Topic: DeFi hacks [history] - page 17. (Read 19119 times)
@Daltonik. I am skeptical that ddos was the cause. How can a ddos attack cause a token to pump to $60 then dump to $0? I reckon that it might be some mechanism in these dollar pegged stablecoins that when whales dump IRON, it also triggers to mint TITAN and removes liquidity to keep the peg of IRON to $1.00.
Iron Finance announced on Twitter, addressing users about the need to withdraw all liquidity from all pools, the details promise to report later, apparently the Poligon network was subjected to a ddos attack, as a result of which the price of the Titan token fell from $60 to 0. https://twitter.com/IronFinance/status/1405320650202419202
@slaman29. All 8 flashloan attacks? I disagree. These are not rugpulls. It appears to be a well organized group exploiting weaknesses in copy/paste projects deployed in Binance smartchain.
Also, I was wrong in my assumption that Binance smartchain would be the Ethereum killer hehe. However, Solana might be the Binance smartchain killer hehehehe.
Also, I was wrong in my assumption that Binance smartchain would be the Ethereum killer hehe. However, Solana might be the Binance smartchain killer hehehehe.
Ah sorry, I always assumed all kinds of attacks are called rug pulls in Defi. Just read it up now and rugpulls are when the project owners take out all the liquidty from the pool so yes, different mode of attack but in my book, still the same scummy people and like you said, probably all the same groups of people in the end.
Solana BSC killer? SOL starter looks almost sold out:)
@slaman29. All 8 flashloan attacks? I disagree. These are not rugpulls. It appears to be a well organized group exploiting weaknesses in copy/paste projects deployed in Binance smartchain.
Also, I was wrong in my assumption that Binance smartchain would be the Ethereum killer hehe. However, Solana might be the Binance smartchain killer hehehehe.
Also, I was wrong in my assumption that Binance smartchain would be the Ethereum killer hehe. However, Solana might be the Binance smartchain killer hehehehe.
Also, all of the other attacks are targetted towards Binance smart chain only. The skeptical me thinks that someone might be playing dirty. Solana to top 3 in coinmarketcap.com might prove this hehehehe.
I really hope someone goes and collects all this evidence and then tries to pin down these guys. My personal belief is that they aren't hackers but all are inside job developers with malicious intent, possibly installing loopholes made known the attackers. And then rugpulling at will. Binance Smart Chain only makes me think this for sure. Crime pays in crypto because enforcement doesn't come and catch them.
It seems they encourage people to take big risk on the so called DeFi(Decentralized Finance). You can't build a project today without proper/thorough testing before allowing the public to invest what they likely can't afford to risk/lose.
I have previously suggested opening up the DeFi platform to the public so anyone can help review projects based on list of Rules/Standards/Principles that have to be followed before a project is allowed for serious usage. Hope they don't prefer the platform to be takeover and regulated by central authorities.
Bitcoin didn't start with founders requesting people to invest huge amount of money or stake to be part of the network, help secure and keep it decentralized ... it instead paid participants... so that they risk less during its early stage and people probably began to put in money above sensible limits over time as security improves
Explore this reportI have previously suggested opening up the DeFi platform to the public so anyone can help review projects based on list of Rules/Standards/Principles that have to be followed before a project is allowed for serious usage. Hope they don't prefer the platform to be takeover and regulated by central authorities.
Bitcoin didn't start with founders requesting people to invest huge amount of money or stake to be part of the network, help secure and keep it decentralized ... it instead paid participants... so that they risk less during its early stage and people probably began to put in money above sensible limits over time as security improves
Hackers Stole $3.8 Billion in Cryptocurrency Hacks in 2020
https://decrypt.co/54128/hackers-stole-3-8-billion-in-cryptocurrency-hacks-in-2020
"Crypto wallets had 27 attacks and were the most lucrative target for the hackers, with $3.03 billion in losses."
__
With the market correcting, the volume of liquidations in Venus' Binance Smart Chain (BSC) -based Venus DeFi Landing Protocol reached $ 200 million.
https://forklog.com/v-protokole-venus-na-baze-binance-smart-chain-proizoshli-likvidatsii-na-200/
Venus Incident Report — XVS Liquidations
https://blog.venus.io/venus-incident-report-xvs-liquidations-451be68bb08f
https://twitter.com/FrankResearcher/status/1394900186435096578?
"Today we have witnessed the manipulation of XVS price — the governance token of Venus Protocol on BSC.
This incident resulted in $200M+ DeFi liquidations and a $100M+ of protocol bad debt.
As usual, let’s analyze this situation below👇"
It also appears that the manipulation on Venus and the flash loan attack was an inside job according to this article.
In this article below I will provide evidence from the blockchain that the Venus/Swipe team are directly linked to the Cannon Ignition Sale incident and the blockchain wallet responsible for causing the recent XVS account liquidations.
Source https://medium.com/@venus.insider/venus-io-disclosure-an-inside-job-f8ef195fe78d
Also, all of the other attacks are targetted towards Binance smart chain only. The skeptical me thinks that someone might be playing dirty. Solana to top 3 in coinmarketcap.com might prove this hehehehe.
Come to think of it, defi projects are the sweetest spot for scamming and hacking because there is no way the law will hunt this project down, I believe not a this hacks are real hack, since no one can complain if anything goes wrong even the team can hack themselves, who knows? 🤦
Safemoon is not the first coin to use the word safe and trust and whatever, they're all the same. They have some kind of audit for smart contract but I still feel 99% of devs in defi aren't as smart as the hackers OR are a group of people themselves all behind the scenes of these rug pulls. The law will catch up one day hopefully.
Analysts found serious bugs in the DeFi project SafeMoon
https://whattonews.ru/analitiki-nashli-sereznye-bagi-u-defi-proekta-safemoon/
"During the audit, HashEx specialists identified 12 vulnerabilities in the smart contracts of the DeFi project SafeMoon. The bugs found allow the withdrawal of assets worth $ 20 million and block transactions, analysts said."
https://twitter.com/stoolpresidente/status/1394379356487757834?
Dave Portnoy
My shitcoin announcement. Invest at your own risk. I have no idea how this works
https://twitter.com/TheCryptoLark/status/1384664238371704832?
Lark Davis
"Bitconnect was for a brief moment a top 10 #crypto, the people making money did not want to accept it was a ponzi, they made every excuse to justify it, and attacked anyone who stated the obvious.
Then it rug pulled and everyone lost big time.
#safemoon is no different."
The BNT - ETH pool of the Wild Credit protocol was devastated by an economic exploit.
$ 637K was withdrawn from the pool, but with the help of specialists from the analytical services vfat.tools and Nansen.ai, the funds were returned to the protocol.
https://twitter.com/WildCredit/status/1397848487593603072
All funds were returned to the protocol:
https://etherscan.io/tx/0xb4fffa0e824034a10af2807f1504ac247ae1dd6f2bcfed8085989bbfda434542
https://t.me/Defiscamcheck/1852
https://bitcointalksearch.org/topic/m.57100531
DeFi project BurgerSwap - $ 7.2M
https://twitter.com/burger_swap/status/1398088748563369988?
"BurgerSwap just experienced Flash Loan attack.
We have suspended Swap and BURGER generation to avoid further loss.
Our tech team is working on the issue and will publish the solution later.
More details will be published soon. Thanks for your patience."
https://twitter.com/burger_swap/status/1398163112335863811?
"What was stolen:
- 4.4k WBNB ($1.6M)
- 22k BUSD ($22k)
- 2.5 ETH ($6.8k)
- 1.4M USDT ($1.4M)
- 432k BURGER ($3.2M)
-142k xBURGER ($1M)
- 95k ROCKS"
Belt Finance- $6,2M
https://twitter.com/FrankResearcher/status/1398772580602060804?
"New weekend - a new attack on BSC DeFi protocol.
Today $6.2M in BUSD was stolen from Belt Finance in 8 transactions.
Below is what happened"
[moderator's note: consecutive posts merged]
https://whattonews.ru/analitiki-nashli-sereznye-bagi-u-defi-proekta-safemoon/
"During the audit, HashEx specialists identified 12 vulnerabilities in the smart contracts of the DeFi project SafeMoon. The bugs found allow the withdrawal of assets worth $ 20 million and block transactions, analysts said."
https://twitter.com/stoolpresidente/status/1394379356487757834?
Dave Portnoy
My shitcoin announcement. Invest at your own risk. I have no idea how this works
https://twitter.com/TheCryptoLark/status/1384664238371704832?
Lark Davis
"Bitconnect was for a brief moment a top 10 #crypto, the people making money did not want to accept it was a ponzi, they made every excuse to justify it, and attacked anyone who stated the obvious.
Then it rug pulled and everyone lost big time.
#safemoon is no different."
The BNT - ETH pool of the Wild Credit protocol was devastated by an economic exploit.
$ 637K was withdrawn from the pool, but with the help of specialists from the analytical services vfat.tools and Nansen.ai, the funds were returned to the protocol.
https://twitter.com/WildCredit/status/1397848487593603072
All funds were returned to the protocol:
https://etherscan.io/tx/0xb4fffa0e824034a10af2807f1504ac247ae1dd6f2bcfed8085989bbfda434542
https://t.me/Defiscamcheck/1852
https://bitcointalksearch.org/topic/m.57100531
DeFi project BurgerSwap - $ 7.2M
https://twitter.com/burger_swap/status/1398088748563369988?
"BurgerSwap just experienced Flash Loan attack.
We have suspended Swap and BURGER generation to avoid further loss.
Our tech team is working on the issue and will publish the solution later.
More details will be published soon. Thanks for your patience."
https://twitter.com/burger_swap/status/1398163112335863811?
"What was stolen:
- 4.4k WBNB ($1.6M)
- 22k BUSD ($22k)
- 2.5 ETH ($6.8k)
- 1.4M USDT ($1.4M)
- 432k BURGER ($3.2M)
-142k xBURGER ($1M)
- 95k ROCKS"
Belt Finance- $6,2M
https://twitter.com/FrankResearcher/status/1398772580602060804?
"New weekend - a new attack on BSC DeFi protocol.
Today $6.2M in BUSD was stolen from Belt Finance in 8 transactions.
Below is what happened"
[moderator's note: consecutive posts merged]
What about new project called HAPI? they want to solve this problem. I think currently only HAPI that have purpose to solve it. We should support this project to minimize the risk of crypto investment.
Since DeFi was booming last year, there have been a lot of DeFi cases being hacked. Why have so many DeFi projects been hacked? is it because of a weak security system? or clever hackers who attacked the DeFi project?
you will really know how DeFi projects can scam participants.
It seems they encourage people to take big risk on the so called DeFi(Decentralized Finance). You can't build a project today without proper/thorough testing before allowing the public to invest what they likely can't afford to risk/lose.
I have previously suggested opening up the DeFi platform to the public so anyone can help review projects based on list of Rules/Standards/Principles that have to be followed before a project is allowed for serious usage. Hope they don't prefer the platform to be takeover and regulated by central authorities.
Bitcoin didn't start with founders requesting people to invest huge amount of money or stake to be part of the network, help secure and keep it decentralized ... it instead paid participants... so that they risk less during its early stage and people probably began to put in money above sensible limits over time as security improves
Explore this reportI have previously suggested opening up the DeFi platform to the public so anyone can help review projects based on list of Rules/Standards/Principles that have to be followed before a project is allowed for serious usage. Hope they don't prefer the platform to be takeover and regulated by central authorities.
Bitcoin didn't start with founders requesting people to invest huge amount of money or stake to be part of the network, help secure and keep it decentralized ... it instead paid participants... so that they risk less during its early stage and people probably began to put in money above sensible limits over time as security improves
Hackers Stole $3.8 Billion in Cryptocurrency Hacks in 2020
https://decrypt.co/54128/hackers-stole-3-8-billion-in-cryptocurrency-hacks-in-2020
"Crypto wallets had 27 attacks and were the most lucrative target for the hackers, with $3.03 billion in losses."
__
With the market correcting, the volume of liquidations in Venus' Binance Smart Chain (BSC) -based Venus DeFi Landing Protocol reached $ 200 million.
https://forklog.com/v-protokole-venus-na-baze-binance-smart-chain-proizoshli-likvidatsii-na-200/
Venus Incident Report — XVS Liquidations
https://blog.venus.io/venus-incident-report-xvs-liquidations-451be68bb08f
https://twitter.com/FrankResearcher/status/1394900186435096578?
"Today we have witnessed the manipulation of XVS price — the governance token of Venus Protocol on BSC.
This incident resulted in $200M+ DeFi liquidations and a $100M+ of protocol bad debt.
As usual, let’s analyze this situation below👇"
You can't build a project today without proper/thorough testing before allowing the public to invest what they likely can't afford to risk/lose.
The problem is not really about the testing before going public, but how strong your developers are, a good development teams and site management is a very important factor to consider before embarking on a crypto journey, this should be taken care of thoroughly to avoid hacks and theft on their platform.Weekly routine check or as the case may be is a good thing to constantly do on a regular to detect any technical fault by following the respective Standard Operating Procedure (SOP).
It seems they encourage people to take big risk on the so called DeFi(Decentralized Finance). You can't build a project today without proper/thorough testing before allowing the public to invest what they likely can't afford to risk/lose.
I have previously suggested opening up the DeFi platform to the public so anyone can help review projects based on list of Rules/Standards/Principles that have to be followed before a project is allowed for serious usage. Hope they don't prefer the platform to be takeover and regulated by central authorities.
Bitcoin didn't start with founders requesting people to invest huge amount of money or stake to be part of the network, help secure and keep it decentralized ... it instead paid participants... so that they risk less during its early stage and people probably began to put in money above sensible limits over time as security improves
I have previously suggested opening up the DeFi platform to the public so anyone can help review projects based on list of Rules/Standards/Principles that have to be followed before a project is allowed for serious usage. Hope they don't prefer the platform to be takeover and regulated by central authorities.
Bitcoin didn't start with founders requesting people to invest huge amount of money or stake to be part of the network, help secure and keep it decentralized ... it instead paid participants... so that they risk less during its early stage and people probably began to put in money above sensible limits over time as security improves
The simplest audit costs from 10 thousand dollars, but the prices for services can reach 100,000 dollars and more.
Pancake Bunny -200 M
https://coinfomania.com/pancake-bunny-1-billion-defi-hack/
"By Wilfred MichaelMAY 20, 2021BREAKING: BSC-based DeFi Project Pancake BUNNY Suffers $1 Billion ExploitDeFi Fulcrum ETH Hacked
Pancake Bunny, a DeFi yield optimizer project built on Binance Smart Chain, has supposedly suffered an exploit that resulted in roughly $1 billion being drained from its smart contracts. The token price has dropped more than 97% in the aftermath while the community awaits an update from the team."
https://twitter.com/PancakeBunnyFin/status/1395173093333680136?
Pancake Bunny -200 M
https://coinfomania.com/pancake-bunny-1-billion-defi-hack/
"By Wilfred MichaelMAY 20, 2021BREAKING: BSC-based DeFi Project Pancake BUNNY Suffers $1 Billion ExploitDeFi Fulcrum ETH Hacked
Pancake Bunny, a DeFi yield optimizer project built on Binance Smart Chain, has supposedly suffered an exploit that resulted in roughly $1 billion being drained from its smart contracts. The token price has dropped more than 97% in the aftermath while the community awaits an update from the team."
https://twitter.com/PancakeBunnyFin/status/1395173093333680136?
https://www.coindesk.com/defi-protocol-xtoken-suffers-24-5m-exploit
DeFi Protocol xToken Suffers $24.5M Exploit
The protocol said minting has been paused on all contracts while an investigation takes place.
Decentralized finance (DeFi) protocol xToken said it suffered an exploit Wednesday by an attacker who used flash loans to take $24.5 million.
https://twitter.com/xtokenmarket/status/1392490733588946948?
DeFi Protocol xToken Suffers $24.5M Exploit
The protocol said minting has been paused on all contracts while an investigation takes place.
Decentralized finance (DeFi) protocol xToken said it suffered an exploit Wednesday by an attacker who used flash loans to take $24.5 million.
https://twitter.com/xtokenmarket/status/1392490733588946948?
The list you are providing here is quite shocking, also because I have never heard of many of the hacks. So many projects say they have some certificate from an audit company. It would be interesting to see how many of the DeFi projects listed here had such an audit certificate. Maybe I'll find the time and provide some info on that.
https://decrypt.co/70690/defi-hacks-2021-ciphertrace-report
$156 Million Stolen in DeFi Hacks This Year: CipherTrace
"That’s more than was stolen from DeFi protocols in all of 2020.
In brief
$156 million was stolen from DeFi-related hacks between January and April, according to CipherTrace.
That number has risen along with the total amount of money locked up in DeFi."
Then what are those audit certificates worth? It could even be an insider of the audit services provider. Imagine you detect a loophole in the code, you'd be better off hacking that thing than fixing it. I thought I also heard that they provide insurance after they did their audit. Don't which company it was, but given the size of the security breach they'd be out of business with just a single breach anyway.
https://www.coindesk.com/defi-protocol-xtoken-suffers-24-5m-exploit
DeFi Protocol xToken Suffers $24.5M Exploit
The protocol said minting has been paused on all contracts while an investigation takes place.
Decentralized finance (DeFi) protocol xToken said it suffered an exploit Wednesday by an attacker who used flash loans to take $24.5 million.
https://twitter.com/xtokenmarket/status/1392490733588946948?
DeFi Protocol xToken Suffers $24.5M Exploit
The protocol said minting has been paused on all contracts while an investigation takes place.
Decentralized finance (DeFi) protocol xToken said it suffered an exploit Wednesday by an attacker who used flash loans to take $24.5 million.
https://twitter.com/xtokenmarket/status/1392490733588946948?
The list you are providing here is quite shocking, also because I have never heard of many of the hacks. So many projects say they have some certificate from an audit company. It would be interesting to see how many of the DeFi projects listed here had such an audit certificate. Maybe I'll find the time and provide some info on that.
https://decrypt.co/70690/defi-hacks-2021-ciphertrace-report
$156 Million Stolen in DeFi Hacks This Year: CipherTrace
"That’s more than was stolen from DeFi protocols in all of 2020.
In brief
$156 million was stolen from DeFi-related hacks between January and April, according to CipherTrace.
That number has risen along with the total amount of money locked up in DeFi."
Rari Capital Reports Exploit in ETH Pool; $15M Taken
https://www.coindesk.com/rari-capital-reports-exploit-in-eth-pool
According to Etherscan, $15 million worth of ether was taken.
https://etherscan.io/address/0xcb36b1ee0af68dce5578a487ff2da81282512233
https://nipunp.medium.com/5-8-21-rari-capital-exploit-timeline-analysis-8beda31cbc1a
Rari Exploiter address (same address as Value Defi exploiter on BSC): https://etherscan.io/address/0xcb36b1ee0af68dce5578a487ff2da81282512233
Exploiter net gain: ~2600 ETH (~$10M)
Rari Capital Plans to Refund Stolen $10.6M in Ethereum From Dev Fund
The attack exploited Rari Capital’s integration with Alpha Finance Labs’ ibETH token.
https://www.coindesk.com/rari-capital-loses-ethereum-to-theft
[moderator's note: consecutive posts merged]
https://www.coindesk.com/defi-protocol-xtoken-suffers-24-5m-exploit
DeFi Protocol xToken Suffers $24.5M Exploit
The protocol said minting has been paused on all contracts while an investigation takes place.
Decentralized finance (DeFi) protocol xToken said it suffered an exploit Wednesday by an attacker who used flash loans to take $24.5 million.
https://twitter.com/xtokenmarket/status/1392490733588946948?
DeFi Protocol xToken Suffers $24.5M Exploit
The protocol said minting has been paused on all contracts while an investigation takes place.
Decentralized finance (DeFi) protocol xToken said it suffered an exploit Wednesday by an attacker who used flash loans to take $24.5 million.
https://twitter.com/xtokenmarket/status/1392490733588946948?
The list you are providing here is quite shocking, also because I have never heard of many of the hacks. So many projects say they have some certificate from an audit company. It would be interesting to see how many of the DeFi projects listed here had such an audit certificate. Maybe I'll find the time and provide some info on that.
DODO DEX
$ 2 million
https://twitter.com/BreederDodo/status/1369098897008648192
"PSA Regarding Recent Exploit on DODO
On March 8, Several DODO V2 Crowdpools were attacked. WSZO, WCRES, ETHA, and FUSI pools were impacted, while AC pool funds have been fully recovered.
Funds in all other pools, including all V1 pools and all non-Crowdpool V2 pools, are safe."
https://twitter.com/BreederDodo/status/1369335145732268033
"UPDATE: $1.89 million has been recovered and our team is in the process of returning these funds to the affected parties.
~1,139,456.20 USDT and 411.05965 ETH have been recovered (see below for the txs)."
https://etherscan.io/tx/0x6e743db045f3738b24c6dedc90bae62c6429f2f7fe8a086394b05a68b8f5867a
https://etherscan.io/tx/0xa0c522f3122ce89f4d20c0c4592574284db841abeabdf3c28d87771fdfe87b91
https://twitter.com/PancakeSwap/status/1371471934999777281
PancakeSwap has DNS hacked
"This is now confirmed.
DO NOT go to the Pancakeswap site until we confirm it is all clear.
NEVER EVER input your seed phrase or private keys on a website.
We are working on recovery now.
Sorry for the trouble."
https://twitter.com/PancakeSwap/status/1371470368058183687
"There is a chance we have been DNS hijacked, the same as @CreamdotFinance.
Until we are able to confirm this is not the case, do not use the site.
We will confirm ASAP.
In the meantime, better safe than sorry.
Please retweet for visibility!
https://twitter.com/creamdotfinance/status/1371448627663491088?s=21"
https://twitter.com/PancakeSwap/status/1371492312681902080
"We have regained access to the DNS.
Some users might still be affected, depending on their DNS resolution as some propagation time may be needed.
Will send another update shortly.
Thanks for waiting."
https://twitter.com/artofyourmind/status/1371494055465472002
"Financial advise: Anyone who had written their seed phrase should create a new account in Trust Wallet and transfer current holdings to the new account (means new seed phrases). Also unstake and send those LPs out to the new account."
$170,000 Iron Finance
Iron Finance DeFi Exploit Explained in Post Mortem
https://beincrypto.com/iron-finance-defi-exploit-explained-post-mortem/
"The latest decentralized finance protocol to get exploited is Iron Finance. The platform lost $170,000 from its liquidity pools following erroneous actions by the team.
Iron Finance is a partially collateralized stablecoin platform based on the Binance Smart Chain (BSC).
It reported that on March 16, two Iron Finance vFarm pools were “subject to an incident”. This ordeal resulted in the loss of user deposits.
It claims that an attacker managed to exploit the system and drain the pools. The bad actor(s) made off with $170,000 worth of its native SIL tokens. These were then sold for BUSD (Binance’s stablecoin) on the markets."
TurtleDex 9000 BNB =2.4M $
Binance Smart Chain Hit By $2.4 Million TurtleDex Exit Scam
"And guess what? There’s no sign of TurtleDex anywhere.
In brief
TurtleDex have exited with 9000 BNB tokens raised from a presale days ago.
The project's online presence has gone dark.
Frequent vanishing acts indicate that the growing DeFi space is still risky business."
https://decrypt.co/62204/binance-smart-chain-hit-by-2-4-million-turtledex-exit-scam
EasyFi DeFi protocol - 6M $
"The founder of the EasyFi DeFi protocol, Ankitt Gaur, published a blog post on April 20 in which he talked about how hackers managed to get to the liquidity pools and withdraw $ 6 million from them."
https://beincrypto.ru/u-defi-protokola-easyfi-ukrali-6-mln-vot-kak-eto-vyshlo/
https://twitter.com/AnkittGaur/status/1384253351492087819
"On Monday, 19th April 2021 our team members reported the transfer of a large amount of EASY and protocol funds from designated contracts & wallets. initial investigation revealed the possibility of compromise of mnemonic phrase."
EasyFi Security Incident. Pre-Post Mortem
https://medium.com/easify-network/easyfi-security-incident-pre-post-mortem-33f2942016e9
Force DAO-$367 000
https://forklog.com/defi-proekt-force-dao-podvergsya-atake-posle-zapuska/
"Force DAO DeFi Project Attacked After Launch
On Sunday, April 4, Force DAO's DeFi Protocol reported a hacker attack a few hours after launch. The FORCE project token has depreciated by 90%.
According to the developers, attackers took advantage of a vulnerability in a smart contract. The team estimated the damage at 183 ETH (~ $ 367,000)."
https://twitter.com/force_dao/status/1378764435553198087?
https://twitter.com/FrankResearcher/status/1378633819599818754
Spartan Protocol -30M
https://twitter.com/SpartanProtocol/status/1388669192228929539
"Spartan Protocol
@SpartanProtocol
What we know so far -
*Attacker used $61m in BNB to overcome the pools via a as yet unknown economic exploit path to remove roughly $30m in funds from the pools.
Reach out if you can help identify and analyse the exploit."
https://bscscan.com/tx/0xb64ae25b0d836c25d115a9368319902c972a0215bd108ae17b1b9617dfb93af8
https://www.coindesk.com/defi-protocol-xtoken-suffers-24-5m-exploit
DeFi Protocol xToken Suffers $24.5M Exploit
The protocol said minting has been paused on all contracts while an investigation takes place.
Decentralized finance (DeFi) protocol xToken said it suffered an exploit Wednesday by an attacker who used flash loans to take $24.5 million.
https://twitter.com/xtokenmarket/status/1392490733588946948?
[moderator's note: consecutive posts merged]
$ 2 million
https://twitter.com/BreederDodo/status/1369098897008648192
"PSA Regarding Recent Exploit on DODO
On March 8, Several DODO V2 Crowdpools were attacked. WSZO, WCRES, ETHA, and FUSI pools were impacted, while AC pool funds have been fully recovered.
Funds in all other pools, including all V1 pools and all non-Crowdpool V2 pools, are safe."
https://twitter.com/BreederDodo/status/1369335145732268033
"UPDATE: $1.89 million has been recovered and our team is in the process of returning these funds to the affected parties.
~1,139,456.20 USDT and 411.05965 ETH have been recovered (see below for the txs)."
https://etherscan.io/tx/0x6e743db045f3738b24c6dedc90bae62c6429f2f7fe8a086394b05a68b8f5867a
https://etherscan.io/tx/0xa0c522f3122ce89f4d20c0c4592574284db841abeabdf3c28d87771fdfe87b91
https://twitter.com/PancakeSwap/status/1371471934999777281
PancakeSwap has DNS hacked
"This is now confirmed.
DO NOT go to the Pancakeswap site until we confirm it is all clear.
NEVER EVER input your seed phrase or private keys on a website.
We are working on recovery now.
Sorry for the trouble."
https://twitter.com/PancakeSwap/status/1371470368058183687
"There is a chance we have been DNS hijacked, the same as @CreamdotFinance.
Until we are able to confirm this is not the case, do not use the site.
We will confirm ASAP.
In the meantime, better safe than sorry.
Please retweet for visibility!
https://twitter.com/creamdotfinance/status/1371448627663491088?s=21"
https://twitter.com/PancakeSwap/status/1371492312681902080
"We have regained access to the DNS.
Some users might still be affected, depending on their DNS resolution as some propagation time may be needed.
Will send another update shortly.
Thanks for waiting."
https://twitter.com/artofyourmind/status/1371494055465472002
"Financial advise: Anyone who had written their seed phrase should create a new account in Trust Wallet and transfer current holdings to the new account (means new seed phrases). Also unstake and send those LPs out to the new account."
$170,000 Iron Finance
Iron Finance DeFi Exploit Explained in Post Mortem
https://beincrypto.com/iron-finance-defi-exploit-explained-post-mortem/
"The latest decentralized finance protocol to get exploited is Iron Finance. The platform lost $170,000 from its liquidity pools following erroneous actions by the team.
Iron Finance is a partially collateralized stablecoin platform based on the Binance Smart Chain (BSC).
It reported that on March 16, two Iron Finance vFarm pools were “subject to an incident”. This ordeal resulted in the loss of user deposits.
It claims that an attacker managed to exploit the system and drain the pools. The bad actor(s) made off with $170,000 worth of its native SIL tokens. These were then sold for BUSD (Binance’s stablecoin) on the markets."
TurtleDex 9000 BNB =2.4M $
Binance Smart Chain Hit By $2.4 Million TurtleDex Exit Scam
"And guess what? There’s no sign of TurtleDex anywhere.
In brief
TurtleDex have exited with 9000 BNB tokens raised from a presale days ago.
The project's online presence has gone dark.
Frequent vanishing acts indicate that the growing DeFi space is still risky business."
https://decrypt.co/62204/binance-smart-chain-hit-by-2-4-million-turtledex-exit-scam
EasyFi DeFi protocol - 6M $
"The founder of the EasyFi DeFi protocol, Ankitt Gaur, published a blog post on April 20 in which he talked about how hackers managed to get to the liquidity pools and withdraw $ 6 million from them."
https://beincrypto.ru/u-defi-protokola-easyfi-ukrali-6-mln-vot-kak-eto-vyshlo/
https://twitter.com/AnkittGaur/status/1384253351492087819
"On Monday, 19th April 2021 our team members reported the transfer of a large amount of EASY and protocol funds from designated contracts & wallets. initial investigation revealed the possibility of compromise of mnemonic phrase."
EasyFi Security Incident. Pre-Post Mortem
https://medium.com/easify-network/easyfi-security-incident-pre-post-mortem-33f2942016e9
Force DAO-$367 000
https://forklog.com/defi-proekt-force-dao-podvergsya-atake-posle-zapuska/
"Force DAO DeFi Project Attacked After Launch
On Sunday, April 4, Force DAO's DeFi Protocol reported a hacker attack a few hours after launch. The FORCE project token has depreciated by 90%.
According to the developers, attackers took advantage of a vulnerability in a smart contract. The team estimated the damage at 183 ETH (~ $ 367,000)."
https://twitter.com/force_dao/status/1378764435553198087?
https://twitter.com/FrankResearcher/status/1378633819599818754
Spartan Protocol -30M
https://twitter.com/SpartanProtocol/status/1388669192228929539
"Spartan Protocol
@SpartanProtocol
What we know so far -
*Attacker used $61m in BNB to overcome the pools via a as yet unknown economic exploit path to remove roughly $30m in funds from the pools.
Reach out if you can help identify and analyse the exploit."
https://bscscan.com/tx/0xb64ae25b0d836c25d115a9368319902c972a0215bd108ae17b1b9617dfb93af8
https://www.coindesk.com/defi-protocol-xtoken-suffers-24-5m-exploit
DeFi Protocol xToken Suffers $24.5M Exploit
The protocol said minting has been paused on all contracts while an investigation takes place.
Decentralized finance (DeFi) protocol xToken said it suffered an exploit Wednesday by an attacker who used flash loans to take $24.5 million.
https://twitter.com/xtokenmarket/status/1392490733588946948?
[moderator's note: consecutive posts merged]
Jump to: