https://cointelegraph.com/news/eth-curve-omnipool-platform-conic-finance-hacked-for-3-2-million-in-eth
Curve omnipool platform Conic Finance hacked for $3.2 million in ETH
"According to initial analysis by Peckshield, the root cause for Conic Finance’s hack was the new CurveLPOracleV2 contract.
Conic Finance, a liquidity pool balancing platform for the decentralized finance (DeFi) protocol Curve, has suffered an exploit on the Ethereum omnipool.
Conic Finance has been exploited for $3.26 million in Ether, the Web3 risk-alert source Beosin Alert reported on July 21. Nearly the entire amount of stolen cryptocurrency was sent to a new Ethereum address in just one transaction, according to data provided by Beosin."
Topic: DeFi hacks [history] - page 4. (Read 19119 times)
Rodeo Finance Exploited For $888,000 In Another DeFi Hack on Arbitrum Network
Arbitrum Network-based Rodeo Finance lost 472 ether ($888,000) in a DeFi exploit today.
Blockchain security firm PeckShield revealed that the Rodeo Finance hacker transferred the stolen funds from Arbitrum to Ethereum.
Further analysis revealed that the attacker exchanged the stolen tokens for various other assets before converting them back to ether.
Hackers once again used Oracle manipulation technique to alter price feeds and exploit the platform out of nearly one million dollars worth of crypto.
https://cryptonews.com/news/arbitrum-based-rodeo-finance-exploited.htm
Arbitrum Network-based Rodeo Finance lost 472 ether ($888,000) in a DeFi exploit today.
Blockchain security firm PeckShield revealed that the Rodeo Finance hacker transferred the stolen funds from Arbitrum to Ethereum.
Further analysis revealed that the attacker exchanged the stolen tokens for various other assets before converting them back to ether.
Hackers once again used Oracle manipulation technique to alter price feeds and exploit the platform out of nearly one million dollars worth of crypto.
https://cryptonews.com/news/arbitrum-based-rodeo-finance-exploited.htm
add
_____
https://cointelegraph.com/news/arcadia-finance-hacked-on-ethereum-and-optimism-for-455k
DeFi protocol Arcadia Finance hacked on Ethereum and Optimism for $455K
"A loophole in the code allowed the hacker to drain funds worth roughly $455,000 from Arcadia’s Ethereum and Optimism vaults.
A hacker drained approximately $455,000 from noncustodial decentralized finance (DeFi) protocol Arcadia Finance by exploiting a code vulnerability.
Blockchain investigator PeckShield alerted about the hack on Arcadia Finance, highlighting the cause as “the lack of untrusted input validation.” The code supposedly lacked a validation mechanism to cross-check unverified inputs. This loophole allowed the hacker to drain funds worth roughly $455,000 from Ethereum (darcWETH) and Optimism (darcUSDC) vaults."
_____
https://cointelegraph.com/news/arcadia-finance-hacked-on-ethereum-and-optimism-for-455k
DeFi protocol Arcadia Finance hacked on Ethereum and Optimism for $455K
"A loophole in the code allowed the hacker to drain funds worth roughly $455,000 from Arcadia’s Ethereum and Optimism vaults.
A hacker drained approximately $455,000 from noncustodial decentralized finance (DeFi) protocol Arcadia Finance by exploiting a code vulnerability.
Blockchain investigator PeckShield alerted about the hack on Arcadia Finance, highlighting the cause as “the lack of untrusted input validation.” The code supposedly lacked a validation mechanism to cross-check unverified inputs. This loophole allowed the hacker to drain funds worth roughly $455,000 from Ethereum (darcWETH) and Optimism (darcUSDC) vaults."
Sometimes i seen somewhere the Defi hacks and finally i,m really satisfied about Defi hacking news from this post and best way to knowing as well always is better than others news.
It is very sad to read the series of events presented by zasad@ (OP). Of course there are many answers. we have to choose a good platform, store private keys to be safe and so on for let alone for ordinary people. If it's a disaster, even people who understand will also be affected if they have invested because it is safe at the start.
I think this is what a lot of people fear, saving then investing in crypto ends up being a tug of the rug and in vain. so, if this is the condition, who will be held responsible and blamed.
@zasad. I am quite shocked that the Multichain bridge was hacked 3 times. The second hack should have been very concerning already, I reckon. After this third hack, I shake my head. Everyone should start being skeptical about the developers and investigate. I also heard some stories that Multichain's CEO was arrested in China on May.
In any case, this is a list of all hacked DeFi bridges. It might be good to add for your list.
https://gist.github.com/cwhinfrey/9fd1bbc31bbcff08fca242b90c7f875d
In any case, this is a list of all hacked DeFi bridges. It might be good to add for your list.
https://gist.github.com/cwhinfrey/9fd1bbc31bbcff08fca242b90c7f875d
https://www.ibtimes.com/crypto-cons-this-week-multichain-fantom-bridge-loses-126m-aptos-network-compromised-airdrop-scam-3703896
Crypto Cons This Week: Multichain Fantom Bridge Loses $126M, Aptos Network Compromised By Airdrop Scam
"Multichain Fantom bridge lost $126M in WBTC, USDC, DAI, wETH, and Link from the exploit
The official Twitter accounts of the Aptos Network and that of its CEO were hacked on Friday
The hacked accounts posted details about a fraudulent airdrop
The Fantom bridge was looted of funds, approximately around $126 million consisting of crypto assets like WBTC, USDC, DAI, wETH, and Link.
The bad actors siphoned $30.9 million in WBTC, $13.6 million in wETH, and $57 million in USDC from the said bridge."
Crypto Cons This Week: Multichain Fantom Bridge Loses $126M, Aptos Network Compromised By Airdrop Scam
"Multichain Fantom bridge lost $126M in WBTC, USDC, DAI, wETH, and Link from the exploit
The official Twitter accounts of the Aptos Network and that of its CEO were hacked on Friday
The hacked accounts posted details about a fraudulent airdrop
The Fantom bridge was looted of funds, approximately around $126 million consisting of crypto assets like WBTC, USDC, DAI, wETH, and Link.
The bad actors siphoned $30.9 million in WBTC, $13.6 million in wETH, and $57 million in USDC from the said bridge."
The Poly Network DeFi platform was hacked using a vulnerability in a smart contract, the hacker managed to issue tokens worth billions of dollars, in particular 99 million BNB, 10 billion BUSD, about 100 trillion SHIB, but they were of no value because they were not provided with liquidity. Nevertheless, the hacker was able to withdraw Ethereum for $ 5 million, Poly Network admitted the fact of hacking
https://twitter.com/PeckShieldAlert/status/1675443876574937088
Hackers famously use bridge attacks for their most successful attacks and Polygon is like a crypto made of bridges. *Surprised pikachu face*https://twitter.com/PeckShieldAlert/status/1675443876574937088
One would think that a crypto project that's moving money for speed of 3 Million transactions per day would need to be iron proof for people to trust their money to it.
Now why would anyone want move real banks to decentralized platforms when they see something like this. Nor they should.
Sadly this won't be the last hack. Far from it.
The Poly Network DeFi platform was hacked using a vulnerability in a smart contract, the hacker managed to issue tokens worth billions of dollars, in particular 99 million BNB, 10 billion BUSD, about 100 trillion SHIB, but they were of no value because they were not provided with liquidity. Nevertheless, the hacker was able to withdraw Ethereum for $ 5 million, Poly Network admitted the fact of hacking
https://twitter.com/PeckShieldAlert/status/1675443876574937088
https://twitter.com/PeckShieldAlert/status/1675443876574937088
According to several reports, Chibi Finance, the decentralized finance (defi) platform built on top of Arbitrum, allegedly executed an exit scam on its users. Blockchain intelligence firm Peckshield provided a detailed account, revealing that approximately $1 million worth of cryptocurrency assets were illicitly withdrawn and converted into Ethereum.
https://news.bitcoin.com/chibi-finance-exit-scam-1-million-cryptocurrency-heist-rocks-defi-platform-on-arbitrum/
Oh no, the fairly new Arbitrum is used as a scam platform by the scammers. It's not the first but I hope this won't encourage other DeFi projects to run as it can surely affect the Arbitrum as a project. With the increasing number of DeFi scams, there might be a time where people won't consider deFi projects as it is prone to being a scam and there might be a chance where a new solution to this DeFi running projects will be born. Of course there's a chance that it will be a trend and people will start transitioning to it as it is better. If everything lines up when a solution comes up, it might be the catalyst of the bull run. https://news.bitcoin.com/chibi-finance-exit-scam-1-million-cryptocurrency-heist-rocks-defi-platform-on-arbitrum/
According to several reports, Chibi Finance, the decentralized finance (defi) platform built on top of Arbitrum, allegedly executed an exit scam on its users. Blockchain intelligence firm Peckshield provided a detailed account, revealing that approximately $1 million worth of cryptocurrency assets were illicitly withdrawn and converted into Ethereum.
https://news.bitcoin.com/chibi-finance-exit-scam-1-million-cryptocurrency-heist-rocks-defi-platform-on-arbitrum/
https://news.bitcoin.com/chibi-finance-exit-scam-1-million-cryptocurrency-heist-rocks-defi-platform-on-arbitrum/
https://coinmarketcap.com/headlines/news/trading-firm-hashflow-faces-ongoing-exploit-with-600000-lost-so-far-peckshield/
Trading firm Hashflow faces ongoing exploit, with $600,000 lost so far: PeckShield
"Trading firm Hashflow is facing an ongoing exploit that has taken at least $600,000 in ether and arbitrum.
The vulnerability appears to refer to the firm's bridge contract, according to PeckShield. Hashflow offers cross-chain swaps as part of its trading service.
PeckShield said the exploit related to contract approvals. Since the exploit started, it seems that Hashflow has moved to revoke approvals for multiple tokens."
Trading firm Hashflow faces ongoing exploit, with $600,000 lost so far: PeckShield
"Trading firm Hashflow is facing an ongoing exploit that has taken at least $600,000 in ether and arbitrum.
The vulnerability appears to refer to the firm's bridge contract, according to PeckShield. Hashflow offers cross-chain swaps as part of its trading service.
PeckShield said the exploit related to contract approvals. Since the exploit started, it seems that Hashflow has moved to revoke approvals for multiple tokens."
Sometimes i seen somewhere the Defi hacks and finally i,m really satisfied about Defi hacking news from this post and best way to knowing as well always is better than others news.
Decentralized finance (DeFi) platform Sturdy Finance has offered a $100,000 bounty to the hacker that exploited the protocol. The lending platform said that its team won’t pursue the issue further if the attacker accepts the offer.
On June 12, the DeFi platform suffered a loss of almost $800,000 in digital assets when an attacker exploited vulnerabilities within the platform. Security firms pinpointed that the cause of the exploit was a faulty price oracle and the hack was carried out through a reentrancy attack. In response, the platform paused all markets and assured the community that other funds were not at risk.
https://cointelegraph.com/news/defi-protocol-sturdy-finance-offers-100k-bounty-to-hacker-if-funds-are-returned
On June 12, the DeFi platform suffered a loss of almost $800,000 in digital assets when an attacker exploited vulnerabilities within the platform. Security firms pinpointed that the cause of the exploit was a faulty price oracle and the hack was carried out through a reentrancy attack. In response, the platform paused all markets and assured the community that other funds were not at risk.
https://cointelegraph.com/news/defi-protocol-sturdy-finance-offers-100k-bounty-to-hacker-if-funds-are-returned
https://cryptonews.com/news/new-report-north-koreas-cyber-army-allegedly-stole-3-billion-crypto-fund-nuclear-program.htm
New Report: North Korea's Cyber Army Allegedly Stole $3 Billion in Crypto to Fund Nuclear Program
"According to a recent analysis by The Wall Street Journal, state-sponsored hackers from North Korea have netted more than $3 billion from crypto thefts over the past five years.
The stolen funds have been supplying roughly half of North Korea's ballistic missile program, with defense accounting for a significant portion of the country's expenditure.
The report noted that North Korean hacking groups account for a huge portion of illicit cyber activities, as well as some of the biggest crypto heists ever.
For one, the North Korean Lazarus group of hackers is believed to be behind the hack of Axie Infinity's Ronin blockchain, which saw hackers make off with about $625 million worth of Ethereum and USDC in one of the largest crypto hacks of all time.
“When you look at the amount of funds stolen, [it] would look like an existential threat to what you are building," Aleksander Larsen, chief operating officer at Sky Mavis, told the WSJ.
The gaming company lost the funds after North Korean hackers reached out as a recruiter to an engineer. "
New Report: North Korea's Cyber Army Allegedly Stole $3 Billion in Crypto to Fund Nuclear Program
"According to a recent analysis by The Wall Street Journal, state-sponsored hackers from North Korea have netted more than $3 billion from crypto thefts over the past five years.
The stolen funds have been supplying roughly half of North Korea's ballistic missile program, with defense accounting for a significant portion of the country's expenditure.
The report noted that North Korean hacking groups account for a huge portion of illicit cyber activities, as well as some of the biggest crypto heists ever.
For one, the North Korean Lazarus group of hackers is believed to be behind the hack of Axie Infinity's Ronin blockchain, which saw hackers make off with about $625 million worth of Ethereum and USDC in one of the largest crypto hacks of all time.
“When you look at the amount of funds stolen, [it] would look like an existential threat to what you are building," Aleksander Larsen, chief operating officer at Sky Mavis, told the WSJ.
The gaming company lost the funds after North Korean hackers reached out as a recruiter to an engineer. "
https://www.msn.com/en-us/travel/other/1-this-crypto-coin-is-called-jimbo-2-8m-was-stolen-from-its-devs-in-flash-loan-attack/ar-AA1bUkUz
"Just days after releasing the second – and supposedly more stable and secure – version of its decentralized finance (DeFi) app, Jimbos Protocol over the weekend was hit by attackers who stole stole 4,090 ETH tokens from the project worth about $7.5 million.…
The developers behind the Arbitrum-based app were the apparent victims of a flash loan attack and now are scrambling to track down the light-fingered coders and retrieve the lost funds."
"Just days after releasing the second – and supposedly more stable and secure – version of its decentralized finance (DeFi) app, Jimbos Protocol over the weekend was hit by attackers who stole stole 4,090 ETH tokens from the project worth about $7.5 million.…
The developers behind the Arbitrum-based app were the apparent victims of a flash loan attack and now are scrambling to track down the light-fingered coders and retrieve the lost funds."
The Swaprum team has drained $3M in ETH from the protocol.
Swaprum is an Arbitrum-based decentralized exchange.
SAPR tokens have essentially become worthless following the heist.
Swaprum developers execute $3M heist
Despite their anonymity nature, cryptocurrencies follow the principles of transparency and trust. Nonetheless, exit scams and hacks have been long-term challenges in this space. Recent Swaprum events have reminded market players of the threats that scammers and hackers cause.
https://invezz.com/news/2023/05/20/just-in-sapr-tokens-worthless-following-3m-rug-pull-by-swaprum-developers/
Swaprum is an Arbitrum-based decentralized exchange.
SAPR tokens have essentially become worthless following the heist.
Swaprum developers execute $3M heist
Despite their anonymity nature, cryptocurrencies follow the principles of transparency and trust. Nonetheless, exit scams and hacks have been long-term challenges in this space. Recent Swaprum events have reminded market players of the threats that scammers and hackers cause.
https://invezz.com/news/2023/05/20/just-in-sapr-tokens-worthless-following-3m-rug-pull-by-swaprum-developers/
https://www.worldstockmarket.net/zachxbt-defi-project-fintoch-stole-31-6-million-from-users/
ZachXBT: DeFi project Fintoch stole $31.6 million from users
"DeFi project Fintoch was accused of that. that it may be a pyramid scheme, and its creators stole $31.6 million from users. Blockchain investigator @ZachXBT reported this.
Millions of users have been withdrawn to BNB Chain (formerly Binance Smart Chain) through the Tron and Ethereum networks. @ZachXBT writes that he began to suspect the Fintoch team of fraud after the project’s clients began to regularly report problematic withdrawal of capital from the site."
ZachXBT: DeFi project Fintoch stole $31.6 million from users
"DeFi project Fintoch was accused of that. that it may be a pyramid scheme, and its creators stole $31.6 million from users. Blockchain investigator @ZachXBT reported this.
Millions of users have been withdrawn to BNB Chain (formerly Binance Smart Chain) through the Tron and Ethereum networks. @ZachXBT writes that he began to suspect the Fintoch team of fraud after the project’s clients began to regularly report problematic withdrawal of capital from the site."
Q Blockchain is the only chain with a legal layer that protects users. The constitution is recognized by international law and is enforced by root nodes who are also lawyers.
UNIDENTIFIED INDIVIDUALS SEIZED CONTROL OF TORNADO CASH
On May 20, unknown persons seized control over the control mechanism of the Tornado Cash Ethereum mixer. According to Paradigm analyst samczsun, attackers have already begun to withdraw TORN tokens from smart contracts of the protocol.
According to the expert, unknown people introduced a malicious proposal, the code of which provided the ability to call the function EmergencyStop to update logic after acceptance. With its help, unknown people appropriated 1.2 million votes.
Hackers were able to revoke blocked tokens, transfer assets to the managing smart contract, and stop the router.
The analyst emphasized that attackers cannot withdraw cryptocurrency from separate pools. However, they have already begun to “merge” the blocked votes.
https://www.archyde.com/unidentified-individuals-seized-control-of-tornado-cash/
On May 20, unknown persons seized control over the control mechanism of the Tornado Cash Ethereum mixer. According to Paradigm analyst samczsun, attackers have already begun to withdraw TORN tokens from smart contracts of the protocol.
According to the expert, unknown people introduced a malicious proposal, the code of which provided the ability to call the function EmergencyStop to update logic after acceptance. With its help, unknown people appropriated 1.2 million votes.
Hackers were able to revoke blocked tokens, transfer assets to the managing smart contract, and stop the router.
The analyst emphasized that attackers cannot withdraw cryptocurrency from separate pools. However, they have already begun to “merge” the blocked votes.
https://www.archyde.com/unidentified-individuals-seized-control-of-tornado-cash/
https://cointelegraph.com/news/deus-finance-loses-6m-following-stablecoin-hack
Deus Finance loses $6M following stablecoin hack
"The attacker targeted the BNB Smart Chain and the Arbitrum network, with CoinMarketCap data showing the DEI price dropping 30% following the security incident.
Decentralized finance (DeFi) protocol Deus Finance has lost over $6 million due to a security breach on its stablecoin DEI. The hacker exploited a vulnerability in BNB Smart Chain (BSC) on May 5, according to blockchain security firm PeckShield.
A bot initiated the hack on BSC, which led to a more than $1.3 million loss. The attacker also targeted the Arbitrum network, with ARB/ETH deployments losing over $5 million. Twitter users claimed the token contract had a basic implementation error as the root cause."
Deus Finance loses $6M following stablecoin hack
"The attacker targeted the BNB Smart Chain and the Arbitrum network, with CoinMarketCap data showing the DEI price dropping 30% following the security incident.
Decentralized finance (DeFi) protocol Deus Finance has lost over $6 million due to a security breach on its stablecoin DEI. The hacker exploited a vulnerability in BNB Smart Chain (BSC) on May 5, according to blockchain security firm PeckShield.
A bot initiated the hack on BSC, which led to a more than $1.3 million loss. The attacker also targeted the Arbitrum network, with ARB/ETH deployments losing over $5 million. Twitter users claimed the token contract had a basic implementation error as the root cause."
Jump to: