Topic: DeFi hacks [history] - page 16. (Read 19119 times)
Yes, keeping funds in the pools of Defi projects using them for passive income becomes quite dangerous, the hacker left a message that he could withdraw much more, but did not do it and saved the project https://etherscan.io/tx/0x552bc0322d78c5648c5efa21d2daa2d0f14901ad4b15531f1ab5bbe5674de34f , another message from him that he was ready to return the stolen. https://etherscan.io/tx/0x7b6009ea08c868d7c5c336bf1bc30c33b87a0eedd59dac8c26e6a8551b20b68a
https://decrypt.co/78163/polynetwork-suffers-record-breaking-600-3m-hack
PolyNetwork Suffers Record-Breaking $600.3 Million Hack
"PolyNetwork has suffered an exploit today. The attacker has made off with at least $600.3 million in stolen funds.
Multi-chain interoperability protocol Poly Network fell victim to an exploit today, resulting in the loss of roughly $600 million worth of various cryptocurrencies, the platform's developers revealed."
https://twitter.com/PolyNetwork2/status/1425073987164381196?
PolyNetwork Suffers Record-Breaking $600.3 Million Hack
"PolyNetwork has suffered an exploit today. The attacker has made off with at least $600.3 million in stolen funds.
Multi-chain interoperability protocol Poly Network fell victim to an exploit today, resulting in the loss of roughly $600 million worth of various cryptocurrencies, the platform's developers revealed."
https://twitter.com/PolyNetwork2/status/1425073987164381196?
I read it is one of the largest hack, if not the largest so far.
People should be careful how they invest in projects. In Crypto space, only put your funds in well decentralized, well tested and secured projects. It's a space that depends on the security of decentralization in place of traditional governments... You should demand true decentralization or don't invest atall.
Invest but don't gamble.
Will continue to emphasize on the importance of sticking to crypto ideals when you are in Crypto space, so we don't have too many regrets
https://decrypt.co/78163/polynetwork-suffers-record-breaking-600-3m-hack
PolyNetwork Suffers Record-Breaking $600.3 Million Hack
"PolyNetwork has suffered an exploit today. The attacker has made off with at least $600.3 million in stolen funds.
Multi-chain interoperability protocol Poly Network fell victim to an exploit today, resulting in the loss of roughly $600 million worth of various cryptocurrencies, the platform's developers revealed."
https://twitter.com/PolyNetwork2/status/1425073987164381196?
PolyNetwork Suffers Record-Breaking $600.3 Million Hack
"PolyNetwork has suffered an exploit today. The attacker has made off with at least $600.3 million in stolen funds.
Multi-chain interoperability protocol Poly Network fell victim to an exploit today, resulting in the loss of roughly $600 million worth of various cryptocurrencies, the platform's developers revealed."
https://twitter.com/PolyNetwork2/status/1425073987164381196?
Personally I was a victim of one defi hack. I lost about 100$. It was a farm on Polygon called Polyyeld. I invested in a pool USDC-YELD and at first everything was ok and I wish I had taken my money away when I was in profit. But then I lost and decided to hodl. And some time later they launched a layer 2, as a result a vulnerability appeared there. Then it was a hack and somebody made up a huge amount of native tokens.
This kind of stuff is sad, people put their trust and hard earned money into projects and hackers take advantage by hacking these projects. Although it’s the fault of the person putting money into non secure projects, it’s still sad. It’s sad that we let these shitty projects have so much power and don’t just shut them down as a whole. Projects like BSC, NEAR, DOT are secure and you won’t get all of your money stolen if you invest in them. There are many others that are secure but there are also many that aren’t so as an investor you have to be careful where you put your money because sadly this is part of the game.
It's really unfortunate when projects which struggled hard to reach a certain point got hacked and loose all there worked for, they are not the only ones affected, investors which believed in such project also loose as well because definitely when a project is hacked the next thing which take place is a rug pull which makes price of the coin dip so badly, well this is more reason projects should choose a blockchain which it's security can't be bridged, e.g polkadot, solana, and the most recommended is Near protocol.
So far there have been no hacks or exit scams on NEAR protocol, it's a trustworthy community.
Popsicle Finance- 25M
https://decrypt.co/77620/defi-protocol-popsicle-finance-hacked-25-million
A bug in Popsicle Finance allowed hackers to drain one of the DeFi protocol’s key products for roughly $25 million.
"Popsicle Finance, a multi-chain yield-generating crypto project, has melted under the heat of a new exploit.
The $25 million heist was revealed by security researcher Mudit Gupta, who said “the hack was complex but the bug was simple.” In a Twitter thread, Gupta also explained how he reported a similar bug in another protocol, adding that the error “has been exploited in like a dozen other protocols already.”"
https://twitter.com/Mudit__Gupta/status/1422797923037814786
https://decrypt.co/77620/defi-protocol-popsicle-finance-hacked-25-million
A bug in Popsicle Finance allowed hackers to drain one of the DeFi protocol’s key products for roughly $25 million.
"Popsicle Finance, a multi-chain yield-generating crypto project, has melted under the heat of a new exploit.
The $25 million heist was revealed by security researcher Mudit Gupta, who said “the hack was complex but the bug was simple.” In a Twitter thread, Gupta also explained how he reported a similar bug in another protocol, adding that the error “has been exploited in like a dozen other protocols already.”"
https://twitter.com/Mudit__Gupta/status/1422797923037814786
I hadn't heard of this project before but it seems that yield optimizers are a big target for attackers. PancakeBunny suffered one of the biggest losses earlier this year through a flash loan attack and then a few months later they were attacked again on the Polygon version of PancakeBunny. The benefit of using these optimizers is in the extra rewards they give you by going through their platform but the complexity of their contracts makes them more susceptible to exploits.
Popsicle Finance- 25M
https://decrypt.co/77620/defi-protocol-popsicle-finance-hacked-25-million
A bug in Popsicle Finance allowed hackers to drain one of the DeFi protocol’s key products for roughly $25 million.
"Popsicle Finance, a multi-chain yield-generating crypto project, has melted under the heat of a new exploit.
The $25 million heist was revealed by security researcher Mudit Gupta, who said “the hack was complex but the bug was simple.” In a Twitter thread, Gupta also explained how he reported a similar bug in another protocol, adding that the error “has been exploited in like a dozen other protocols already.”"
https://twitter.com/Mudit__Gupta/status/1422797923037814786
https://decrypt.co/77620/defi-protocol-popsicle-finance-hacked-25-million
A bug in Popsicle Finance allowed hackers to drain one of the DeFi protocol’s key products for roughly $25 million.
"Popsicle Finance, a multi-chain yield-generating crypto project, has melted under the heat of a new exploit.
The $25 million heist was revealed by security researcher Mudit Gupta, who said “the hack was complex but the bug was simple.” In a Twitter thread, Gupta also explained how he reported a similar bug in another protocol, adding that the error “has been exploited in like a dozen other protocols already.”"
https://twitter.com/Mudit__Gupta/status/1422797923037814786
The Popsicle Finance team offered the hacker who carried out the attack a reward, or rather a ransom for the return of the stolen funds in the amount of $1,000,000 in any currency at his request, I don't know how much this can help.
Quote from: https://popsiclefinance.medium.com/popsicle-finance-post-mortem-after-fragola-hack-f45b302362e0
Quote
So, now what?
First of all, we would like to address the black hat hacker. Although this may be a long shot we are offering a completely clean $1,000,000 bounty paid in whatever currency he/she likes if funds are returned.
First of all, we would like to address the black hat hacker. Although this may be a long shot we are offering a completely clean $1,000,000 bounty paid in whatever currency he/she likes if funds are returned.
During the last few weeks I was wrapping my head around finding all the DeFi hacks happened but google wasn't really helping. I said to myself, jeez why don't I go to the forum and search there.
Thanks a lot zasad@ this is what I was looking for!
I'll contribute to this thread in case I'll find some more news.
Thanks a lot zasad@ this is what I was looking for!
I'll contribute to this thread in case I'll find some more news.
Popsicle Finance- 25M
https://decrypt.co/77620/defi-protocol-popsicle-finance-hacked-25-million
A bug in Popsicle Finance allowed hackers to drain one of the DeFi protocol’s key products for roughly $25 million.
"Popsicle Finance, a multi-chain yield-generating crypto project, has melted under the heat of a new exploit.
The $25 million heist was revealed by security researcher Mudit Gupta, who said “the hack was complex but the bug was simple.” In a Twitter thread, Gupta also explained how he reported a similar bug in another protocol, adding that the error “has been exploited in like a dozen other protocols already.”"
https://twitter.com/Mudit__Gupta/status/1422797923037814786
https://decrypt.co/77620/defi-protocol-popsicle-finance-hacked-25-million
A bug in Popsicle Finance allowed hackers to drain one of the DeFi protocol’s key products for roughly $25 million.
"Popsicle Finance, a multi-chain yield-generating crypto project, has melted under the heat of a new exploit.
The $25 million heist was revealed by security researcher Mudit Gupta, who said “the hack was complex but the bug was simple.” In a Twitter thread, Gupta also explained how he reported a similar bug in another protocol, adding that the error “has been exploited in like a dozen other protocols already.”"
https://twitter.com/Mudit__Gupta/status/1422797923037814786
A new hacker attack, already the second in a week, on THORChain today led to a loss of $8 million, as the developers explained, the hacker said that he could have spent more( ETH,BTC,LYC, BNB and other BEP20s tokens), but eventually requested a reward of 10% of the amount of assets under potential threat in exchange for a critical error message.
THORChain lost, according to preliminary estimates 4,000 ETH about $8 million as a result of a hacker attack. Originally reported loss of 13,000 ETH. https://www.runebase.org/news/thorchain-suffers-exploit
They promise to inform the affected users about the details and compensation in the near future. https://twitter.com/THORChain/status/1415813696857591813
UPD: Official update from the THORChain team in the telegram channel https://t.me/thorchain_org
Yes, exactly it happened and was officially announced from their team. Their big response.They promise to inform the affected users about the details and compensation in the near future. https://twitter.com/THORChain/status/1415813696857591813
UPD: Official update from the THORChain team in the telegram channel https://t.me/thorchain_org
Quote from: https://t.me/thorchain_org/323674
MCCN Exploit Update
Loss:
Approx ~$4.9mm USD was taken in the exploit, far less than the intitial figures posted earlier. A granular breakdown is being developed by the community.
Method:
ETH Bifrost was tricked using a custom wrapper to read a deposit amount of 200 when it was actually zero. More details will be provided in the upcoming post mortem blog.
Discovery:
The issue was discovered by a community dev and anonymous nodes voluntarily used make halt command to stop their nodes. Once more than 1/3rd nodes had been halted, the network itself was halted. This was a decentralized action taken by node operators to protect the network.
Recovery:
1. Release the patch & restart the network > block pending outbounds > restore solvency.
2. Donate funds back to the ETH pool to restore lost funds to LPs
3. Release auto-solvency checker as a future preventative measure
4. Continue working with security firms to audit.
This is a disappointing moment for all, but LPs and Nodes should be unaffected after all is recovered (the funds will be restored). The network will be stronger and more resilient.
The THORChain community appreciate the inflow of support. More info to come in due course.
Loss:
Approx ~$4.9mm USD was taken in the exploit, far less than the intitial figures posted earlier. A granular breakdown is being developed by the community.
Method:
ETH Bifrost was tricked using a custom wrapper to read a deposit amount of 200 when it was actually zero. More details will be provided in the upcoming post mortem blog.
Discovery:
The issue was discovered by a community dev and anonymous nodes voluntarily used make halt command to stop their nodes. Once more than 1/3rd nodes had been halted, the network itself was halted. This was a decentralized action taken by node operators to protect the network.
Recovery:
1. Release the patch & restart the network > block pending outbounds > restore solvency.
2. Donate funds back to the ETH pool to restore lost funds to LPs
3. Release auto-solvency checker as a future preventative measure
4. Continue working with security firms to audit.
This is a disappointing moment for all, but LPs and Nodes should be unaffected after all is recovered (the funds will be restored). The network will be stronger and more resilient.
The THORChain community appreciate the inflow of support. More info to come in due course.
This is unfortunate because not only does it cause loss to investors and the project's confidence, but it also covers this negativity on the entire market, which is already in a bad state.
Quote
Safe Dollar - $250 000
https://t.me/safedollarannouncements/42
SafeDollar has been under attack. We have paused activities on SafeDollar and investigating the matter.
I still haven't forgotten the crazy moment with Titan, even though they later announced their mistake but it did a lot of damage. I've given up on polygons for now.https://t.me/safedollarannouncements/42
SafeDollar has been under attack. We have paused activities on SafeDollar and investigating the matter.
Bondly Finance Suffers Latest DeFi Attack, Token Price Tanks
https://beincrypto.com/bondly-finance-suffers-latest-defi-attack/
“Unfortunately we have been compromised by an unknown party. We would like to take this time to advise you to STOP TRADING BONDLY. Rest assure we have already taken action and will be operating as usual ASAP,”
Around an hour or so before the warning, DeFi Prime posted details of the address involved in the reported exploit.
unfortunately i have some Bondly in my gate.io account , personally i am not hear this news because i am prepare and accept the risk if someday it will be scam or anything else happen. But if i see the update from developers team , they have good response to issue policy so investors not worry and even thingking they will run. hopefully new token released soon and everything back to normal again. https://beincrypto.com/bondly-finance-suffers-latest-defi-attack/
“Unfortunately we have been compromised by an unknown party. We would like to take this time to advise you to STOP TRADING BONDLY. Rest assure we have already taken action and will be operating as usual ASAP,”
Around an hour or so before the warning, DeFi Prime posted details of the address involved in the reported exploit.
Bondly Finance Suffers Latest DeFi Attack, Token Price Tanks
https://beincrypto.com/bondly-finance-suffers-latest-defi-attack/
“Unfortunately we have been compromised by an unknown party. We would like to take this time to advise you to STOP TRADING BONDLY. Rest assure we have already taken action and will be operating as usual ASAP,”
Around an hour or so before the warning, DeFi Prime posted details of the address involved in the reported exploit.
https://beincrypto.com/bondly-finance-suffers-latest-defi-attack/
“Unfortunately we have been compromised by an unknown party. We would like to take this time to advise you to STOP TRADING BONDLY. Rest assure we have already taken action and will be operating as usual ASAP,”
Around an hour or so before the warning, DeFi Prime posted details of the address involved in the reported exploit.
THORChain lost, according to preliminary estimates 4,000 ETH about $8 million as a result of a hacker attack. Originally reported loss of 13,000 ETH. https://www.runebase.org/news/thorchain-suffers-exploit
They promise to inform the affected users about the details and compensation in the near future. https://twitter.com/THORChain/status/1415813696857591813
UPD: Official update from the THORChain team in the telegram channel https://t.me/thorchain_org
They promise to inform the affected users about the details and compensation in the near future. https://twitter.com/THORChain/status/1415813696857591813
UPD: Official update from the THORChain team in the telegram channel https://t.me/thorchain_org
Quote from: https://t.me/thorchain_org/323674
MCCN Exploit Update
Loss:
Approx ~$4.9mm USD was taken in the exploit, far less than the intitial figures posted earlier. A granular breakdown is being developed by the community.
Method:
ETH Bifrost was tricked using a custom wrapper to read a deposit amount of 200 when it was actually zero. More details will be provided in the upcoming post mortem blog.
Discovery:
The issue was discovered by a community dev and anonymous nodes voluntarily used make halt command to stop their nodes. Once more than 1/3rd nodes had been halted, the network itself was halted. This was a decentralized action taken by node operators to protect the network.
Recovery:
1. Release the patch & restart the network > block pending outbounds > restore solvency.
2. Donate funds back to the ETH pool to restore lost funds to LPs
3. Release auto-solvency checker as a future preventative measure
4. Continue working with security firms to audit.
This is a disappointing moment for all, but LPs and Nodes should be unaffected after all is recovered (the funds will be restored). The network will be stronger and more resilient.
The THORChain community appreciate the inflow of support. More info to come in due course.
Loss:
Approx ~$4.9mm USD was taken in the exploit, far less than the intitial figures posted earlier. A granular breakdown is being developed by the community.
Method:
ETH Bifrost was tricked using a custom wrapper to read a deposit amount of 200 when it was actually zero. More details will be provided in the upcoming post mortem blog.
Discovery:
The issue was discovered by a community dev and anonymous nodes voluntarily used make halt command to stop their nodes. Once more than 1/3rd nodes had been halted, the network itself was halted. This was a decentralized action taken by node operators to protect the network.
Recovery:
1. Release the patch & restart the network > block pending outbounds > restore solvency.
2. Donate funds back to the ETH pool to restore lost funds to LPs
3. Release auto-solvency checker as a future preventative measure
4. Continue working with security firms to audit.
This is a disappointing moment for all, but LPs and Nodes should be unaffected after all is recovered (the funds will be restored). The network will be stronger and more resilient.
The THORChain community appreciate the inflow of support. More info to come in due course.
~
Why Defi hack is so easy to do compared to others. I think there is something wrong with the Defi platform security system. We need to be careful with new and untested platforms. Hackers are always trying to attack new platforms, and they often succeed. As happened in BSC recently.
Hackers Stole $3.8 Billion in Cryptocurrency Hacks in 2020
Check out the statistics. Hackers hack anything they can hack: exchanges, wallets, projects. Defi projects are not on the 1st place in this list.
You need to be careful everywhere
___
Safe Dollar - $250 000
https://t.me/safedollarannouncements/42
SafeDollar has been under attack. We have paused activities on SafeDollar and investigating the matter.
https://twitter.com/RugDocIO/status/1409365551630090243?
SafeDollar may have been exploited for $250k in USDC and USDT‼️
Here is the exploiting contract :
https://polygonscan.com/address/0xc44e71debf89d414a262edadc44797eba093c6b0#tokentxns
ChainSwap- - $8M
https://cryptobriefing.com/8-million-lost-major-chainswap-exploit/
$8 Million Lost in Major ChainSwap Exploit
Chris Williams(C)
"Several tokens have plummeted after ChainSwap suffered its second exploit in eight days. The losses amount to roughly $8 million.
Key Takeaways
ChainSwap suffered an exploit last night, resulting in $8 million worth of losses.
The attacker sold several tokens available on the protocol through decentralized exchanges, meaning they tanked in value.
ChainSwap has paused its Ethereum to Binance Smart Chain bridge and pledged to airdrop new ASAP tokens to holders."
[moderator's note: consecutive posts merged]
~
Why Defi hack is so easy to do compared to others. I think there is something wrong with the Defi platform security system. We need to be careful with new and untested platforms. Hackers are always trying to attack new platforms, and they often succeed. As happened in BSC recently.
Impossible finance- $500 000
https://decrypt.co/74105/binance-smart-chain-defi-project-impossible-finance-hacked
Binance Smart Chain DeFi Project Impossible Finance Hacked
Yet another DeFi project on the Binance Smart Chain has been exploited. This time, attackers nabbed $500,000 from Impossible Finance in a flash loan attack.
https://twitter.com/Mudit__Gupta/status/1406878176509194246?
Impossible finance got exploited today for $500k.
Impossible Finance exploit root cause analysis
https://watchpug.medium.com/impossible-finance-exploit-root-cause-analysis-ba0ed7c151e4
https://decrypt.co/74105/binance-smart-chain-defi-project-impossible-finance-hacked
Binance Smart Chain DeFi Project Impossible Finance Hacked
Yet another DeFi project on the Binance Smart Chain has been exploited. This time, attackers nabbed $500,000 from Impossible Finance in a flash loan attack.
https://twitter.com/Mudit__Gupta/status/1406878176509194246?
Impossible finance got exploited today for $500k.
Impossible Finance exploit root cause analysis
https://watchpug.medium.com/impossible-finance-exploit-root-cause-analysis-ba0ed7c151e4
@Daltonik. I am skeptical that ddos was the cause. How can a ddos attack cause a token to pump to $60 then dump to $0? I reckon that it might be some mechanism in these dollar pegged stablecoins that when whales dump IRON, it also triggers to mint TITAN and removes liquidity to keep the peg of IRON to $1.00.
Yes, you are right, of course, everything can happen here, while there is no data on this case, what it was specifically, I think after some time there will be an analysis, it also happens that initially smart contracts of projects involve fraud schemes, such as the recent case with Beetsfarm Finance. https://twitter.com/RugDocIO/status/1405673057381978113
Jump to: