Pages:
Author

Topic: DeFi hacks [history] - page 18. (Read 19377 times)

sr. member
Activity: 1232
Merit: 379
May 20, 2021, 07:06:53 AM
#81
You can't build a project today without proper/thorough testing before allowing the public to invest what they likely can't afford to risk/lose.
The problem is not really about the testing before going public, but how strong your developers are, a good development teams and site management is a very important factor to consider before embarking on a crypto journey, this should be taken care of thoroughly to avoid hacks and theft on their platform.

Weekly routine check or as the case may be is a good thing to constantly do on a regular to detect any technical fault by following the respective Standard Operating Procedure (SOP).
Ucy
sr. member
Activity: 2674
Merit: 403
Compare rates on different exchanges & swap.
May 20, 2021, 06:00:20 AM
#80
It seems they encourage people to take big risk on the so called DeFi(Decentralized Finance). You can't build a project today without proper/thorough testing before allowing the public to invest what they likely can't afford to risk/lose.
I have previously suggested opening up the DeFi platform to the public so anyone can help review projects based on list of Rules/Standards/Principles that have to be followed before a project is allowed for serious usage. Hope they don't prefer the platform to be takeover and regulated by central authorities.
Bitcoin didn't start with founders requesting people to invest huge amount of money or stake to be part of the network, help secure and keep it decentralized ... it instead paid participants... so that they risk less during its early stage and people probably began to put in money above sensible limits over time as security improves
legendary
Activity: 1932
Merit: 4602
May 20, 2021, 05:02:04 AM
#79
The simplest audit costs from 10 thousand dollars, but the prices for services can reach 100,000 dollars and more.

Pancake Bunny -200 M

https://coinfomania.com/pancake-bunny-1-billion-defi-hack/
"By Wilfred MichaelMAY 20, 2021BREAKING: BSC-based DeFi Project Pancake BUNNY Suffers $1 Billion ExploitDeFi Fulcrum ETH Hacked
Pancake Bunny, a DeFi yield optimizer project built on Binance Smart Chain, has supposedly suffered an exploit that resulted in roughly $1 billion being drained from its smart contracts. The token price has dropped more than 97% in the aftermath while the community awaits an update from the team."
https://twitter.com/PancakeBunnyFin/status/1395173093333680136?



hero member
Activity: 1526
Merit: 597
May 16, 2021, 02:00:16 PM
#78
https://www.coindesk.com/defi-protocol-xtoken-suffers-24-5m-exploit

DeFi Protocol xToken Suffers $24.5M Exploit
The protocol said minting has been paused on all contracts while an investigation takes place.

Decentralized finance (DeFi) protocol xToken said it suffered an exploit Wednesday by an attacker who used flash loans to take $24.5 million.
https://twitter.com/xtokenmarket/status/1392490733588946948?

The list you are providing here is quite shocking, also because I have never heard of many of the hacks. So many projects say they have some certificate from an audit company. It would be interesting to see how many of the DeFi projects listed here had such an audit certificate. Maybe I'll find the time and provide some info on that.
I have come across projects that have been audited by large audit companies and have been hacked. Don't waste your time on this.

https://decrypt.co/70690/defi-hacks-2021-ciphertrace-report
$156 Million Stolen in DeFi Hacks This Year: CipherTrace
"That’s more than was stolen from DeFi protocols in all of 2020.
In brief
$156 million was stolen from DeFi-related hacks between January and April, according to CipherTrace.
That number has risen along with the total amount of money locked up in DeFi."

Then what are those audit certificates worth? It could even be an insider of the audit services provider. Imagine you detect a loophole in the code, you'd be better off hacking that thing than fixing it. I thought I also heard that they provide insurance after they did their audit. Don't which company it was, but given the size of the security breach they'd be out of business with just a single breach anyway.
legendary
Activity: 1932
Merit: 4602
May 13, 2021, 09:31:51 AM
#77
https://www.coindesk.com/defi-protocol-xtoken-suffers-24-5m-exploit

DeFi Protocol xToken Suffers $24.5M Exploit
The protocol said minting has been paused on all contracts while an investigation takes place.

Decentralized finance (DeFi) protocol xToken said it suffered an exploit Wednesday by an attacker who used flash loans to take $24.5 million.
https://twitter.com/xtokenmarket/status/1392490733588946948?

The list you are providing here is quite shocking, also because I have never heard of many of the hacks. So many projects say they have some certificate from an audit company. It would be interesting to see how many of the DeFi projects listed here had such an audit certificate. Maybe I'll find the time and provide some info on that.
I have come across projects that have been audited by large audit companies and have been hacked. Don't waste your time on this.

https://decrypt.co/70690/defi-hacks-2021-ciphertrace-report
$156 Million Stolen in DeFi Hacks This Year: CipherTrace
"That’s more than was stolen from DeFi protocols in all of 2020.
In brief
$156 million was stolen from DeFi-related hacks between January and April, according to CipherTrace.
That number has risen along with the total amount of money locked up in DeFi."



Rari Capital Reports Exploit in ETH Pool; $15M Taken
https://www.coindesk.com/rari-capital-reports-exploit-in-eth-pool
According to Etherscan, $15 million worth of ether was taken.
https://etherscan.io/address/0xcb36b1ee0af68dce5578a487ff2da81282512233

https://nipunp.medium.com/5-8-21-rari-capital-exploit-timeline-analysis-8beda31cbc1a
Rari Exploiter address (same address as Value Defi exploiter on BSC): https://etherscan.io/address/0xcb36b1ee0af68dce5578a487ff2da81282512233
Exploiter net gain: ~2600 ETH (~$10M)

Rari Capital Plans to Refund Stolen $10.6M in Ethereum From Dev Fund
The attack exploited Rari Capital’s integration with Alpha Finance Labs’ ibETH token.
https://www.coindesk.com/rari-capital-loses-ethereum-to-theft


[moderator's note: consecutive posts merged]
hero member
Activity: 1526
Merit: 597
May 12, 2021, 06:31:18 PM
#76
https://www.coindesk.com/defi-protocol-xtoken-suffers-24-5m-exploit

DeFi Protocol xToken Suffers $24.5M Exploit
The protocol said minting has been paused on all contracts while an investigation takes place.

Decentralized finance (DeFi) protocol xToken said it suffered an exploit Wednesday by an attacker who used flash loans to take $24.5 million.
https://twitter.com/xtokenmarket/status/1392490733588946948?

The list you are providing here is quite shocking, also because I have never heard of many of the hacks. So many projects say they have some certificate from an audit company. It would be interesting to see how many of the DeFi projects listed here had such an audit certificate. Maybe I'll find the time and provide some info on that.
legendary
Activity: 1932
Merit: 4602
March 10, 2021, 04:50:05 AM
#75
DODO DEX
$ 2 million

https://twitter.com/BreederDodo/status/1369098897008648192
"PSA Regarding Recent Exploit on DODO

On March 8, Several DODO V2 Crowdpools were attacked. WSZO, WCRES, ETHA, and FUSI pools were impacted, while AC pool funds have been fully recovered.

Funds in all other pools, including all V1 pools and all non-Crowdpool V2 pools, are safe."

https://twitter.com/BreederDodo/status/1369335145732268033
"UPDATE: $1.89 million has been recovered and our team is in the process of returning these funds to the affected parties.

~1,139,456.20 USDT and 411.05965 ETH have been recovered (see below for the txs)."

https://etherscan.io/tx/0x6e743db045f3738b24c6dedc90bae62c6429f2f7fe8a086394b05a68b8f5867a
https://etherscan.io/tx/0xa0c522f3122ce89f4d20c0c4592574284db841abeabdf3c28d87771fdfe87b91




https://twitter.com/PancakeSwap/status/1371471934999777281

PancakeSwap has DNS hacked
"This is now confirmed.

DO NOT go to the Pancakeswap site until we confirm it is all clear.

NEVER EVER input your seed phrase or private keys on a website.

We are working on recovery now.

Sorry for the trouble."

https://twitter.com/PancakeSwap/status/1371470368058183687

"There is a chance we have been DNS hijacked, the same as @CreamdotFinance.

Until we are able to confirm this is not the case, do not use the site.

We will confirm ASAP.

In the meantime, better safe than sorry.

Please retweet for visibility!

https://twitter.com/creamdotfinance/status/1371448627663491088?s=21"



https://twitter.com/PancakeSwap/status/1371492312681902080
"We have regained access to the DNS.

Some users might still be affected, depending on their DNS resolution as some propagation time may be needed.

Will send another update shortly.

Thanks for waiting."

https://twitter.com/artofyourmind/status/1371494055465472002
"Financial advise: Anyone who had written their seed phrase should create a new account in Trust Wallet and transfer current holdings to the new account (means new seed phrases). Also unstake and send those LPs out to the new account."



$170,000  Iron Finance

Iron Finance DeFi Exploit Explained in Post Mortem
https://beincrypto.com/iron-finance-defi-exploit-explained-post-mortem/
"The latest decentralized finance protocol to get exploited is Iron Finance. The platform lost $170,000 from its liquidity pools following erroneous actions by the team.

Iron Finance is a partially collateralized stablecoin platform based on the Binance Smart Chain (BSC).

It reported that on March 16, two Iron Finance vFarm pools were “subject to an incident”. This ordeal resulted in the loss of user deposits.

It claims that an attacker managed to exploit the system and drain the pools. The bad actor(s) made off with $170,000 worth of its native SIL tokens. These were then sold for BUSD (Binance’s stablecoin) on the markets."



TurtleDex 9000 BNB =2.4M $

Binance Smart Chain Hit By $2.4 Million TurtleDex Exit Scam
"And guess what? There’s no sign of TurtleDex anywhere.
In brief
TurtleDex have exited with 9000 BNB tokens raised from a presale days ago.
The project's online presence has gone dark.
Frequent vanishing acts indicate that the growing DeFi space is still risky business."

https://decrypt.co/62204/binance-smart-chain-hit-by-2-4-million-turtledex-exit-scam



EasyFi DeFi protocol - 6M $
"The founder of the EasyFi DeFi protocol, Ankitt Gaur, published a blog post on April 20 in which he talked about how hackers managed to get to the liquidity pools and withdraw $ 6 million from them."
https://beincrypto.ru/u-defi-protokola-easyfi-ukrali-6-mln-vot-kak-eto-vyshlo/

https://twitter.com/AnkittGaur/status/1384253351492087819
"On Monday, 19th April 2021 our team members reported the transfer of a large amount of EASY and protocol funds from designated contracts & wallets. initial investigation revealed the possibility of compromise of mnemonic phrase."

EasyFi Security Incident. Pre-Post Mortem
https://medium.com/easify-network/easyfi-security-incident-pre-post-mortem-33f2942016e9



Force DAO-$367 000
https://forklog.com/defi-proekt-force-dao-podvergsya-atake-posle-zapuska/
"Force DAO DeFi Project Attacked After Launch
On Sunday, April 4, Force DAO's DeFi Protocol reported a hacker attack a few hours after launch. The FORCE project token has depreciated by 90%.
According to the developers, attackers took advantage of a vulnerability in a smart contract. The team estimated the damage at 183 ETH (~ $ 367,000)."
https://twitter.com/force_dao/status/1378764435553198087?
https://twitter.com/FrankResearcher/status/1378633819599818754



Spartan Protocol -30M
https://twitter.com/SpartanProtocol/status/1388669192228929539
"Spartan Protocol
@SpartanProtocol
What we know so far -
*Attacker used $61m in BNB to overcome the pools via a as yet unknown economic exploit path to remove roughly $30m in funds from the pools.

Reach out if you can help identify and analyse the exploit."
https://bscscan.com/tx/0xb64ae25b0d836c25d115a9368319902c972a0215bd108ae17b1b9617dfb93af8



https://www.coindesk.com/defi-protocol-xtoken-suffers-24-5m-exploit

DeFi Protocol xToken Suffers $24.5M Exploit
The protocol said minting has been paused on all contracts while an investigation takes place.

Decentralized finance (DeFi) protocol xToken said it suffered an exploit Wednesday by an attacker who used flash loans to take $24.5 million.
https://twitter.com/xtokenmarket/status/1392490733588946948?

[moderator's note: consecutive posts merged]
full member
Activity: 1904
Merit: 138
★Bitvest.io★ Play Plinko or Invest!
March 05, 2021, 06:28:49 PM
#74
The so called DeFis are such scams. I can't understand how people keep putting their money in such buggy smart contracts which most of them are copy/paste of other smart contracts without any audit and no insurance fund.

Almost all of these defi shitcoins created only for speculation. They won't solve any problem. Guys just avoid locking your saving there. These high APY returns don't worth the risk.

And I believe most of these hacking incidents are inside job. A gentle way to abandon the project along with the investors' money. Seems that the list is going to be longer than centralized crypto-exchanges hacking incidents.

Won't trust my savings to defi platform, unless, it is a very reputable one in the community. The high APY is usually the bait here, but you will never get that profit because they will be dead not even a year of existence.

And thanks for the OP for consolidating this list. Please keep this updated so people here will be reminded about these cases in DeFi and be more vigilant in this industry.
legendary
Activity: 1932
Merit: 4602
February 28, 2021, 09:00:20 AM
#73
The 14th of February
Hacker withdrew $ 37.5 million tokens from Cream Finance's DeFi protocol
https://forklog.com/haker-vyvel-tokeny-na-37-5-mln-iz-defi-protokola-cream-finance/
https://twitter.com/CreamdotFinance/status/1360497502881865729?

https://twitter.com/FrankResearcher/status/1360513422689984512?
"IronBank ($CREAM) was exploited on $37.5M, let’s take a quick look at what happened.

1/ Attacker used Alpha Homora for borrowing sUSD from IronBank.
Each time they borrow twice as much as in the previous one."

The 28th of February

https://twitter.com/furucombo/status/1365743632460910593?
"Today at 4:47 PM UTC the Furucombo proxy was compromised by an attacker. We have deauthorized the relevant components and believe the vulnerability to be patched but we recommend users remove approvals out of an abundance of caution."

DeFi project Furucombo hacked for $ 14 million
https://forklog.com/defi-proekt-furucombo-vzlomali-na-14-mln/

"So what happened to Furucombo"
https://twitter.com/FrankResearcher/status/1365740713334493192



Meerkat Finance  (Binance Smart Chain)
Hackers withdrew from the Meerkat Finance protocol based on the Binance Smart Chain cryptoassets worth ~ $ 32 million (13.96 million BUSD and 73 635 BNB)
https://forklog.com/defi-proekt-meerkat-finance-na-baze-binance-smart-chain-zapodozrili-v-ekzit-skame/

https://twitter.com/WuBlockchain/status/1367410125443493891
"BSC project Meerkat Finance is suspected of being rug, taking away 13.96 million BUSD, and the other 73,635 BNB. MKAT claimed to be hacked and stole all resources. Currently the project website cannot be opened. This may be the largest fraud project on the binance smart chain."



PAID Network (PAID)
$ 3 million
https://www.coingecko.com/en/coins/paid-network

Network data shows that just over 2,000 ETH -- worth roughly $3 million at press time -- was obtained by the attacker after some of the 59.7 million minted PAID tokens were traded on the decentralized exchange service Uniswap. Roughly 2.5 million PAID tokens were sold over the course of 13 transactions, according to Etherscan data.
https://www.theblockcrypto.com/linked/97411/paid-network-token-minting-exploit-eth

PAID Network exploiter nets $3 million in infinite mint attack
https://cointelegraph.com/news/paid-network-exploiter-nets-3-million-in-infinite-mint-attack

[moderator's note: consecutive posts merged]
newbie
Activity: 62
Merit: 0
February 15, 2021, 01:44:58 PM
#72
The so called DeFis are such scams. I can't understand how people keep putting their money in such buggy smart contracts which most of them are copy/paste of other smart contracts without any audit and no insurance fund.

Almost all of these defi shitcoins created only for speculation. They won't solve any problem. Guys just avoid locking your saving there. These high APY returns don't worth the risk.
legendary
Activity: 1932
Merit: 4602
February 15, 2021, 11:05:04 AM
#71
I think 2021 will be more fun!

The dark arts of DeFi are the most profitable.
~$37.5M stolen from @AlphaFinanceLabs in a tale of fake magic, confusion and accusation.
https://twitter.com/RektHQ/status/1360736931693404160
https://rekt.eth.link/alpha-finance-rekt/
legendary
Activity: 3010
Merit: 1460
February 07, 2021, 12:06:12 AM
#70
@zasad@. I might be better to tally the hacked and stolen amounts in no. of coins instead in dollars. The value of those coins might be more than double than their value on the day of the hack or less than double 2 years after the hack.

In any case, what is your speculation for hacked Defi projects for 2021? Will 2021 be more than the hacked amount of 2020 or less hehe?
legendary
Activity: 1932
Merit: 4602
February 06, 2021, 08:13:27 AM
#69
@zasad@. You should add the grand total of the hacked amount of coins in total no. of coins itself for 2020 and compare this with the grand total of hacked coins for 2021 during the end of this year hehe.

The future of Defi or any idea in the cryptospace will depend on security.

I am constantly monitoring updates.
There is a very good report on hacker attacks for 2020

https://decrypt.co/54128/hackers-stole-3-8-billion-in-cryptocurrency-hacks-in-2020
Hackers Stole $3.8 Billion in Cryptocurrency Hacks in 2020
"Cybercriminals stole nearly $3.8 billion worth of different cryptocurrencies in 122 attacks in 2020, but the overall number of attacks is on decline

Dapps, or decentralized apps, running on Ethereum had 47 attacks with a current value of $436.36 million, followed by cryptocurrency exchanges that had 28 attacks ($300.15 million in losses).

Crypto wallets had 27 attacks and were the most lucrative target for the hackers, with $3.03 billion in losses. They also had the biggest average value of stolen assets - 112 million per attack compared to approximately $10 million per attack on dapps or exchanges ($9.28 million and $10.72 million respectively).

There were 12 successful attacks on blockchains themselves last year, bringing the hackers $5.91 million or $492,517 per breach. The most well-known example is probably the series of 51% attacks on the Ethereum Classic network.

There were only a few attacks on dapps based on the Tron and EOS blockchains; each saw just three dapps getting breached. Still, those attacks amounted to $10 million, or around $3.33 million per hack, in case of Tron, and $2.85 million, or $949,416 on average, for an EOS-linked breach.

The values in the study are overinflated though, since monetary losses were calculated based on the January 12, 2021 conversation rates, with Bitcoin changing hands around $34,000 that day. This is compared to how much the cryptocurrencies were worth when they were stolen."

Statistics show that defi projects are not much inferior in security to centralized exchanges. But keep in mind that in 2020, many defi projects have just gained popularity, and centralized exchanges have been operating for many years.
legendary
Activity: 3010
Merit: 1460
February 06, 2021, 12:01:38 AM
#68
@zasad@. You should add the grand total of the hacked amount of coins in total no. of coins itself for 2020 and compare this with the grand total of hacked coins for 2021 during the end of this year hehe.

The future of Defi or any idea in the cryptospace will depend on security.
legendary
Activity: 1932
Merit: 4602
February 05, 2021, 03:40:16 PM
#67
The hardest exploit
https://etherscan.io/tx/0xb094d168dd90fcd0946016b19494a966d3d2c348f57b890410c51425d89166e8
Transaction Fee:3.37117716 Ether and 1M profit (8 out of 9 million were lost in a transaction)

https://cointelegraph.com/news/after-yearn-exploit-attacker-funds-frozen-and-reimbursement-plans-developing
After Yearn exploit, attacker funds frozen and reimbursement plans developing
Seized funds bring the damage down to $9 million as multiple communities ponder the next step in reimbursing user funds
legendary
Activity: 3010
Merit: 1460
February 04, 2021, 10:46:47 PM
#66
@zasad@. Another the first Defi hack of the year for you to tally for 2021 hehehe. You have to assume that the development teams have fixed all the bugs from their systems. However, no. The hackings continue.



Yearn developer banteg, one of the administrators of the DeFi project's website, followed with a few more details: "Yearn DAI v1 vault got exploited, the attacker got away with $2.8m, the vault lost $11m. Deposits into strategies disabled for v1 DAI, TUSD, USDC, USDT vaults while we investigate."

Source https://decrypt.co/56659/14-million-gone-in-yearn-finance-exploit
legendary
Activity: 1932
Merit: 4602
December 28, 2020, 03:06:00 PM
#65
To be honest, I thought that the last hacked  Defi project in 2010 would be Warp Finance.
I think you made a typo, what do you mean 2020 ? :V

But I was wrong and we still have 3 days Smiley
I will keep an eye on the hacking of Defi projects next year, I hope there will be less bad news.
Considering the list on the OP, it is too much to know for the fact that the defi project is simply not safe from hacking cases. Of course it will be very detrimental and i also hope that next year the case can go down.

thanks, I corrected the typo.

Dforce return $ 25 million back !!!
https://twitter.com/lawmaster/status/1252483198115774464?

Hack Prevention
https://decrypt.co/32720/a-cryptocurrency-bug-put-545000-of-defi-funds-at-risk

bZx protocol. Refund 8,000,000 $
https://twitter.com/bZxHQ/status/1305496675474006017

$ 10 Million Ethereum Vulnerability Patched by Whitehat Hacker
https://fullycrypto.com/10-million-ethereum-vulnerability-patched-by-whitehat-hacker

Warp Finance 75% refunded.
https://forklog.com/razrabotchiki-warp-finance-vernuli-75-iz-ukradennyh-7-7-mln/

The defi ecosystem is much better than the management system of centralized exchanges. Everything is clear and transparent here.
hero member
Activity: 1932
Merit: 504
December 28, 2020, 01:48:49 PM
#64
This really makes me decide if I'm going to invest to DeFi projects by just looking at the list you will really know how DeFi projects can scam participants.
Well this list really helps me a lot not to look more into DeFi projects.
legendary
Activity: 2464
Merit: 2094
December 28, 2020, 12:53:02 PM
#63
To be honest, I thought that the last hacked  Defi project in 2010 would be Warp Finance.
I think you made a typo, what do you mean 2020 ? :V

But I was wrong and we still have 3 days Smiley
I will keep an eye on the hacking of Defi projects next year, I hope there will be less bad news.
Considering the list on the OP, it is too much to know for the fact that the defi project is simply not safe from hacking cases. Of course it will be very detrimental and i also hope that next year the case can go down.
legendary
Activity: 1932
Merit: 4602
December 28, 2020, 10:34:40 AM
#62
casperBGD, thanks, you got me on, the first post was updated. To be honest, I thought that the last hacked  Defi project in 2020 would be Warp Finance.
But I was wrong and we still have 3 days Smiley
I will keep an eye on the hacking of Defi projects next year, I hope there will be less bad news.
Pages:
Jump to: