Topic: DeFi hacks [history] - page 16. (Read 19555 times)

A phishing attack on the issue of tokens of the NFT-project Aurory Project on the Solana blockchain allowed the attacker to withdraw from the wallets of the victims of cryptocurrency and NFT, according to various estimates, from $500,000 to $1.1 million. https://cryptonews.net/en/1635083/

How convenient to hack platforms for fun, they must not have noticed this is a question of public funds safely and the integrity and trustworthiness of the project in question, it is better they look for other ways of having fun than to mess around with people's investment, I don't see what's funny here especially when the reverse is the case.

Cream Finance-19M
Cream Finance DeFi platform loses $19M in a flash loan hack
https://cointelegraph.com/news/cream-finance-defi-platform-loses-19m-in-a-flash-loan-hack

https://twitter.com/CreamdotFinance/status/1432249771750686721?
"PeckShield specified that the hacker exploited the Amp token by reborrowing assets during its transfer before updating the first to borrow in 17 separate transactions. Providing an example transaction, the security firm stated, “The hacker makes a flashloan of 500 ETH and deposit the funds as collateral. Then the hacker borrows 19M $AMP and makes use of the reentrancy bug to re-borrow 355 ETH inside $AMP token transfer. Then the hacker self-liquidates the borrow.”"


xToken- 4,5M
"On 29 August at 04:43 UTC, a vulnerability in our xSNX contract was exploited. We estimate the loss to holders at $4.5 million. We are incredibly disappointed in ourselves and deeply sorry to our community."
https://medium.com/xtoken/xsnx-post-mortem-666d35071f38

---

https://twitter.com/CreamdotFinance/status/1432909465104240641
"At approximately 12pm on 31st August (UTC +8), C.R.E.A.M. Finance was exploited for 462,079,976 in AMP tokens and 2,804.96 ETH tokens.

Stolen tokens will be replaced. We will commit to allocating 20% of all protocol fees toward repayment until this debt is fully paid."

C.R.E.A.M. Finance Post Mortem: AMP Exploit
https://medium.com/cream-finance/c-r-e-a-m-finance-post-mortem-amp-exploit-6ceb20a630c5

[moderator's note: consecutive posts merged]

The hacker managed to withdraw almost $25 million during the latest flash credit exploit of the Cream Finance protocol using the error of re-entering the AMP token contract. https://cointelegraph.com/news/cream-finance-defi-platform-loses-19m-in-a-flash-loan-hack

Maze Protocol -  4 million US dollars

"The BSC project Maze Protocol was attacked by hackers, and more than 4 million US dollars were suspected to be stolen. Certik also audited and issued a report."

https://twitter.com/WuBlockchain/status/1425970290660544515

"Maze Protocol：The hacker exploited a leak that allowed borrowing assets based on users’ collateral and sending funds directly to the attacker’s address.
The asset pools have been frozen to prevent more attacks. The remaining funds are safe. The website is temporarily shut down."
https://twitter.com/WuBlockchain/status/1425970973900083204

---

https://medium.com/daomaker/dao-maker-compensation-plan-b7a76a312c30
DAO Maker Compensation Plan

"
Phase 1: The SHO Must Go On
500 USDC will be airdropped to all affected users’ wallets without delay.

Phase 2: Remaining 65% Refund & Liquid IOU Tokens
Given that the net exploited amount was $7M, the amount due (after the $2.5M deposit to users’ escrow) equals $4.5M. This $4.5M will be provided to users in exactly one year’s time in the form of DAO tokens at the future market price.
"

---

https://decrypt.co/78802/ethereum-dex-avoids-350m-defi-hack-thanks-white-hat-heroics
Ethereum DEX Avoids $350M DeFi Hack Thanks to White Hat Heroics: Report

"In brief
SushiSwap’s MISO token sale platform had an exploit that could have been used to steal $350 million worth of Ethereum.
A crypto researcher from VC firm Paradigm says he discovered the exploit yesterday and worked with SushiSwap to neutralize the threat."

---

https://decrypt.co/79307/polynetwork-make-affected-users-whole-resume-functionality

PolyNetwork to Make Affected Users Whole, Resume Functionality
"Following the record-breaking hack, the crypto project platform is now returning lost funds to affected users."

https://twitter.com/PolyNetwork2/status/1429738587046563841

"Today’s announcement from PolyNetwork appears to close the chapter on the historic heist. Least until the next hack."

[moderator's note: consecutive posts merged]

The issue of defi hack is becoming one too many,  people are likely going to desist from participating in defi investment.  But another angle to all these issues is the lessons that must be learned through all these events.  I expect the defi space to be stronger and better as we experiment this laudable idea of decentralized finance!

I guess they are already rich or they are not really criminals because they cannot pull out this kind of deed, it saves the market from dipping, this kind of news is what makes the market dip and what makes the market grow, I hope criminals will learn from this one, that the whole community will go after them and make them pay if they continue these activities.

https://decrypt.co/78355/poly-network-hacker-returns-million

Poly Network Hacker Returns $342 Million
The largest crypto hack in history might have a happy ending after all as Poly Network sees more than half of the stolen funds returned.

https://decrypt.co/78364/poly-network-hacker-says-exploit-was-just-for-fun
Poly Network Hacker Says Exploit Was Just ‘For Fun’
The Poly Network hacker denies evil intent and says they wanted to teach the project a lesson.

---

New hack, new post!

DAO Maker Statement — Thursday, 12th of August
https://medium.com/daomaker/dao-maker-statement-thursday-12th-of-august-2c3bb0d1bb69

"The cybercriminal, after tentatively testing this exploit and managing to steal 10,000 USDC, then proceeded to quietly make 15 more transactions.
In this manner, the hacker was able to siphon approximately $7M, until our security team was able to trace, contain and stop the drain of funds. A total of 5251 users were affected, losing $1250 USD on average per user."

[moderator's note: consecutive posts merged]

And the $3 million was frozen by Tether already.

Yeah, I do agree that it destroys Poloy Network face value because of this attack, so it might be hard for their platform to bounce back.

Anyhow, let's hope that the hackers will send back more, if there IP address is exposed, then sooner or later they can be track and identified and arrested.

It was mentioned that the hacker's IP address and other information had been uncovered and maybe this is what scared them into returning those funds. Every centralized exchange will be monitoring their addresses and it would be difficult for them to cash out into fiat.

The hack probably destroys any confidence in Poly Network but at least investors have a chance to recover what they lost.

hopefully they will did it , but with hundred millions someone will tempted with money. since the beginning hacker goals want to take money from network vulnerability that exposed and they have communication with developerst team. this is will make doubt they will send money back. actually with this skills , these hacker could earn  money from several project. they just need to exploit and report it so will get money legall.

I heard about these comments about the hackers returning the coins, but is it really true that they will be refunding all the coins that they hacked. I really doubt that, if the hackers wanted to help the network they would have done that and asked for a bounty to save the network for good and now the reputation of Poly Network is down the drains and what is the point of all this other than showing off if they really return all the funds.

I just remembered some of these stupid hacks but kucoin was the one that hurts me the most As this mostly happens smart contracts have to be completely changed and team really super it the most and then sometimes or even all the time coins dumps like hell and investors take serious hit...I really hope there is a way for addressing refund or locking user account

https://decrypt.co/78270/poly-network-hacker-repays-2-1-million-says-ready-return-fund

Poly Network Hacker Repays Millions, Says ‘Ready to Return the Fund’
"The unknown Poly Network hacker has begun returning funds stolen from yesterday’s record-breaking exploit.

The attacker responsible for yesterday’s $600 million hack of decentralized finance (DeFi) interoperability protocol Poly Network sent nearly $5 million worth of crypto back to the project."

Yes, keeping funds in the pools of Defi projects using them for passive income becomes quite dangerous, the hacker left a message that he could withdraw much more, but did not do it and saved the project https://etherscan.io/tx/0x552bc0322d78c5648c5efa21d2daa2d0f14901ad4b15531f1ab5bbe5674de34f , another message from him that he was ready to return the stolen. https://etherscan.io/tx/0x7b6009ea08c868d7c5c336bf1bc30c33b87a0eedd59dac8c26e6a8551b20b68a

 

I read it is one of the largest hack, if not the largest so far.
People should be careful how they invest in  projects. In Crypto space, only put your funds in well decentralized, well tested and secured projects. It's a space that depends on the security of decentralization in place of traditional governments... You should demand true decentralization or don't invest atall.

Invest but don't gamble. 
  Will continue to emphasize on the importance of sticking to crypto ideals when you are in Crypto space, so we don't have too many regrets

https://decrypt.co/78163/polynetwork-suffers-record-breaking-600-3m-hack
PolyNetwork Suffers Record-Breaking $600.3 Million Hack
"PolyNetwork has suffered an exploit today. The attacker has made off with at least $600.3 million in stolen funds.

Multi-chain interoperability protocol Poly Network fell victim to an exploit today, resulting in the loss of roughly $600 million worth of various cryptocurrencies, the platform's developers revealed."
https://twitter.com/PolyNetwork2/status/1425073987164381196?

Personally I was a victim of one defi hack. I lost about 100$. It was a farm on Polygon called Polyyeld. I invested in a pool USDC-YELD and at first everything was ok and I wish I had taken my money away when I was in profit. But then I lost and decided to hodl. And some time later they launched a layer 2, as a result a vulnerability appeared there. Then it was a hack and somebody made up a huge amount of native tokens.

This kind of stuff is sad, people put their trust and hard earned money into projects and hackers take advantage by hacking these projects. Although it’s the fault of the person putting money into non secure projects, it’s still sad. It’s sad that we let these shitty projects have so much power and don’t just shut them down as a whole. Projects like BSC, NEAR, DOT are secure and you won’t get all of your money stolen if you invest in them. There are many others that are secure but there are also many that aren’t so as an investor you have to be careful where you put your money because sadly this is part of the game.

It's really unfortunate when projects which struggled hard to reach a certain point got hacked and loose all there  worked for, they are not the only ones affected, investors which believed in such project also loose as well because definitely when a project is hacked the next thing which take place is a rug pull which makes price of the coin dip so badly, well this is more reason projects should choose a blockchain which it's security can't be bridged, e.g polkadot, solana, and the most recommended is Near protocol.