Solana-Ethereum bridge. All funds have been restored, Wormhole has been restored. The ETH contract is filled and all wETH are secured 1:1.
https://www.coindesk.com/tech/2022/02/02/blockchain-bridge-wormhole-suffers-possible-exploit-worth-over-250m/
UPD: The venture capital company Jump Crypto, which owns Certus One, which is the developer of the Wormhole cross-chain bridge, announced that it has invested 120,000 ETH in the Solana-Ethereum bridge. All funds have been restored, Wormhole has been restored. The ETH contract is filled and all wETH are secured 1:1.
Qubit Finance, X-Bridge $80M
Binance Smart Chain, Ethereum Crypto Bridge Hacked for $80 Million
https://decrypt.co/91447/binance-smart-chain-ethereum-crypto-bridge-hacked-80-million
"An exploit in decentralized finance (DeFi) protocol Qubit Finance enabled one hacker to walk away with $80 million in stolen crypto yesterday.
The specific smart contract flaw that enabled the attack was located in X-Bridge, a cross-chain bridge that facilitates easy token swaps between Ethereum and Binance Smart Chain. "
Binance Smart Chain, Ethereum Crypto Bridge Hacked for $80 Million
https://decrypt.co/91447/binance-smart-chain-ethereum-crypto-bridge-hacked-80-million
"An exploit in decentralized finance (DeFi) protocol Qubit Finance enabled one hacker to walk away with $80 million in stolen crypto yesterday.
The specific smart contract flaw that enabled the attack was located in X-Bridge, a cross-chain bridge that facilitates easy token swaps between Ethereum and Binance Smart Chain. "
Every day, a new hack now, on January 10, hackers managed to withdraw 165.2 million LMT tokens worth approximately $18.2 million from the hot wallets of the sports NFT platform Lympo (daughter of Animoca Brand), according to the developers , the following wallets were compromised:
https://etherscan.io/address/0x5D32b87A43a2bd1f7df209d2F475b165d2c09E24
https://etherscan.io/address/0x526232F70b97938E19394e57BC5eE1d5d929074e
https://etherscan.io/address/0xB0a60eBA24f6CF18CFDED0672c5C7a7529DcC342
https://etherscan.io/address/0x934dd62782BFe4a8E3f096E014266e5F5adc1b2a
https://etherscan.io/address/0x877eECC3Ae4Bb28f048c16CD65A44cDE025345a1
https://etherscan.io/address/0x36d97147cF8E1B75254748Cf0A102316fCc61697
https://etherscan.io/address/0xA432C0081307733e801Ea7877e725F4E0adfbBfF
https://etherscan.io/address/0x4b936321b0E3E2d919412502B6aDA09E9b7d484b
https://etherscan.io/address/0x75912Da145cA00092AF317F8c3A84073A5665256
https://etherscan.io/address/0x4C801611cdaB559861d4dB24155927F903DEa02A
source: https://twitter.com/Lympo_io/status/1480582931794083842
https://medium.com/lympo-official/lympo-statement-to-the-community-914d6b453b1f
https://etherscan.io/address/0x5D32b87A43a2bd1f7df209d2F475b165d2c09E24
https://etherscan.io/address/0x526232F70b97938E19394e57BC5eE1d5d929074e
https://etherscan.io/address/0xB0a60eBA24f6CF18CFDED0672c5C7a7529DcC342
https://etherscan.io/address/0x934dd62782BFe4a8E3f096E014266e5F5adc1b2a
https://etherscan.io/address/0x877eECC3Ae4Bb28f048c16CD65A44cDE025345a1
https://etherscan.io/address/0x36d97147cF8E1B75254748Cf0A102316fCc61697
https://etherscan.io/address/0xA432C0081307733e801Ea7877e725F4E0adfbBfF
https://etherscan.io/address/0x4b936321b0E3E2d919412502B6aDA09E9b7d484b
https://etherscan.io/address/0x75912Da145cA00092AF317F8c3A84073A5665256
https://etherscan.io/address/0x4C801611cdaB559861d4dB24155927F903DEa02A
source: https://twitter.com/Lympo_io/status/1480582931794083842
https://medium.com/lympo-official/lympo-statement-to-the-community-914d6b453b1f
Animoca Brands’ Lympo NFT platform hacked for $18.7 million
https://cointelegraph.com/news/animoca-brands-lympo-nft-platform-hacked-for-18-7-million
"The sports NFT minting platform suffered a hot wallet security breach across several project wallets, losing $18 million worth of LMT.
Sports nonfungible token (NFT) minting platform and Animoca Brands subsidiary Lympo suffered a hot wallet security breach and lost 165.2 million LMT tokens worth $18.7 million at the time of the hack."
Because of developer incompetence, many DeFi projects get hacked.
Every day, a new hack now, on January 10, hackers managed to withdraw 165.2 million LMT tokens worth approximately $18.2 million from the hot wallets of the sports NFT platform Lympo (daughter of Animoca Brand), according to the developers , the following wallets were compromised:
https://etherscan.io/address/0x5D32b87A43a2bd1f7df209d2F475b165d2c09E24
https://etherscan.io/address/0x526232F70b97938E19394e57BC5eE1d5d929074e
https://etherscan.io/address/0xB0a60eBA24f6CF18CFDED0672c5C7a7529DcC342
https://etherscan.io/address/0x934dd62782BFe4a8E3f096E014266e5F5adc1b2a
https://etherscan.io/address/0x877eECC3Ae4Bb28f048c16CD65A44cDE025345a1
https://etherscan.io/address/0x36d97147cF8E1B75254748Cf0A102316fCc61697
https://etherscan.io/address/0xA432C0081307733e801Ea7877e725F4E0adfbBfF
https://etherscan.io/address/0x4b936321b0E3E2d919412502B6aDA09E9b7d484b
https://etherscan.io/address/0x75912Da145cA00092AF317F8c3A84073A5665256
https://etherscan.io/address/0x4C801611cdaB559861d4dB24155927F903DEa02A
source: https://twitter.com/Lympo_io/status/1480582931794083842
https://medium.com/lympo-official/lympo-statement-to-the-community-914d6b453b1f
https://etherscan.io/address/0x5D32b87A43a2bd1f7df209d2F475b165d2c09E24
https://etherscan.io/address/0x526232F70b97938E19394e57BC5eE1d5d929074e
https://etherscan.io/address/0xB0a60eBA24f6CF18CFDED0672c5C7a7529DcC342
https://etherscan.io/address/0x934dd62782BFe4a8E3f096E014266e5F5adc1b2a
https://etherscan.io/address/0x877eECC3Ae4Bb28f048c16CD65A44cDE025345a1
https://etherscan.io/address/0x36d97147cF8E1B75254748Cf0A102316fCc61697
https://etherscan.io/address/0xA432C0081307733e801Ea7877e725F4E0adfbBfF
https://etherscan.io/address/0x4b936321b0E3E2d919412502B6aDA09E9b7d484b
https://etherscan.io/address/0x75912Da145cA00092AF317F8c3A84073A5665256
https://etherscan.io/address/0x4C801611cdaB559861d4dB24155927F903DEa02A
source: https://twitter.com/Lympo_io/status/1480582931794083842
https://medium.com/lympo-official/lympo-statement-to-the-community-914d6b453b1f
Some results of 2021
The Biggest DeFi Hacks of 2021 until May 2021
https://www.cybavo.com/blog/defi-hacks-2021/
DeFi Has Accounted for Over 75% of Crypto Hacks in 2021
https://finance.yahoo.com/news/defi-accounted-over-75-crypto-140000154.html
Biggest Defi Hack in 2021
Poly Network Suffers Record-Breaking $600.3 Million Hack
https://decrypt.co/78163/polynetwork-suffers-record-breaking-600-3m-hack
#RugPull PeckShield has detected that Metaswap Gas (MGAS) soft-rugged, the stolen funds (1,100 BNB) are transfered to TornadoCash
https://twitter.com/peckshield/status/1475331156459790336?
#RugPull PeckShield has detected that METADAO rugged, the stolen funds (800 Ether) are transferred to @TornadoCash
(#Ethereum). DO NOT STAKE in this contract and if you've approved it, REVOKE
https://twitter.com/PeckShieldAlert/status/1475434691939520523?
Tinyman - the amount of hacking is unknown
Official Announcement About the Incidents of 01.01.2022
https://tinymanorg.medium.com/official-announcement-about-the-incidents-of-01-01-2022-56abb19d8b19
"When the attack began, total liquidity in Tinyman was around 43 million USD, only to be reduced to around 20 million even hours after the attack. Following our advice, projects and users have begun removing their liquidities, which brought the total number down to 5 million USD. It is crucial to realize that the difference between the 43 million USD and the current number is not a lost amount, a huge portion of this amount was reclaimed by the users and is totally safe in their wallets."
[moderator's note: consecutive posts merged]
The Biggest DeFi Hacks of 2021 until May 2021
https://www.cybavo.com/blog/defi-hacks-2021/
DeFi Has Accounted for Over 75% of Crypto Hacks in 2021
https://finance.yahoo.com/news/defi-accounted-over-75-crypto-140000154.html
Biggest Defi Hack in 2021
Poly Network Suffers Record-Breaking $600.3 Million Hack
https://decrypt.co/78163/polynetwork-suffers-record-breaking-600-3m-hack
#RugPull PeckShield has detected that Metaswap Gas (MGAS) soft-rugged, the stolen funds (1,100 BNB) are transfered to TornadoCash
https://twitter.com/peckshield/status/1475331156459790336?
#RugPull PeckShield has detected that METADAO rugged, the stolen funds (800 Ether) are transferred to @TornadoCash
(#Ethereum). DO NOT STAKE in this contract and if you've approved it, REVOKE
https://twitter.com/PeckShieldAlert/status/1475434691939520523?
Tinyman - the amount of hacking is unknown
Official Announcement About the Incidents of 01.01.2022
https://tinymanorg.medium.com/official-announcement-about-the-incidents-of-01-01-2022-56abb19d8b19
"When the attack began, total liquidity in Tinyman was around 43 million USD, only to be reduced to around 20 million even hours after the attack. Following our advice, projects and users have begun removing their liquidities, which brought the total number down to 5 million USD. It is crucial to realize that the difference between the 43 million USD and the current number is not a lost amount, a huge portion of this amount was reclaimed by the users and is totally safe in their wallets."
[moderator's note: consecutive posts merged]
Polygon developers revealed a case of theft committed by a hacker on December 4 of 801,601 MATIC tokens worth more than $2 million, which was made possible thanks to an exploit in the smart contract Polygon, which was reported on December 3 by @leonspacewalker, which later received with another user, whose name is not called, a reward of $3.46 million for reporting a bug.
source: https://blog.polygon.technology/all-you-need-to-know-about-the-recent-network-upgrade/?utm_source=Twitter-Main&utm_medium=Tweet&utm_campaign=Tier-1-Announcement
source: https://blog.polygon.technology/all-you-need-to-know-about-the-recent-network-upgrade/?utm_source=Twitter-Main&utm_medium=Tweet&utm_campaign=Tier-1-Announcement
$8.8M is not big but not small.
I wonder that will the Visor Finance team will do compensation for their users. If they seriously compensate for their users, they will have to sacrifice their income in many months and in the same time, they will have to pay cost for staffs, developments, operations, maintenance and other things to keep their DeFi platform up and run.
It is not a good thing and it's bad to see it happened around Christmas which should be a peaceful period for all.
I wonder that will the Visor Finance team will do compensation for their users. If they seriously compensate for their users, they will have to sacrifice their income in many months and in the same time, they will have to pay cost for staffs, developments, operations, maintenance and other things to keep their DeFi platform up and run.
It is not a good thing and it's bad to see it happened around Christmas which should be a peaceful period for all.
There are also reports that the Visor protocol (Visorfinance) was attacked using a re-entry exploit and lost over 8.8 million VISR tokens, which as of this event was estimated at about $8.8 million, after that the price fell from $1 to $0.02, after which the project team announced the migration of user funds to a new contract to restore them
https://twitter.com/peckshield/status/1473315405498576901
https://visorfinance.medium.com/?p=7920e1dee55a
Visor Finance -$8.8Mhttps://twitter.com/peckshield/status/1473315405498576901
https://visorfinance.medium.com/?p=7920e1dee55a
Visor Finance Suffers DeFi Hack: Lost 8.8 million VISR tokens
https://blog.coincodecap.com/visor-finance-suffers-defi-hack
VISOR Finance Suffers DeFi Hack $8.2M Lost | Bitcoin News
https://medium.com/coinmonks/visor-finance-suffers-defi-hack-8-2m-lost-bitcoin-news-4a80e99199f0
There are also reports that the Visor protocol (Visorfinance) was attacked using a re-entry exploit and lost over 8.8 million VISR tokens, which as of this event was estimated at about $8.8 million, after that the price fell from $1 to $0.02, after which the project team announced the migration of user funds to a new contract to restore them
https://twitter.com/peckshield/status/1473315405498576901
https://visorfinance.medium.com/?p=7920e1dee55a
https://twitter.com/peckshield/status/1473315405498576901
https://visorfinance.medium.com/?p=7920e1dee55a
for a link to 1 post.
Grim Finance Hacked for $30 Million in Fantom Tokens
Grim Finance is the latest DeFi protocol to be hit by an exploit.
https://decrypt.co/88727/grim-finance-hacked-30-million-fantom-tokens
https://cryptobriefing.com/fantom-defi-project-grim-finance-suffers-30m-hack/
Vulcan Forged-$140M
https://twitter.com/VulcanForged/status/1470365117774770180
https://www.theblockcrypto.com/post/127270/96-private-keys-stolen-from-vulcan-forged-in-140-million-theft
Gelato-$26M
https://twitter.com/gelatonetwork/status/1470289886406004736
8IGHT FINANCE- $1.75M
https://rekt.news/8ight-finance-rekt/
The next victim of hackers in the DeFi segment was the Grim Finance platform, losses are estimated at more than $30 million, developers have suspended deposits and recommend users to withdraw their funds urgently.
https://twitter.com/financegrim/status/1472357770846519312
With a name like the platform, investors needed to be more circumspect
https://twitter.com/financegrim/status/1472357770846519312
With a name like the platform, investors needed to be more circumspect
Grim Finance Hacked for $30 Million in Fantom Tokens
Grim Finance is the latest DeFi protocol to be hit by an exploit.
https://decrypt.co/88727/grim-finance-hacked-30-million-fantom-tokens
https://cryptobriefing.com/fantom-defi-project-grim-finance-suffers-30m-hack/
Vulcan Forged-$140M
https://twitter.com/VulcanForged/status/1470365117774770180
https://www.theblockcrypto.com/post/127270/96-private-keys-stolen-from-vulcan-forged-in-140-million-theft
Gelato-$26M
https://twitter.com/gelatonetwork/status/1470289886406004736
8IGHT FINANCE- $1.75M
https://rekt.news/8ight-finance-rekt/
BadgerDAO reveals the details of the hacker attack that allowed the theft of $120 million, everything boils down, in their opinion, to the unauthorized use of API keys of the Cloudflare Workers service.
The full technical analysis from the BadgerDAO team is here: https://badger.com/technical-post-mortem
Personally, one bad experience was enough for me using API keys to access an account on the yobit garbage exchange four years ago, after which I lost 0.5 BTC, but it was my funds, and here such a number of users and such vulnerability suffered, IMHO here is completely the fault of the developers.
The next victim of hackers in the DeFi segment was the Grim Finance platform, losses are estimated at more than $30 million, developers have suspended deposits and recommend users to withdraw their funds urgently.
https://twitter.com/financegrim/status/1472357770846519312
With a name like the platform, investors needed to be more circumspect
[moderator's note: consecutive posts merged]
The full technical analysis from the BadgerDAO team is here: https://badger.com/technical-post-mortem
Personally, one bad experience was enough for me using API keys to access an account on the yobit garbage exchange four years ago, after which I lost 0.5 BTC, but it was my funds, and here such a number of users and such vulnerability suffered, IMHO here is completely the fault of the developers.
The next victim of hackers in the DeFi segment was the Grim Finance platform, losses are estimated at more than $30 million, developers have suspended deposits and recommend users to withdraw their funds urgently.
https://twitter.com/financegrim/status/1472357770846519312
With a name like the platform, investors needed to be more circumspect
[moderator's note: consecutive posts merged]
Jump to: