Pages:
Author

Topic: DeFi hacks [history] - page 4. (Read 19375 times)

legendary
Activity: 1820
Merit: 1121
August 09, 2023, 08:44:39 AM
Solana-based decentralized exchange Cypher lost close to $1 million in crypto Monday due to an exploit or security incident.
The protocol’s contracts are now frozen as contributors attempt to make contact with hackers to negotiate a return of funds.
Cypher is one of the fastest-growing protocols on the solana blockchain in part because of its loyalty program, which rewards depositors and traders with points that many users expect is the setup for an airdrop.
The exploit comes during Cypher’s biannual hacker house mtnDAO which it hosts in Salt Lake City alongside fellow Solana trading protocol marginfi. In its discord channel, marginfi said it was not impacted by the hack.

https://www.coindesk.com/business/2023/08/07/solana-based-cypher-protocol-experiences-exploit-freezes-smart-contract/
legendary
Activity: 3010
Merit: 1460
August 06, 2023, 11:37:31 PM
Curve Offers Hackers 10% Bounty in Exchange for Return of Crypto

Curve Finance and other victims of this week’s crypto lending heist have offered their hackers a 10% bounty in exchange for the return of the rest of their tokens.

"You will have no risk of us pursuing this further, no risk of law enforcement issues, etc," Curve, Metronome and Alchemix wrote in an on-chain message sent to a hacker's Ethereum address. The trio gave a deadline of August 6 at 0800 UTC, at which point their bounty will become a vigilante payout to whomever provides information that leads to the hacker's arrest and conviction.

https://markets.businessinsider.com/news/currencies/curve-offers-hackers-10-bounty-in-exchange-for-return-of-crypto-1032514282

https://twitter.com/curvefinance/status/1687180381714358272?


News update. It appears that the hacker did not return the stolen funds to Curve Finance.

Curve is offering a $1.85 million bounty to anyone who can accurately identify the DeFi protocol's exploiter in a way that leads to definitive legal repercussions.

"The deadline for the voluntary return of funds in the Curve exploit passed at 0800 UTC," Curve publicly wrote in an Ethereum transaction's input data, adding: "We now extend the bounty to the public, and offer a reward valued at 10% of remaining exploited funds (currently $1.85M USD) to the person who is able to identify the exploiter in a way that leads to a conviction in the courts."


Source https://www.theblock.co/post/243464/curve-exploit-identity-bounty


However, he returned the funds of 2 DeFi protocols, Alchemix and Jpeg'd which he also sent a message telling eveyone that he was returning them because he was not scared, only returning them because he did not want to ruin the projects.

"I want to clarify that I'm refunding you not because you can find me, it's because I don't want to ruin your project," they explained in a transaction, adding: "Maybe it's a lot of money for a lot of people, but not for me, I'm smarter than all of you."

From the same news source.
legendary
Activity: 1820
Merit: 1121
August 05, 2023, 06:10:39 PM
Curve Offers Hackers 10% Bounty in Exchange for Return of Crypto

Curve Finance and other victims of this week’s crypto lending heist have offered their hackers a 10% bounty in exchange for the return of the rest of their tokens.

"You will have no risk of us pursuing this further, no risk of law enforcement issues, etc," Curve, Metronome and Alchemix wrote in an on-chain message sent to a hacker's Ethereum address. The trio gave a deadline of August 6 at 0800 UTC, at which point their bounty will become a vigilante payout to whomever provides information that leads to the hacker's arrest and conviction.

https://markets.businessinsider.com/news/currencies/curve-offers-hackers-10-bounty-in-exchange-for-return-of-crypto-1032514282

https://twitter.com/curvefinance/status/1687180381714358272?
legendary
Activity: 1932
Merit: 4602
August 02, 2023, 08:36:36 AM
https://beincrypto.com/kannagi-finance-zksync-era-rug-pull/

A Rocky Week for zkSync Era: EraLend Security Breach and Kannagi Finance Rug Pull


Kannagi Finance has walked away with $2.4 million worth of users' assets.
The incident is the first rug pull to affect the scaling solution zkSync Era.
It comes off the back of the $3.4 million hack EraLend suffered earlier.

"EraLend Loses $3.4M in Security Breach
On Tuesday, July 25, cyber attackers pilfered a staggering $3.4 million from EraLend, a lending platform operating on the zkSync Era. In the aftermath, the EraLend team promptly halted all activities.

A subsequent update revealed they had pinpointed a potentially involved crypto exchange account. Furthermore, they suspect that the culprits may have utilized a certain VPN provider to obscure their online tracks.

“We’ve pinpointed a suspicious CEX account that appears to be linked to an individual potentially involved in the incident. We are collaborating closely with the local police department, providing them with all relevant information,” said EraLend."
legendary
Activity: 2590
Merit: 1501
August 01, 2023, 05:06:26 AM
Curve Finance lost $52 million as a result of the hack, this was caused by the exploitation of several liquidity pools as a result of an error in smart contracts using versions 0.2.15, 0.2.16 and 0.3.0. XNUMX.

https://twitter.com/PeckShieldAlert/status/1685794015915229184
legendary
Activity: 1932
Merit: 4602
July 26, 2023, 06:34:21 AM
first ZKsync protocol

https://www.bitcoininsider.org/article/220933/era-lend-zksync-exploited-34m-reentrancy-attack
Era Lend on zkSync exploited for $3.4M in reentrancy attack

The lending app was drained of funds using a “read-only reentrancy” bug, a type of vulnerability that is often difficult for auditors to spot.

"Lending app Era Lend on zkSync has been exploited for $3.4 million worth of crypto, according to a July 25 report from blockchain security firm CertiK. The attacker used a “read-only reentrancy attack” to drain the funds, which is a type of attack that interrupts a multi-step process and then causes it to continue after a malicious action has been performed. Specifically, a “read-only” reentrancy is one that does not update the state of a contract."
hero member
Activity: 812
Merit: 619
July 21, 2023, 10:04:55 AM
https://cointelegraph.com/news/eth-curve-omnipool-platform-conic-finance-hacked-for-3-2-million-in-eth

Curve omnipool platform Conic Finance hacked for $3.2 million in ETH
"According to initial analysis by Peckshield, the root cause for Conic Finance’s hack was the new CurveLPOracleV2 contract.

Conic Finance, a liquidity pool balancing platform for the decentralized finance (DeFi) protocol Curve, has suffered an exploit on the Ethereum omnipool.

Conic Finance has been exploited for $3.26 million in Ether, the Web3 risk-alert source Beosin Alert reported on July 21. Nearly the entire amount of stolen cryptocurrency was sent to a new Ethereum address in just one transaction, according to data provided by Beosin."

sad to see this and fortunately only Ethereum pool exploits and all other pools are safe. according to latest tweet, Conic team has fixed this pool issue now and all withdrawl can be done safely. They also claim that it not possible to exploit Ethereum mining pool gain.

hackers are in the search of finding any small door to enter and trying their best to steal fund. Dex projects should do many security audit to be safe and should close all doors for hackers.
legendary
Activity: 1932
Merit: 4602
July 21, 2023, 09:17:21 AM
https://cointelegraph.com/news/eth-curve-omnipool-platform-conic-finance-hacked-for-3-2-million-in-eth

Curve omnipool platform Conic Finance hacked for $3.2 million in ETH
"According to initial analysis by Peckshield, the root cause for Conic Finance’s hack was the new CurveLPOracleV2 contract.

Conic Finance, a liquidity pool balancing platform for the decentralized finance (DeFi) protocol Curve, has suffered an exploit on the Ethereum omnipool.

Conic Finance has been exploited for $3.26 million in Ether, the Web3 risk-alert source Beosin Alert reported on July 21. Nearly the entire amount of stolen cryptocurrency was sent to a new Ethereum address in just one transaction, according to data provided by Beosin."
legendary
Activity: 1820
Merit: 1121
July 19, 2023, 09:44:12 AM
Rodeo Finance Exploited For $888,000 In Another DeFi Hack on Arbitrum Network

Arbitrum Network-based Rodeo Finance lost 472 ether ($888,000) in a DeFi exploit today.

Blockchain security firm PeckShield revealed that the Rodeo Finance hacker transferred the stolen funds from Arbitrum to Ethereum.

Further analysis revealed that the attacker exchanged the stolen tokens for various other assets before converting them back to ether.

Hackers once again used Oracle manipulation technique to alter price feeds and exploit the platform out of nearly one million dollars worth of crypto.

https://cryptonews.com/news/arbitrum-based-rodeo-finance-exploited.htm
legendary
Activity: 1932
Merit: 4602
July 12, 2023, 09:13:18 AM
add
_____
https://cointelegraph.com/news/arcadia-finance-hacked-on-ethereum-and-optimism-for-455k
DeFi protocol Arcadia Finance hacked on Ethereum and Optimism for $455K
"A loophole in the code allowed the hacker to drain funds worth roughly $455,000 from Arcadia’s Ethereum and Optimism vaults.
A hacker drained approximately $455,000 from noncustodial decentralized finance (DeFi) protocol Arcadia Finance by exploiting a code vulnerability.

Blockchain investigator PeckShield alerted about the hack on Arcadia Finance, highlighting the cause as “the lack of untrusted input validation.” The code supposedly lacked a validation mechanism to cross-check unverified inputs. This loophole allowed the hacker to drain funds worth roughly $455,000 from Ethereum (darcWETH) and Optimism (darcUSDC) vaults."
member
Activity: 308
Merit: 21
Crypto WEB3 Neobank
July 08, 2023, 09:27:34 AM
Sometimes i seen somewhere the Defi hacks and finally i,m really satisfied about Defi hacking news from this post and best way to knowing as well always is better than others news.

It is very sad to read the series of events presented by zasad@ (OP). Of course there are many answers. we have to choose a good platform, store private keys to be safe and so on for let alone for ordinary people. If it's a disaster, even people who understand will also be affected if they have invested because it is safe at the start.

I think this is what a lot of people fear, saving then investing in crypto ends up being a tug of the rug and in vain. so, if this is the condition, who will be held responsible and blamed.
legendary
Activity: 3010
Merit: 1460
July 08, 2023, 04:07:48 AM
@zasad. I am quite shocked that the Multichain bridge was hacked 3 times. The second hack should have been very concerning already, I reckon. After this third hack, I shake my head. Everyone should start being skeptical about the developers and investigate. I also heard some stories that Multichain's CEO was arrested in China on May.

In any case, this is a list of all hacked DeFi bridges. It might be good to add for your list.

https://gist.github.com/cwhinfrey/9fd1bbc31bbcff08fca242b90c7f875d
legendary
Activity: 1932
Merit: 4602
July 07, 2023, 06:57:58 AM
https://www.ibtimes.com/crypto-cons-this-week-multichain-fantom-bridge-loses-126m-aptos-network-compromised-airdrop-scam-3703896
Crypto Cons This Week: Multichain Fantom Bridge Loses $126M, Aptos Network Compromised By Airdrop Scam
"Multichain Fantom bridge lost $126M in WBTC, USDC, DAI, wETH, and Link from the exploit
The official Twitter accounts of the Aptos Network and that of its CEO were hacked on Friday
The hacked accounts posted details about a fraudulent airdrop

The Fantom bridge was looted of funds, approximately around $126 million consisting of crypto assets like WBTC, USDC, DAI, wETH, and Link.

The bad actors siphoned $30.9 million in WBTC, $13.6 million in wETH, and $57 million in USDC from the said bridge."
legendary
Activity: 3010
Merit: 1156
Leading Crypto Sports Betting & Casino Platform
July 04, 2023, 03:44:47 PM
The Poly Network DeFi platform was hacked using a vulnerability in a smart contract, the hacker managed to issue tokens worth billions of dollars, in particular 99 million BNB, 10 billion BUSD, about 100 trillion SHIB, but they were of no value because they were not provided with liquidity. Nevertheless, the hacker was able to withdraw Ethereum for $ 5 million, Poly Network admitted the fact of hacking    

https://twitter.com/PeckShieldAlert/status/1675443876574937088


Hackers famously use bridge attacks for their most successful attacks and Polygon is like a crypto made of bridges. *Surprised pikachu face*
One would think that a crypto project that's moving money for speed of 3 Million transactions per day would need to be iron proof for people to trust their money to it.
Now why would anyone want move real banks to decentralized platforms when they see something like this. Nor they should.

Sadly this won't be the last hack. Far from it.
legendary
Activity: 2590
Merit: 1501
July 04, 2023, 01:32:57 PM
The Poly Network DeFi platform was hacked using a vulnerability in a smart contract, the hacker managed to issue tokens worth billions of dollars, in particular 99 million BNB, 10 billion BUSD, about 100 trillion SHIB, but they were of no value because they were not provided with liquidity. Nevertheless, the hacker was able to withdraw Ethereum for $ 5 million, Poly Network admitted the fact of hacking    

https://twitter.com/PeckShieldAlert/status/1675443876574937088



legendary
Activity: 2492
Merit: 1145
Enterapp Pre-Sale Live - bit.ly/3UrMCWI
June 28, 2023, 01:25:17 PM
According to several reports, Chibi Finance, the decentralized finance (defi) platform built on top of Arbitrum, allegedly executed an exit scam on its users. Blockchain intelligence firm Peckshield provided a detailed account, revealing that approximately $1 million worth of cryptocurrency assets were illicitly withdrawn and converted into Ethereum.
https://news.bitcoin.com/chibi-finance-exit-scam-1-million-cryptocurrency-heist-rocks-defi-platform-on-arbitrum/
Oh no, the fairly new Arbitrum is used as a scam platform by the scammers. It's not the first but I hope this won't encourage other DeFi projects to run as it can surely affect the Arbitrum as a project. With the increasing number of DeFi scams, there might be a time where people won't consider deFi projects as it is prone to being a scam and there might be a chance where a new solution to this DeFi running projects will be born. Of course there's a chance that it will be a trend and people will start transitioning to it as it is better. If everything lines up when a solution comes up, it might be the catalyst of the bull run.
legendary
Activity: 1820
Merit: 1121
June 28, 2023, 12:58:40 PM
According to several reports, Chibi Finance, the decentralized finance (defi) platform built on top of Arbitrum, allegedly executed an exit scam on its users. Blockchain intelligence firm Peckshield provided a detailed account, revealing that approximately $1 million worth of cryptocurrency assets were illicitly withdrawn and converted into Ethereum.
https://news.bitcoin.com/chibi-finance-exit-scam-1-million-cryptocurrency-heist-rocks-defi-platform-on-arbitrum/
legendary
Activity: 1932
Merit: 4602
June 15, 2023, 06:40:42 AM
https://coinmarketcap.com/headlines/news/trading-firm-hashflow-faces-ongoing-exploit-with-600000-lost-so-far-peckshield/
Trading firm Hashflow faces ongoing exploit, with $600,000 lost so far: PeckShield
"Trading firm Hashflow is facing an ongoing exploit that has taken at least $600,000 in ether and arbitrum.

The vulnerability appears to refer to the firm's bridge contract, according to PeckShield. Hashflow offers cross-chain swaps as part of its trading service.

PeckShield said the exploit related to contract approvals. Since the exploit started, it seems that Hashflow has moved to revoke approvals for multiple tokens."
member
Activity: 485
Merit: 10
June 14, 2023, 12:07:48 PM
Sometimes i seen somewhere the Defi hacks and finally i,m really satisfied about Defi hacking news from this post and best way to knowing as well always is better than others news.
legendary
Activity: 1820
Merit: 1121
June 14, 2023, 11:58:56 AM
Decentralized finance (DeFi) platform Sturdy Finance has offered a $100,000 bounty to the hacker that exploited the protocol. The lending platform said that its team won’t pursue the issue further if the attacker accepts the offer.

On June 12, the DeFi platform suffered a loss of almost $800,000 in digital assets when an attacker exploited vulnerabilities within the platform. Security firms pinpointed that the cause of the exploit was a faulty price oracle and the hack was carried out through a reentrancy attack. In response, the platform paused all markets and assured the community that other funds were not at risk.
https://cointelegraph.com/news/defi-protocol-sturdy-finance-offers-100k-bounty-to-hacker-if-funds-are-returned
Pages:
Jump to: