How can we know if the developers of Defi are not the same group of people?
@zasad@. Another one for your list hehe. You should add all the losses from the Defi hacks and post how much the total losses are for 2020. We can compare 2020's total with next year's total.
Decentralized finance (DeFi) lending protocol Warp Finance has experienced a flash loan attack that resulted in a loss of $7.7 million worth of stablecoins.
Warp said the attack essentially allowed one user to borrow more funds than their collateral value, resulting in a loss for other users or lenders. Flash loans allow users to borrow funds without collateralization, provided the funds are repaid within a single blockchain transaction.
Source https://www.theblockcrypto.com/linked/88415/defi-warp-finance-attacked-lost-7-7-million-stablecoins
Topic: DeFi hacks [history] - page 19. (Read 19119 times)
The CEO of decentralized finance (DeFi) insurer Nexus Mutual has lost the equivalent to over $8 million in a targeted attack, the firm disclosed Monday.
https://www.coindesk.com/ceo-of-defi-insurer-nexus-mutual-hacked-for-8m-in-nxm-tokens
"A total of 370,000 of the project’s native NXM tokens were drained from Hugh Karp’s address to one owned by the attacker at 09:40 am UTC, according to data source etherscan.io. The transaction cost 0.00429472 ETH (ETH, -0.72%), or $2.49.
Some of the stolen funds have been transferred via decentralized exchange aggregator 1inch.exchange. “We welcome any assistance to stop the funds, which will likely move quickly,” Nexus said.
"
https://etherscan.io/tx/0x4ddcc21c6de13b3cf472c8d4cdafd80593e0fc286c67ea144a76dbeddb7f3629
https://www.coindesk.com/ceo-of-defi-insurer-nexus-mutual-hacked-for-8m-in-nxm-tokens
"A total of 370,000 of the project’s native NXM tokens were drained from Hugh Karp’s address to one owned by the attacker at 09:40 am UTC, according to data source etherscan.io. The transaction cost 0.00429472 ETH (ETH, -0.72%), or $2.49.
Some of the stolen funds have been transferred via decentralized exchange aggregator 1inch.exchange. “We welcome any assistance to stop the funds, which will likely move quickly,” Nexus said.
"
https://etherscan.io/tx/0x4ddcc21c6de13b3cf472c8d4cdafd80593e0fc286c67ea144a76dbeddb7f3629
This is why I'm skeptical to DeFi projects even though not all DeFi projects are scam still a lot of them turns out to be a scam one. Until now I'm not sure which project I should invest and which one I should avoid.
Most of these are mainly flash loan hack which is on price manipulation
Pickle got exploit today too
However it is not because of price manipulation but contract code exploit
Tbh Defi still had a long way to go because since everything is decentralized, it can't be reverse/pause, which is a heaven for hackers/exploiter
Because if they are capable, they can just take everything
Thus if you invested in similar project, kindly be careful with your funds
Pickle got exploit today too
However it is not because of price manipulation but contract code exploit
Tbh Defi still had a long way to go because since everything is decentralized, it can't be reverse/pause, which is a heaven for hackers/exploiter
Because if they are capable, they can just take everything
Thus if you invested in similar project, kindly be careful with your funds
I like that Dforce was returning the hacked money back to the investors because $25 Million is very big loss indeed.
However, as long as the hacking events exists in crypto, im afraid people will be more reluctant to spend their money on crypto.
That being said, some new real DeFi projects should be created so we can show them that cryptocurrency really brings profit for investors.
However, as long as the hacking events exists in crypto, im afraid people will be more reluctant to spend their money on crypto.
That being said, some new real DeFi projects should be created so we can show them that cryptocurrency really brings profit for investors.
https://decrypt.co/49149/pickle-finance-hack
"DeFi Protocol Pickle Finance Hacked For $20 MillionSomeone drained the DeFi protocol’s cDAI jar.
Pickle Finance, a DeFi protocol, was hacked to the tune of almost $20 million.
The hackers’ approach is still unknown, though some analysts are saying it doesn’t resemble a typical flash loan attack."
https://twitter.com/emilianobonassi/status/1330239233538318339
"The coffers of Pickle Finance, a decentralized finance (DeFi) protocol with a native token that looks suspiciously like Pickle Rick, of Rick and Morty fame, were drained today of $20 million in what appears to be a hack.
Pickle Finance shifts investors’ money around different DeFi protocols to maximise returns, a little like a traditional robo-advisor. "
"DeFi Protocol Pickle Finance Hacked For $20 MillionSomeone drained the DeFi protocol’s cDAI jar.
Pickle Finance, a DeFi protocol, was hacked to the tune of almost $20 million.
The hackers’ approach is still unknown, though some analysts are saying it doesn’t resemble a typical flash loan attack."
https://twitter.com/emilianobonassi/status/1330239233538318339
"The coffers of Pickle Finance, a decentralized finance (DeFi) protocol with a native token that looks suspiciously like Pickle Rick, of Rick and Morty fame, were drained today of $20 million in what appears to be a hack.
Pickle Finance shifts investors’ money around different DeFi protocols to maximise returns, a little like a traditional robo-advisor. "
The development teams from these Defi projects might not know how to cashout from their creation without making it appear that they are dumping. It would not be surprising if the hacks and the thefts on their projects were done by themselves as a form of exit scam.
In any case, another one was hacked.
Origin Protocol co-founder Matthew Liu on Monday night confirmed an attack on the Origin Dollar (OUSD) vault.
"The team is all-hands on deck attempting to figure out what vulnerability was exploited and how the hacker was able to access users’ deposits," he wrote.
Though the exact exploit—some form of flash attack—isn't yet known, the Origin team estimated $7 million—a combination of ETH and DAI stablecoin—had been taken
Source https://decrypt.co/48478/ethereum-based-origin-dollar-hacked-for-estimated-7-million
In any case, another one was hacked.
Origin Protocol co-founder Matthew Liu on Monday night confirmed an attack on the Origin Dollar (OUSD) vault.
"The team is all-hands on deck attempting to figure out what vulnerability was exploited and how the hacker was able to access users’ deposits," he wrote.
Though the exact exploit—some form of flash attack—isn't yet known, the Origin team estimated $7 million—a combination of ETH and DAI stablecoin—had been taken
Source https://decrypt.co/48478/ethereum-based-origin-dollar-hacked-for-estimated-7-million
https://akropolis.substack.com/p/delphi-savings-pool-exploit
"At ~14:36 GMT we noticed a discrepancy in the APYs of our stablecoin pools and identified that ~2.0mn DAI had been drained out of the yCurve and sUSD pools.
These pools had been audited by two independent firms, however, the attack vectors used in the exploit were not identified in either audit. The essence of the exploit in question is a combination of a re-entrancy attack with dYdX flash loan origination.
The Akropolis team is currently working through a number of security procedures. The majority of funds on Akropolis are safe. Here is the current status:
Affected Pools:
YCurve and sUSD pools were drained of ~DAI 2.0mn
The stolen funds are currently held in this wallet: https://etherscan.io/address/0x9f26ae5cd245bfeeb5926d61497550f79d9c6c1c"
https://twitter.com/akropolisio/status/1326962438365966356
"At ~14:36 GMT we noticed a discrepancy in the APYs of our stablecoin pools and identified that ~2.0mn DAI had been drained out of the yCurve and sUSD pools.
These pools had been audited by two independent firms, however, the attack vectors used in the exploit were not identified in either audit. The essence of the exploit in question is a combination of a re-entrancy attack with dYdX flash loan origination.
The Akropolis team is currently working through a number of security procedures. The majority of funds on Akropolis are safe. Here is the current status:
Affected Pools:
YCurve and sUSD pools were drained of ~DAI 2.0mn
The stolen funds are currently held in this wallet: https://etherscan.io/address/0x9f26ae5cd245bfeeb5926d61497550f79d9c6c1c"
https://twitter.com/akropolisio/status/1326962438365966356
@zasad@. Other mainstream news media outlets reported that the hacker returned some if the stolen coins. I reckon that this might be evidence that the hacker was their own developer.
Does everyone expect the hacker to return some of the stolen coins from the goodness of his heart hehehe?
Hacker returned $2.5 million while Harvest Finance authors put out a $100,000 reward for anyone who can return the rest of the funds.
Source https://www.zdnet.com/article/hacker-steals-24-million-from-cryptocurrency-service-harvest-finance/
This statement tweeted by Jesse Powell, Kraken's CEO.
It appears Kraken might become the hackers paradise for stolen Defi tokens and ETH hehe.
However, if the hackers were smart, they should convert their coins to Monero only through Bisq.
It asked eight major exchanges to blacklist Bitcoin addresses used by the hacker, which at least one exchange was reluctant to do. Subtweeting the protocol, Kraken founder Jesse Powell wrote: “Stop fucking up your bullshit DeFi scams and expecting exchanges to bail you out. I will not accept your attempt at externalizing the cost of your hasty, reckless rollout.”
Source https://decrypt.co/46679/harvest-finance-offers-1-million-get-stolen-34-million-back
[moderator's note: consecutive posts merged]
Does everyone expect the hacker to return some of the stolen coins from the goodness of his heart hehehe?
Hacker returned $2.5 million while Harvest Finance authors put out a $100,000 reward for anyone who can return the rest of the funds.
Source https://www.zdnet.com/article/hacker-steals-24-million-from-cryptocurrency-service-harvest-finance/
This statement tweeted by Jesse Powell, Kraken's CEO.
It appears Kraken might become the hackers paradise for stolen Defi tokens and ETH hehe.
However, if the hackers were smart, they should convert their coins to Monero only through Bisq.
It asked eight major exchanges to blacklist Bitcoin addresses used by the hacker, which at least one exchange was reluctant to do. Subtweeting the protocol, Kraken founder Jesse Powell wrote: “Stop fucking up your bullshit DeFi scams and expecting exchanges to bail you out. I will not accept your attempt at externalizing the cost of your hasty, reckless rollout.”
Source https://decrypt.co/46679/harvest-finance-offers-1-million-get-stolen-34-million-back
[moderator's note: consecutive posts merged]
Harvest Finance- 23 million US dollars
https://www.coindesk.com/defi-platform-harvest-finance-exploit
https://twitter.com/WuBlockchain/status/1320589547747512320
"Wu learned that the y pool on the curve was attacked by hackers, with a total loss of more than 23 million US dollars. The main victim is the Chinese project Harvest Finance, which said it is still investigating and security agencies are also participating."
https://twitter.com/harvest_finance/status/1320604294190608385
"We are working actively on the issue of mitigating the economic attack on the Stablecoin and BTC pools, and will update in this thread in realtime as soon as additional details are available"
https://www.coindesk.com/defi-platform-harvest-finance-exploit
https://twitter.com/WuBlockchain/status/1320589547747512320
"Wu learned that the y pool on the curve was attacked by hackers, with a total loss of more than 23 million US dollars. The main victim is the Chinese project Harvest Finance, which said it is still investigating and security agencies are also participating."
https://twitter.com/harvest_finance/status/1320604294190608385
"We are working actively on the issue of mitigating the economic attack on the Stablecoin and BTC pools, and will update in this thread in realtime as soon as additional details are available"
Most of the hack in the list did have that uproar and discussion in most cryptocurrency social media platform. Is not that is not important, it is just that the market sentiment had changed. Most people that endured the bear market have not recovered from the long down trend in the market and dont trust the movement of the price in the market but the whales are more active and wont allow such bad news to spoil the market. they will sustain the traded volume for most of the defi though there could be time to take few profit.
https://leofinance.io/hive-167922/@leofinance/wleo-was-hacked-on-ethereum-or-thank-you-everyone-for-the-amazing-support
"You've probably heard the news by now. The wLEO contract was exposed to a hack earlier today on Ethereum which led to a massive drain on the pool.
Fortunately, many users were quick to realize that these were false transactions and they removed liquidity from the pool as soon as they found out. This reduced the hackers ability to steal ETH from the pool.
Earlier today, we managed to shut down the contract and withdraw the remaining liquidity from the pool (about 114 ETH).
It will take us some time to snapshot the balances before the hack and figure out who had withdrawn liquidity vs. who was still in the pool at the time of the hack, but we will continually work on it and keep you posted on the distribution of this ETH back to LPs.
From what I keep hearing, this has happened to many other pools on Uniswap. The token issuing contract/address gets exposed and then someone takes advantage of it to mint infinite tokens and rug pull the Uniswap pool to steal the Ethereum."
Damage $ 42,000
"You've probably heard the news by now. The wLEO contract was exposed to a hack earlier today on Ethereum which led to a massive drain on the pool.
Fortunately, many users were quick to realize that these were false transactions and they removed liquidity from the pool as soon as they found out. This reduced the hackers ability to steal ETH from the pool.
Earlier today, we managed to shut down the contract and withdraw the remaining liquidity from the pool (about 114 ETH).
It will take us some time to snapshot the balances before the hack and figure out who had withdrawn liquidity vs. who was still in the pool at the time of the hack, but we will continually work on it and keep you posted on the distribution of this ETH back to LPs.
From what I keep hearing, this has happened to many other pools on Uniswap. The token issuing contract/address gets exposed and then someone takes advantage of it to mint infinite tokens and rug pull the Uniswap pool to steal the Ethereum."
Damage $ 42,000
I try to keep track of all defi hacks in this thread. Considering that this topic has become popular in 2020, we can conclude that the number of hacks is not so much,
the amount of stolen funds is much less than the centralized exchanges lose.
Fresh good news
$10 Million Ethereum Vulnerability Patched by Whitehat Hacker
https://fullycrypto.com/10-million-ethereum-vulnerability-patched-by-whitehat-hacker
the amount of stolen funds is much less than the centralized exchanges lose.
Fresh good news
$10 Million Ethereum Vulnerability Patched by Whitehat Hacker
https://fullycrypto.com/10-million-ethereum-vulnerability-patched-by-whitehat-hacker
Hehe the skeptical me is thinking that the whitehat hacker might also be someone from their development team trying to make it appear a 3rd party has audited their code and make the project appear more trustworthy.
I try to keep track of all defi hacks in this thread. Considering that this topic has become popular in 2020, we can conclude that the number of hacks is not so much,
the amount of stolen funds is much less than the centralized exchanges lose.
Fresh good news
$10 Million Ethereum Vulnerability Patched by Whitehat Hacker
https://fullycrypto.com/10-million-ethereum-vulnerability-patched-by-whitehat-hacker
the amount of stolen funds is much less than the centralized exchanges lose.
Fresh good news
$10 Million Ethereum Vulnerability Patched by Whitehat Hacker
https://fullycrypto.com/10-million-ethereum-vulnerability-patched-by-whitehat-hacker
Hehe the skeptical me is thinking that the whitehat hacker might also be someone from their development team trying to make it appear a 3rd party has audited their code and make the project appear more trustworthy.
@zasad@. The skeptical me thinks that this is the beginning of the Defi exit scams. He tweeted about his not completed and unaudited smart contract and then suddenly from his deployer account, an attacker deposited $8 million?
can we say some of them are inside job? and i do agree most of these defis will one by one disappear in no time. as they collect their share from the market, the people behind the project are thinking of ways how to get away from their scheme.
and ive seen that some hacks are due to the bug in their system. i believe a lot of these DeFis are not yet ready to deploy their network, however, owed to the ambitious goal of taking advantage of the hype, they situated themselves to vulnerability attack. guess, we will be seeing more projects in the list. or is there a list already for all the defi exit scams?
I try to keep track of all defi hacks in this thread. Considering that this topic has become popular in 2020, we can conclude that the number of hacks is not so much,
the amount of stolen funds is much less than the centralized exchanges lose.
Fresh good news
$10 Million Ethereum Vulnerability Patched by Whitehat Hacker
https://fullycrypto.com/10-million-ethereum-vulnerability-patched-by-whitehat-hacker
the amount of stolen funds is much less than the centralized exchanges lose.
Fresh good news
$10 Million Ethereum Vulnerability Patched by Whitehat Hacker
https://fullycrypto.com/10-million-ethereum-vulnerability-patched-by-whitehat-hacker
@zasad@. The skeptical me thinks that this is the beginning of the Defi exit scams. He tweeted about his not completed and unaudited smart contract and then suddenly from his deployer account, an attacker deposited $8 million?
https://decrypt.co/43203/hackers-drain-15-million-from-unreleased-yearn-finance-project
Hackers Drain $15 Million From ‘Unreleased’ Yearn Finance Project
"A smart contract vulnerability allowed hackers to mint unlimited tokens and sell those for millions of dollars—before returning half the funds to Yearn founder Andre Cronje.
In brief
Hackers targeted a smart contract vulnerability in an upcoming project by Yearn founder Andre Cronje.
They managed to steal over $15 million; but returned $8 million to a wallet owned by Cronje.
The "test in prod" approach proved costly, as Cronje alleged received threats after the hack. "
Hackers Drain $15 Million From ‘Unreleased’ Yearn Finance Project
"A smart contract vulnerability allowed hackers to mint unlimited tokens and sell those for millions of dollars—before returning half the funds to Yearn founder Andre Cronje.
In brief
Hackers targeted a smart contract vulnerability in an upcoming project by Yearn founder Andre Cronje.
They managed to steal over $15 million; but returned $8 million to a wallet owned by Cronje.
The "test in prod" approach proved costly, as Cronje alleged received threats after the hack. "
I can definitely say that DEFI looks more scam than a good project. This is because behind some projects there aren't good teams, the team makes the 80% of the value of the coin, after there is the project. There are good projects with bad teams that will go only in one direction, down
See? There's a lot more coming on the list. It just indicates that DEFI hype projects were being targetted by the scammers. Thus, many investors were already been tricked with this hype. I'm not saying "all defi" but we can just count few of them that are really created for financial decentralized protocols for the enhancement of system and to sustain the sincere innovation.
Jump to: