Pages:
Author

Topic: DeFi hacks [history] - page 20. (Read 19555 times)

legendary
Activity: 3192
Merit: 1509
November 17, 2020, 12:05:48 AM
#48
The development teams from these Defi projects might not know how to cashout from their creation without making it appear that they are dumping. It would not be surprising if the hacks and the thefts on their projects were done by themselves as a form of exit scam.

In any case, another one was hacked.



Origin Protocol co-founder Matthew Liu on Monday night confirmed an attack on the Origin Dollar (OUSD) vault.

"The team is all-hands on deck attempting to figure out what vulnerability was exploited and how the hacker was able to access users’ deposits," he wrote.

Though the exact exploit—some form of flash attack—isn't yet known, the Origin team estimated $7 million—a combination of ETH and DAI stablecoin—had been taken


Source https://decrypt.co/48478/ethereum-based-origin-dollar-hacked-for-estimated-7-million
legendary
Activity: 2016
Merit: 4765
November 14, 2020, 08:34:35 AM
#47
https://akropolis.substack.com/p/delphi-savings-pool-exploit

"At ~14:36 GMT we noticed a discrepancy in the APYs of our stablecoin pools and identified that ~2.0mn DAI had been drained out of the yCurve and sUSD pools.

These pools had been audited by two independent firms, however, the attack vectors used in the exploit were not identified in either audit. The essence of the exploit in question is a combination of a re-entrancy attack with dYdX flash loan origination.

The Akropolis team is currently working through a number of security procedures. The majority of funds on Akropolis are safe. Here is the current status:

Affected Pools:

YCurve and sUSD pools were drained of ~DAI 2.0mn

The stolen funds are currently held in this wallet: https://etherscan.io/address/0x9f26ae5cd245bfeeb5926d61497550f79d9c6c1c"


https://twitter.com/akropolisio/status/1326962438365966356
legendary
Activity: 3192
Merit: 1509
October 26, 2020, 08:46:56 PM
#46
@zasad@. Other mainstream news media outlets reported that the hacker returned some if the stolen coins. I reckon that this might be evidence that the hacker was their own developer.

Does everyone expect the hacker to return some of the stolen coins from the goodness of his heart hehehe?



Hacker returned $2.5 million while Harvest Finance authors put out a $100,000 reward for anyone who can return the rest of the funds.

Source https://www.zdnet.com/article/hacker-steals-24-million-from-cryptocurrency-service-harvest-finance/



This statement tweeted by Jesse Powell, Kraken's CEO.

It appears Kraken might become the hackers paradise for stolen Defi tokens and ETH hehe.

However, if the hackers were smart, they should convert their coins to Monero only through Bisq.



It asked eight major exchanges to blacklist Bitcoin addresses used by the hacker, which at least one exchange was reluctant to do. Subtweeting the protocol, Kraken founder Jesse Powell wrote: “Stop fucking up your bullshit DeFi scams and expecting exchanges to bail you out. I will not accept your attempt at externalizing the cost of your hasty, reckless rollout.”

Source https://decrypt.co/46679/harvest-finance-offers-1-million-get-stolen-34-million-back

[moderator's note: consecutive posts merged]
legendary
Activity: 2016
Merit: 4765
October 26, 2020, 04:57:04 AM
#45
Harvest Finance- 23 million US dollars


https://www.coindesk.com/defi-platform-harvest-finance-exploit

https://twitter.com/WuBlockchain/status/1320589547747512320

"Wu learned that the y pool on the curve was attacked by hackers, with a total loss of more than 23 million US dollars. The main victim is the Chinese project Harvest Finance, which said it is still investigating and security agencies are also participating."


https://twitter.com/harvest_finance/status/1320604294190608385
"We are working actively on the issue of mitigating the economic attack on the Stablecoin and BTC pools, and will update in this thread in realtime as soon as additional details are available"
sr. member
Activity: 2240
Merit: 270
SOL.BIOKRIPT.COM
October 12, 2020, 11:12:33 AM
#44
Most of the hack in the list did have that uproar and discussion in most cryptocurrency social media platform. Is not that is not important, it is just that the market sentiment had changed. Most people that endured the bear market have not recovered from the long down trend in the market and dont trust the movement of the price in the market but the whales are more active and wont allow such bad news to spoil the market. they will sustain the traded volume for most of the defi though there could be time to take few profit.
legendary
Activity: 2016
Merit: 4765
October 12, 2020, 11:06:12 AM
#43
https://leofinance.io/hive-167922/@leofinance/wleo-was-hacked-on-ethereum-or-thank-you-everyone-for-the-amazing-support

"You've probably heard the news by now. The wLEO contract was exposed to a hack earlier today on Ethereum which led to a massive drain on the pool.

Fortunately, many users were quick to realize that these were false transactions and they removed liquidity from the pool as soon as they found out. This reduced the hackers ability to steal ETH from the pool.

Earlier today, we managed to shut down the contract and withdraw the remaining liquidity from the pool (about 114 ETH).

It will take us some time to snapshot the balances before the hack and figure out who had withdrawn liquidity vs. who was still in the pool at the time of the hack, but we will continually work on it and keep you posted on the distribution of this ETH back to LPs.

From what I keep hearing, this has happened to many other pools on Uniswap. The token issuing contract/address gets exposed and then someone takes advantage of it to mint infinite tokens and rug pull the Uniswap pool to steal the Ethereum."

Damage $ 42,000
sr. member
Activity: 1162
Merit: 253
October 02, 2020, 06:57:21 PM
#42
I try to keep track of all defi hacks in this thread. Considering that this topic has become popular in 2020, we can conclude that the number of hacks is not so much,
the amount of stolen funds is much less than the centralized exchanges lose.

Fresh good news
$10 Million Ethereum Vulnerability Patched by Whitehat Hacker
https://fullycrypto.com/10-million-ethereum-vulnerability-patched-by-whitehat-hacker

Hehe the skeptical me is thinking that the whitehat hacker might also be someone from their development team trying to make it appear a 3rd party has audited their code and make the project appear more trustworthy.
the possibility could happen because I don't think it's possible if they did the hack with a very high security system it would just make me think maybe someone in development was involved in this hack.
legendary
Activity: 3192
Merit: 1509
October 02, 2020, 06:41:57 PM
#41
I try to keep track of all defi hacks in this thread. Considering that this topic has become popular in 2020, we can conclude that the number of hacks is not so much,
the amount of stolen funds is much less than the centralized exchanges lose.

Fresh good news
$10 Million Ethereum Vulnerability Patched by Whitehat Hacker
https://fullycrypto.com/10-million-ethereum-vulnerability-patched-by-whitehat-hacker

Hehe the skeptical me is thinking that the whitehat hacker might also be someone from their development team trying to make it appear a 3rd party has audited their code and make the project appear more trustworthy.
legendary
Activity: 3122
Merit: 1102
Leading Crypto Sports Betting & Casino Platform
October 01, 2020, 08:41:10 AM
#40
@zasad@. The skeptical me thinks that this is the beginning of the Defi exit scams. He tweeted about his not completed and unaudited smart contract and then suddenly from his deployer account, an attacker deposited $8 million?


can we say some of them are inside job? and i do agree most of these defis will one by one disappear in no time. as they collect their share from the market, the people behind the project are thinking of ways how to get away from their scheme.
 and ive seen that some hacks are due to the bug in their system. i believe a lot of these DeFis are not yet ready to deploy their network, however, owed to the ambitious goal of taking advantage of the hype, they situated themselves to vulnerability attack. guess, we will be seeing more projects in the list. or is there a list already for all the defi exit scams?
legendary
Activity: 2016
Merit: 4765
October 01, 2020, 07:47:39 AM
#39
I try to keep track of all defi hacks in this thread. Considering that this topic has become popular in 2020, we can conclude that the number of hacks is not so much,
the amount of stolen funds is much less than the centralized exchanges lose.

Fresh good news
$10 Million Ethereum Vulnerability Patched by Whitehat Hacker
https://fullycrypto.com/10-million-ethereum-vulnerability-patched-by-whitehat-hacker
legendary
Activity: 3192
Merit: 1509
September 29, 2020, 11:49:29 PM
#38
@zasad@. The skeptical me thinks that this is the beginning of the Defi exit scams. He tweeted about his not completed and unaudited smart contract and then suddenly from his deployer account, an attacker deposited $8 million?

legendary
Activity: 2016
Merit: 4765
September 29, 2020, 02:51:51 AM
#37
https://decrypt.co/43203/hackers-drain-15-million-from-unreleased-yearn-finance-project
Hackers Drain $15 Million From ‘Unreleased’ Yearn Finance Project
"A smart contract vulnerability allowed hackers to mint unlimited tokens and sell those for millions of dollars—before returning half the funds to Yearn founder Andre Cronje.

In brief
Hackers targeted a smart contract vulnerability in an upcoming project by Yearn founder Andre Cronje.
They managed to steal over $15 million; but returned $8 million to a wallet owned by Cronje.
The "test in prod" approach proved costly, as Cronje alleged received threats after the hack. "
legendary
Activity: 1862
Merit: 1327
September 21, 2020, 07:17:39 AM
#36
I can definitely say that DEFI looks more scam than a good project. This is because behind some projects there aren't good teams, the team makes the 80% of the value of the coin, after there is the project. There are good projects with bad teams that will go only in one direction, down
sr. member
Activity: 1358
Merit: 326
September 21, 2020, 07:09:51 AM
#35
See? There's a lot more coming on the list. It just indicates that DEFI hype projects were being targetted by the scammers. Thus, many investors were already been tricked with this hype. I'm not saying "all defi" but we can just count few of them that are really created for financial decentralized protocols for the enhancement of system and to sustain the sincere innovation.
sr. member
Activity: 518
Merit: 256
Living the truth....
September 21, 2020, 12:34:46 AM
#34
please add UNI leakage from metamask wallets , I don't think metamask is a right place to keep money, that is not the first time such a thing happens with metamask , I really don't like it , I would rather trust wallet .
legendary
Activity: 3192
Merit: 1509
September 20, 2020, 09:38:37 PM
#33
@zasad@. Someone should teach the hacker about cryptonote coins hehe.

In any case, this is not a Defi hack article, however, this is also very questionable. It promises that its token's price floor only rises because of the magic of their taxation event.

I reckon paycoin had also a similar promise. The scam did not end very well for them.


Price floor: The price floor increases with every taxation event. This is the lowest possible price the contract will exchange TRIB for mUSD. The mUSD is sent to mStable’s saving contract where it continuously generates interest. As more and more sellers and buyers transact with the protocol, the price floor perpetually moves up. As long as there is buying and selling to the contract, it is impossible for the price floor not to go up over time. While many tokens out there can (and probably will) go to zero, that will be impossible with TRIB — it will have interest bearing capital permanently locked into the protocol.

Source https://medium.com/@defisatoshi2.0/introducing-a-new-paradigm-in-defi-the-pooled-interest-savings-token-171e02691ab9
legendary
Activity: 2016
Merit: 4765
September 16, 2020, 04:24:03 AM
#32
https://twitter.com/bZxHQ/status/1305496675474006017
"We are relieved to announce that the missing funds are now restored. More information will follow.

Stay tuned!"

The stolen funds have been returned.

According to rumors, the hacker was found because he sent money from his wallets to centralized exchanges. His identity has been established.
hero member
Activity: 1344
Merit: 540
September 15, 2020, 04:51:43 AM
#31
@zasad@. bZx was attacked 3 times according to an article from Cryptoslate cryptocoin news outlet. This forces you question the qualifications of the development teams behind those Defi projects. Did they get a coding degree from codecademy.com hehehe?
The thing is that it has been audited by a third party, but didn't capture the bugs itself. So obviously, the blame should be on both the developers and that independent 3rd party. Although my take is that it's really hard to do simulation or create all the test cases because this is fairly new 'technology'.
legendary
Activity: 3192
Merit: 1509
September 14, 2020, 09:30:57 PM
#30
@zasad@. bZx was attacked 3 times according to an article from Cryptoslate cryptocoin news outlet. This forces you question the qualifications of the development teams behind those Defi projects. Did they get a coding degree from codecademy.com hehehe?
legendary
Activity: 2016
Merit: 4765
September 14, 2020, 04:57:08 AM
#29
https://www.theblockcrypto.com/post/77656/defi-protocol-bzx-attacked-lost-8-million-faulty-code
DeFi protocol bZx attacked once again, lost $8 million due to a faulty code

"Quick Take
DeFi lending protocol bZx was attacked once again last night and lost $8 million due to a faulty code.
bZx co-founder Kyle Kistner told The Block that “it’s difficult to say” how this “critical” bug went unidentified by the protocol’s two audit firms Peckshield and Certik."

iToken Duplication Incident Report
https://bzx.network/blog/incident
Pages:
Jump to: