https://www.theblockcrypto.com/post/89368/defi-protocol-cover-exploited-attackers-minted-at-least-40-quintillion-tokens
there is another one, Cover smart contract is exploited for $40 quintillion tokens, and attacker already cashed-out $5 million from the protocol, Binance stopped deposit and price is down 76% at the moment
https://www.coingecko.com/en/coins/cover-protocol
Cover merged with YFI earlier, but Yearn.Finance does not seem under pressure due to exploit, it is flat at the moment
https://www.coingecko.com/en/coins/yearn-finance
https://medium.com/iearn/yearn-cover-merger-651142828c45
Topic: DeFi hacks [history] - page 19. (Read 19377 times)
The very appearance of DEFI inspired people to really hope for development. But as it is now clear, there is a huge field of activity for scammers, you can create a site very quickly, where it is difficult to find the team composition and contacts. Because of this hype, many do not even pay attention to it and blindly give their money. It turns out that one working project immediately appears a bunch of scammers.
Decentralized Finance in the event of a hack, you have no one to complain to, and this is probably the main reason why I do not use DEFI to the full.
Well said, it's the perfect place for scammers to roam about without any fear of getting caught in the process, it's why I feel unreliable on any DeFi projects, I invested in few strong ones like ChainLink but most new DeFi projects are not safe 
How can we know if the developers of Defi are not the same group of people?
@zasad@. Another one for your list hehe. You should add all the losses from the Defi hacks and post how much the total losses are for 2020. We can compare 2020's total with next year's total.
Decentralized finance (DeFi) lending protocol Warp Finance has experienced a flash loan attack that resulted in a loss of $7.7 million worth of stablecoins.
Warp said the attack essentially allowed one user to borrow more funds than their collateral value, resulting in a loss for other users or lenders. Flash loans allow users to borrow funds without collateralization, provided the funds are repaid within a single blockchain transaction.
Source https://www.theblockcrypto.com/linked/88415/defi-warp-finance-attacked-lost-7-7-million-stablecoins
Thank you. I updated the first post.@zasad@. Another one for your list hehe. You should add all the losses from the Defi hacks and post how much the total losses are for 2020. We can compare 2020's total with next year's total.
Decentralized finance (DeFi) lending protocol Warp Finance has experienced a flash loan attack that resulted in a loss of $7.7 million worth of stablecoins.
Warp said the attack essentially allowed one user to borrow more funds than their collateral value, resulting in a loss for other users or lenders. Flash loans allow users to borrow funds without collateralization, provided the funds are repaid within a single blockchain transaction.
Source https://www.theblockcrypto.com/linked/88415/defi-warp-finance-attacked-lost-7-7-million-stablecoins
the hacker returned 75% of the coins
https://twitter.com/warpfinance/status/1340484565090119683?
"On December 20th, 2020 at 0216 UTC we successfully recovered the loan collateral from the exploit, in the form of ETH/DAI-LP tokens. The value is approximately $5.85m, which is ~75% of the $7.76m lost funds."
I do not think that developers are hacking their projects
The rate at which platforms are getting hacked in crypto is quite alarming, and this happens especially when there are types of products being released, if it’s not hack then it’s going to be scammers.
These are serious problems and will be discouraging a lot of people, although the market still seems to be growing despite everything, but that doesn’t mean that all these things that has been happening should be neglected. They shouldn’t be neglected at all, I think that the new devs should always learn a lesson from those that came before them and look into how they can create something more secure, but they never do, it seems like their interest is more on the money.
These are serious problems and will be discouraging a lot of people, although the market still seems to be growing despite everything, but that doesn’t mean that all these things that has been happening should be neglected. They shouldn’t be neglected at all, I think that the new devs should always learn a lesson from those that came before them and look into how they can create something more secure, but they never do, it seems like their interest is more on the money.
@Shallow. This might be either be the developers of Defi are incompetent fools or they are themselves the hackers of their own Defi projects. After what we have witnessed here in the cryptospace, it would not be shocking if hacking own project is the new for of exit scam.
Just in one year and all these DeFi projects has been hacked, is this the future or revolution they promised? Is there a big flaw on Defi concept? Or it is right to say, some of these developers do not have the appropriate skills and experience to develop and manage a Defi project, meaning they just leveraged the hype to create their own projects and make money. To be frank, when I see or hear people saying they can't hold new tokens for a long term, I don't really blame them, because it is clear a very good number of new project's team are not ready for any kind of revolutionary development, but to make money.
On a more serious note, with the high number of DeFi hacks, which doesn't look like it is slowing down anytime soon, one need to be careful of the type of funds in invests in them; who even knows what will happen to most of them next year or as time goes on.
On a more serious note, with the high number of DeFi hacks, which doesn't look like it is slowing down anytime soon, one need to be careful of the type of funds in invests in them; who even knows what will happen to most of them next year or as time goes on.
How can we know if the developers of Defi are not the same group of people?
@zasad@. Another one for your list hehe. You should add all the losses from the Defi hacks and post how much the total losses are for 2020. We can compare 2020's total with next year's total.
Decentralized finance (DeFi) lending protocol Warp Finance has experienced a flash loan attack that resulted in a loss of $7.7 million worth of stablecoins.
Warp said the attack essentially allowed one user to borrow more funds than their collateral value, resulting in a loss for other users or lenders. Flash loans allow users to borrow funds without collateralization, provided the funds are repaid within a single blockchain transaction.
Source https://www.theblockcrypto.com/linked/88415/defi-warp-finance-attacked-lost-7-7-million-stablecoins
@zasad@. Another one for your list hehe. You should add all the losses from the Defi hacks and post how much the total losses are for 2020. We can compare 2020's total with next year's total.
Decentralized finance (DeFi) lending protocol Warp Finance has experienced a flash loan attack that resulted in a loss of $7.7 million worth of stablecoins.
Warp said the attack essentially allowed one user to borrow more funds than their collateral value, resulting in a loss for other users or lenders. Flash loans allow users to borrow funds without collateralization, provided the funds are repaid within a single blockchain transaction.
Source https://www.theblockcrypto.com/linked/88415/defi-warp-finance-attacked-lost-7-7-million-stablecoins
The CEO of decentralized finance (DeFi) insurer Nexus Mutual has lost the equivalent to over $8 million in a targeted attack, the firm disclosed Monday.
https://www.coindesk.com/ceo-of-defi-insurer-nexus-mutual-hacked-for-8m-in-nxm-tokens
"A total of 370,000 of the project’s native NXM tokens were drained from Hugh Karp’s address to one owned by the attacker at 09:40 am UTC, according to data source etherscan.io. The transaction cost 0.00429472 ETH (ETH, -0.72%), or $2.49.
Some of the stolen funds have been transferred via decentralized exchange aggregator 1inch.exchange. “We welcome any assistance to stop the funds, which will likely move quickly,” Nexus said.
"
https://etherscan.io/tx/0x4ddcc21c6de13b3cf472c8d4cdafd80593e0fc286c67ea144a76dbeddb7f3629
https://www.coindesk.com/ceo-of-defi-insurer-nexus-mutual-hacked-for-8m-in-nxm-tokens
"A total of 370,000 of the project’s native NXM tokens were drained from Hugh Karp’s address to one owned by the attacker at 09:40 am UTC, according to data source etherscan.io. The transaction cost 0.00429472 ETH (ETH, -0.72%), or $2.49.
Some of the stolen funds have been transferred via decentralized exchange aggregator 1inch.exchange. “We welcome any assistance to stop the funds, which will likely move quickly,” Nexus said.
"
https://etherscan.io/tx/0x4ddcc21c6de13b3cf472c8d4cdafd80593e0fc286c67ea144a76dbeddb7f3629
This is why I'm skeptical to DeFi projects even though not all DeFi projects are scam still a lot of them turns out to be a scam one. Until now I'm not sure which project I should invest and which one I should avoid.
Most of these are mainly flash loan hack which is on price manipulation
Pickle got exploit today too
However it is not because of price manipulation but contract code exploit
Tbh Defi still had a long way to go because since everything is decentralized, it can't be reverse/pause, which is a heaven for hackers/exploiter
Because if they are capable, they can just take everything
Thus if you invested in similar project, kindly be careful with your funds
Pickle got exploit today too
However it is not because of price manipulation but contract code exploit
Tbh Defi still had a long way to go because since everything is decentralized, it can't be reverse/pause, which is a heaven for hackers/exploiter
Because if they are capable, they can just take everything
Thus if you invested in similar project, kindly be careful with your funds
I like that Dforce was returning the hacked money back to the investors because $25 Million is very big loss indeed.
However, as long as the hacking events exists in crypto, im afraid people will be more reluctant to spend their money on crypto.
That being said, some new real DeFi projects should be created so we can show them that cryptocurrency really brings profit for investors.
However, as long as the hacking events exists in crypto, im afraid people will be more reluctant to spend their money on crypto.
That being said, some new real DeFi projects should be created so we can show them that cryptocurrency really brings profit for investors.
https://decrypt.co/49149/pickle-finance-hack
"DeFi Protocol Pickle Finance Hacked For $20 MillionSomeone drained the DeFi protocol’s cDAI jar.
Pickle Finance, a DeFi protocol, was hacked to the tune of almost $20 million.
The hackers’ approach is still unknown, though some analysts are saying it doesn’t resemble a typical flash loan attack."
https://twitter.com/emilianobonassi/status/1330239233538318339
"The coffers of Pickle Finance, a decentralized finance (DeFi) protocol with a native token that looks suspiciously like Pickle Rick, of Rick and Morty fame, were drained today of $20 million in what appears to be a hack.
Pickle Finance shifts investors’ money around different DeFi protocols to maximise returns, a little like a traditional robo-advisor. "
"DeFi Protocol Pickle Finance Hacked For $20 MillionSomeone drained the DeFi protocol’s cDAI jar.
Pickle Finance, a DeFi protocol, was hacked to the tune of almost $20 million.
The hackers’ approach is still unknown, though some analysts are saying it doesn’t resemble a typical flash loan attack."
https://twitter.com/emilianobonassi/status/1330239233538318339
"The coffers of Pickle Finance, a decentralized finance (DeFi) protocol with a native token that looks suspiciously like Pickle Rick, of Rick and Morty fame, were drained today of $20 million in what appears to be a hack.
Pickle Finance shifts investors’ money around different DeFi protocols to maximise returns, a little like a traditional robo-advisor. "
The development teams from these Defi projects might not know how to cashout from their creation without making it appear that they are dumping. It would not be surprising if the hacks and the thefts on their projects were done by themselves as a form of exit scam.
In any case, another one was hacked.
Origin Protocol co-founder Matthew Liu on Monday night confirmed an attack on the Origin Dollar (OUSD) vault.
"The team is all-hands on deck attempting to figure out what vulnerability was exploited and how the hacker was able to access users’ deposits," he wrote.
Though the exact exploit—some form of flash attack—isn't yet known, the Origin team estimated $7 million—a combination of ETH and DAI stablecoin—had been taken
Source https://decrypt.co/48478/ethereum-based-origin-dollar-hacked-for-estimated-7-million
In any case, another one was hacked.
Origin Protocol co-founder Matthew Liu on Monday night confirmed an attack on the Origin Dollar (OUSD) vault.
"The team is all-hands on deck attempting to figure out what vulnerability was exploited and how the hacker was able to access users’ deposits," he wrote.
Though the exact exploit—some form of flash attack—isn't yet known, the Origin team estimated $7 million—a combination of ETH and DAI stablecoin—had been taken
Source https://decrypt.co/48478/ethereum-based-origin-dollar-hacked-for-estimated-7-million
https://akropolis.substack.com/p/delphi-savings-pool-exploit
"At ~14:36 GMT we noticed a discrepancy in the APYs of our stablecoin pools and identified that ~2.0mn DAI had been drained out of the yCurve and sUSD pools.
These pools had been audited by two independent firms, however, the attack vectors used in the exploit were not identified in either audit. The essence of the exploit in question is a combination of a re-entrancy attack with dYdX flash loan origination.
The Akropolis team is currently working through a number of security procedures. The majority of funds on Akropolis are safe. Here is the current status:
Affected Pools:
YCurve and sUSD pools were drained of ~DAI 2.0mn
The stolen funds are currently held in this wallet: https://etherscan.io/address/0x9f26ae5cd245bfeeb5926d61497550f79d9c6c1c"
https://twitter.com/akropolisio/status/1326962438365966356
"At ~14:36 GMT we noticed a discrepancy in the APYs of our stablecoin pools and identified that ~2.0mn DAI had been drained out of the yCurve and sUSD pools.
These pools had been audited by two independent firms, however, the attack vectors used in the exploit were not identified in either audit. The essence of the exploit in question is a combination of a re-entrancy attack with dYdX flash loan origination.
The Akropolis team is currently working through a number of security procedures. The majority of funds on Akropolis are safe. Here is the current status:
Affected Pools:
YCurve and sUSD pools were drained of ~DAI 2.0mn
The stolen funds are currently held in this wallet: https://etherscan.io/address/0x9f26ae5cd245bfeeb5926d61497550f79d9c6c1c"
https://twitter.com/akropolisio/status/1326962438365966356
@zasad@. Other mainstream news media outlets reported that the hacker returned some if the stolen coins. I reckon that this might be evidence that the hacker was their own developer.
Does everyone expect the hacker to return some of the stolen coins from the goodness of his heart hehehe?
Hacker returned $2.5 million while Harvest Finance authors put out a $100,000 reward for anyone who can return the rest of the funds.
Source https://www.zdnet.com/article/hacker-steals-24-million-from-cryptocurrency-service-harvest-finance/
This statement tweeted by Jesse Powell, Kraken's CEO.
It appears Kraken might become the hackers paradise for stolen Defi tokens and ETH hehe.
However, if the hackers were smart, they should convert their coins to Monero only through Bisq.
It asked eight major exchanges to blacklist Bitcoin addresses used by the hacker, which at least one exchange was reluctant to do. Subtweeting the protocol, Kraken founder Jesse Powell wrote: “Stop fucking up your bullshit DeFi scams and expecting exchanges to bail you out. I will not accept your attempt at externalizing the cost of your hasty, reckless rollout.”
Source https://decrypt.co/46679/harvest-finance-offers-1-million-get-stolen-34-million-back
[moderator's note: consecutive posts merged]
Does everyone expect the hacker to return some of the stolen coins from the goodness of his heart hehehe?
Hacker returned $2.5 million while Harvest Finance authors put out a $100,000 reward for anyone who can return the rest of the funds.
Source https://www.zdnet.com/article/hacker-steals-24-million-from-cryptocurrency-service-harvest-finance/
This statement tweeted by Jesse Powell, Kraken's CEO.
It appears Kraken might become the hackers paradise for stolen Defi tokens and ETH hehe.
However, if the hackers were smart, they should convert their coins to Monero only through Bisq.
It asked eight major exchanges to blacklist Bitcoin addresses used by the hacker, which at least one exchange was reluctant to do. Subtweeting the protocol, Kraken founder Jesse Powell wrote: “Stop fucking up your bullshit DeFi scams and expecting exchanges to bail you out. I will not accept your attempt at externalizing the cost of your hasty, reckless rollout.”
Source https://decrypt.co/46679/harvest-finance-offers-1-million-get-stolen-34-million-back
[moderator's note: consecutive posts merged]
Harvest Finance- 23 million US dollars
https://www.coindesk.com/defi-platform-harvest-finance-exploit
https://twitter.com/WuBlockchain/status/1320589547747512320
"Wu learned that the y pool on the curve was attacked by hackers, with a total loss of more than 23 million US dollars. The main victim is the Chinese project Harvest Finance, which said it is still investigating and security agencies are also participating."
https://twitter.com/harvest_finance/status/1320604294190608385
"We are working actively on the issue of mitigating the economic attack on the Stablecoin and BTC pools, and will update in this thread in realtime as soon as additional details are available"
https://www.coindesk.com/defi-platform-harvest-finance-exploit
https://twitter.com/WuBlockchain/status/1320589547747512320
"Wu learned that the y pool on the curve was attacked by hackers, with a total loss of more than 23 million US dollars. The main victim is the Chinese project Harvest Finance, which said it is still investigating and security agencies are also participating."
https://twitter.com/harvest_finance/status/1320604294190608385
"We are working actively on the issue of mitigating the economic attack on the Stablecoin and BTC pools, and will update in this thread in realtime as soon as additional details are available"
Most of the hack in the list did have that uproar and discussion in most cryptocurrency social media platform. Is not that is not important, it is just that the market sentiment had changed. Most people that endured the bear market have not recovered from the long down trend in the market and dont trust the movement of the price in the market but the whales are more active and wont allow such bad news to spoil the market. they will sustain the traded volume for most of the defi though there could be time to take few profit.
https://leofinance.io/hive-167922/@leofinance/wleo-was-hacked-on-ethereum-or-thank-you-everyone-for-the-amazing-support
"You've probably heard the news by now. The wLEO contract was exposed to a hack earlier today on Ethereum which led to a massive drain on the pool.
Fortunately, many users were quick to realize that these were false transactions and they removed liquidity from the pool as soon as they found out. This reduced the hackers ability to steal ETH from the pool.
Earlier today, we managed to shut down the contract and withdraw the remaining liquidity from the pool (about 114 ETH).
It will take us some time to snapshot the balances before the hack and figure out who had withdrawn liquidity vs. who was still in the pool at the time of the hack, but we will continually work on it and keep you posted on the distribution of this ETH back to LPs.
From what I keep hearing, this has happened to many other pools on Uniswap. The token issuing contract/address gets exposed and then someone takes advantage of it to mint infinite tokens and rug pull the Uniswap pool to steal the Ethereum."
Damage $ 42,000
"You've probably heard the news by now. The wLEO contract was exposed to a hack earlier today on Ethereum which led to a massive drain on the pool.
Fortunately, many users were quick to realize that these were false transactions and they removed liquidity from the pool as soon as they found out. This reduced the hackers ability to steal ETH from the pool.
Earlier today, we managed to shut down the contract and withdraw the remaining liquidity from the pool (about 114 ETH).
It will take us some time to snapshot the balances before the hack and figure out who had withdrawn liquidity vs. who was still in the pool at the time of the hack, but we will continually work on it and keep you posted on the distribution of this ETH back to LPs.
From what I keep hearing, this has happened to many other pools on Uniswap. The token issuing contract/address gets exposed and then someone takes advantage of it to mint infinite tokens and rug pull the Uniswap pool to steal the Ethereum."
Damage $ 42,000
I try to keep track of all defi hacks in this thread. Considering that this topic has become popular in 2020, we can conclude that the number of hacks is not so much,
the amount of stolen funds is much less than the centralized exchanges lose.
Fresh good news
$10 Million Ethereum Vulnerability Patched by Whitehat Hacker
https://fullycrypto.com/10-million-ethereum-vulnerability-patched-by-whitehat-hacker
the amount of stolen funds is much less than the centralized exchanges lose.
Fresh good news
$10 Million Ethereum Vulnerability Patched by Whitehat Hacker
https://fullycrypto.com/10-million-ethereum-vulnerability-patched-by-whitehat-hacker
Hehe the skeptical me is thinking that the whitehat hacker might also be someone from their development team trying to make it appear a 3rd party has audited their code and make the project appear more trustworthy.
Jump to: