Topic: DeFi hacks [history] - page 5. (Read 19119 times)
I have always said that all forms of modern finance have advantages and disadvantages. I hope this can be a punch in the face of those who praise DeFi as the best financial instrument. I prefer to think realistically. DeFi or centralization has several advantages. The drawback of being centralized is that all forms of finance are not completely transparent and data manipulation can occur. We also don't have full control over our assertion where we have to follow some rules made by the Bank or other security. And DeFi is very prone to being hijacked and hacked. For those who are really tech savvy it might not be a problem but when it's not your lucky day then you will face some downsides with your Defi.
https://cointelegraph.com/news/level-finance-confirms-1m-exploit-due-to-buggy-smart-contract
Level Finance confirms $1M exploit due to buggy smart contract
An attacker manipulated a “claim multiple” bug in a Level Finance smart contract to steal more than 214,000 LVL tokens from the exchange.
Level Finance informed its 20,000 Twitter followers that more than 214,000 of the exchange’s LVL tokens had been drained and swapped into 3,345 Binance Coin, with an approximate value of $1.01 million.
https://twitter.com/Level__Finance/status/1653140756540825638?
Level Finance confirms $1M exploit due to buggy smart contract
An attacker manipulated a “claim multiple” bug in a Level Finance smart contract to steal more than 214,000 LVL tokens from the exchange.
Level Finance informed its 20,000 Twitter followers that more than 214,000 of the exchange’s LVL tokens had been drained and swapped into 3,345 Binance Coin, with an approximate value of $1.01 million.
https://twitter.com/Level__Finance/status/1653140756540825638?
https://news.coincu.com/183924-breaking-zksync-dex-merlin-hacked-1-82-m/
BREAKING: zkSync DEX Merlin Hacked, $1.82 Million In Stolen Funds
zkSync, a Layer 2 scaling solution for Ethereum, has experienced a significant setback as its DEX Merlin was hacked. The hacker has stolen over $1.82 million in funds, and the LP has been drained.
BREAKING: zkSync DEX Merlin Hacked, $1.82 Million In Stolen Funds
According to the founder of OxScope, 0xBobie, the stolen funds have been identified to be in two wallets:
0x0b8a3ef6307049aa0ff215720ab1fc885007393d
0x2744d62a1e9ab975f4d77fe52e16206464ea79b7
The potential hacker bridged all the stolen funds to Ethereum.
BREAKING: zkSync DEX Merlin Hacked, $1.82 Million In Stolen Funds
zkSync, a Layer 2 scaling solution for Ethereum, has experienced a significant setback as its DEX Merlin was hacked. The hacker has stolen over $1.82 million in funds, and the LP has been drained.
BREAKING: zkSync DEX Merlin Hacked, $1.82 Million In Stolen Funds
According to the founder of OxScope, 0xBobie, the stolen funds have been identified to be in two wallets:
0x0b8a3ef6307049aa0ff215720ab1fc885007393d
0x2744d62a1e9ab975f4d77fe52e16206464ea79b7
The potential hacker bridged all the stolen funds to Ethereum.
Hacker Exploits Hundred Finance Protocol In $7.4 Million Heist
The multi-chain lending protocol hopes to contact its attacker as the HND token value falls 46%.
The multi-chain lending protocol Hundred Finance disclosed Saturday that it lost around $7 million after being hacked on the Ethereum layer-2 blockchain Optimism.
https://decrypt.co/136918/hacker-exploits-hundred-finance-protocol-in-7-4-million-heist
The multi-chain lending protocol hopes to contact its attacker as the HND token value falls 46%.
The multi-chain lending protocol Hundred Finance disclosed Saturday that it lost around $7 million after being hacked on the Ethereum layer-2 blockchain Optimism.
https://decrypt.co/136918/hacker-exploits-hundred-finance-protocol-in-7-4-million-heist
https://www.coindesk.com/business/2023/04/13/defi-protocols-aave-yearn-finance-likely-impacted-in-exploit-peckshield/
DeFi Protocol Yearn Finance Impacted in Nearly $11M Exploit That Occurred Via Aave Version 1
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.
Secure Your Seat
A bug in a token issued by decentralized finance (DeFi) protocol Yearn Finance was impacted in an exploit this morning, security firm PeckShield tweeted, leading to millions of dollars in losses.
Losses could total over $11 million and occurred on Aave version 1, the data suggested. These were spread over U.S. dollar-pegged stablecoins dai (DAI), tether (USDT), USD coin (USDC), Binance USD (BUSD) and tru USD (TUSD).
DeFi Protocol Yearn Finance Impacted in Nearly $11M Exploit That Occurred Via Aave Version 1
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.
Secure Your Seat
A bug in a token issued by decentralized finance (DeFi) protocol Yearn Finance was impacted in an exploit this morning, security firm PeckShield tweeted, leading to millions of dollars in losses.
Losses could total over $11 million and occurred on Aave version 1, the data suggested. These were spread over U.S. dollar-pegged stablecoins dai (DAI), tether (USDT), USD coin (USDC), Binance USD (BUSD) and tru USD (TUSD).
Tether Blacklists MEV Bots Exploiter ‘Sandwich the Ripper’ After ‘Official Requests’
Tether, a centralized entity behind popular stablecoin USDT, has blacklisted an Ethereum validator who had front-run MEV bots, earning $25 million via a sandwich attack.
The exploiter, who called themselves “Sandwich the Ripper,” will no longer be able to receive, send or redeem the $3 million worth of USDT held in their address.
Tether’s decision to blacklist the exploiter has drawn criticism from industry participants.
Uri Klarman, the CEO of bloXrouteLabs, told Blockworks in an interview that the exploiter did exactly what a sandwich bot would do.
“It didn’t hurt the consensus, it didn’t create two blocks at the same time, it gave them an invalid block that didn’t propagate,” Klarman said.
https://blockworks.co/news/tether-blacklists-mev-bots-exploiter
Tether, a centralized entity behind popular stablecoin USDT, has blacklisted an Ethereum validator who had front-run MEV bots, earning $25 million via a sandwich attack.
The exploiter, who called themselves “Sandwich the Ripper,” will no longer be able to receive, send or redeem the $3 million worth of USDT held in their address.
Tether’s decision to blacklist the exploiter has drawn criticism from industry participants.
Uri Klarman, the CEO of bloXrouteLabs, told Blockworks in an interview that the exploiter did exactly what a sandwich bot would do.
“It didn’t hurt the consensus, it didn’t create two blocks at the same time, it gave them an invalid block that didn’t propagate,” Klarman said.
https://blockworks.co/news/tether-blacklists-mev-bots-exploiter
https://decrypt.co/125799/sushiswap-smart-contract-bug-exploited-in-3-3-million-theft
SushiSwap Smart Contract Bug Exploited in $3.3 Million Theft
The decentralized exchange says it's "all hands on deck" and that some of the funds have been recovered.
"A bug introduced into SushiSwap four days ago was exploited late Saturday to drain about $3.3 million worth of Ethereum from a single user's account.
According to a Twitter post by blockchain security and data analytics company PeckShield, a wallet controlled by the victim—a prominent member of the Crypto Twitter community known as Sifu—was targeted by an "approve-related bug" in SushiSwap's RouterProcessor2 contract to steal about 1,800 ETH."
SushiSwap Smart Contract Bug Exploited in $3.3 Million Theft
The decentralized exchange says it's "all hands on deck" and that some of the funds have been recovered.
"A bug introduced into SushiSwap four days ago was exploited late Saturday to drain about $3.3 million worth of Ethereum from a single user's account.
According to a Twitter post by blockchain security and data analytics company PeckShield, a wallet controlled by the victim—a prominent member of the Crypto Twitter community known as Sifu—was targeted by an "approve-related bug" in SushiSwap's RouterProcessor2 contract to steal about 1,800 ETH."
CertiK Analysis presented a report on how much crypto projects lost in Q1 2023.
According to their data, losses of Web3 crypto projects are estimated at $320 million as a result of 207 incidents that occurred between January and March 2023, but this is almost three times less than DEFI losses in Q4 2022 ($950 million) and four times less than in Q1 2022 ($1.3 billion).
The biggest loss in Q1 2023 is considered to be the Euler Finance exploit, which caused damage in the amount of $197 million or more than 60% of the total losses for this period.
In total, we can talk about 90 incidents with exit scams that caused damage to investors by $31,043,335 and 52 incidents with flashloan/oracle manipulation exploits, the damage from which is estimated at $222,963,863
Source: https://www.certik.com/resources/blog/3BaCA6ytR6uLFc1JVvt313-hack3d-the-web3-security-quarterly-report-q1-2023
There is also a video version of the report: https://www.youtube.com/watch?v=oAgLdGl56CE
According to their data, losses of Web3 crypto projects are estimated at $320 million as a result of 207 incidents that occurred between January and March 2023, but this is almost three times less than DEFI losses in Q4 2022 ($950 million) and four times less than in Q1 2022 ($1.3 billion).
The biggest loss in Q1 2023 is considered to be the Euler Finance exploit, which caused damage in the amount of $197 million or more than 60% of the total losses for this period.
In total, we can talk about 90 incidents with exit scams that caused damage to investors by $31,043,335 and 52 incidents with flashloan/oracle manipulation exploits, the damage from which is estimated at $222,963,863
Source: https://www.certik.com/resources/blog/3BaCA6ytR6uLFc1JVvt313-hack3d-the-web3-security-quarterly-report-q1-2023
There is also a video version of the report: https://www.youtube.com/watch?v=oAgLdGl56CE
PeckShield 'Team of leading cryptocurrency security researchers', unveils the alleged design of the attack on the Orion Protocol. Meanwhile, his team said it was only internal funds that were at risk. Orion Protocol was hacked for $3 million thanks to a well-known bug: PeckShield According to a statement shared by a PeckShield representative on Twitter, Orion Protocol, the popular liquidity engine for CEX and DEX, came under a hacker attack.
so they demand 90% of the total assets stolen, do those who demand know who did the theft, or is there some kind of address tracking where the hackers are?
and if that's the case I think the thieves will have a hard time selling the asset since their address has been tagged.
I don't think Ethereum is very difficult to sell or exchange for other coins right now. Euler Finance returned their 90% of the assets, then they will restart the protocol and fix the bugs.
___
https://twitter.com/peckshieldalert/status/1642717704934273030?
In Mar. 2023, $10.9M worth of #NFTs were stolen, representing a 32.72%% decrease from the previous month
Half of the stolen NFTs were quickly sold on marketplaces within 2 hours
~74.9% of the stolen NFTs were first sold on @blur_io, followed by 19.5% on @opensea
The hacker committed a $196 million flash loan attack on the Ethereum-based lending protocol on March 13.
Ethereum-based noncustodial lending protocol Euler Finance is trying to cut a deal with the exploiter that stole millions from its protocol, demanding the hacker returns 90% of the funds they stole within 24 hours or face legal consequences.
https://cointelegraph.com/news/euler-finance-s-offer-to-hacker-keep-20m-or-face-the-law
Ethereum-based noncustodial lending protocol Euler Finance is trying to cut a deal with the exploiter that stole millions from its protocol, demanding the hacker returns 90% of the funds they stole within 24 hours or face legal consequences.
https://cointelegraph.com/news/euler-finance-s-offer-to-hacker-keep-20m-or-face-the-law
so they demand 90% of the total assets stolen, do those who demand know who did the theft, or is there some kind of address tracking where the hackers are?
and if that's the case I think the thieves will have a hard time selling the asset since their address has been tagged.
https://www.blockhead.co/2023/04/04/exploiter-front-runs-25m-from-mev-bots-using-ethereum-validator/
Exploiter Front Runs $25M From MEV Bots Using Ethereum Validator
"Twitter reminds us that the MEV exploit in the code is a feature, not a bug
In smart contract land, it is well known that if there's a vulnerability in the code, it is a feature and not a bug. One sophisticated exploiter albeit with malicious intent had successfully deployed an exploit using an Ethereum validator and a Flashbots MEV-relay to drain a group of MEV bots for a total of $25 million at time of writing.
The exploiter planned the reverse-sandwich attack by essentially honey potting a group of top performing Maximal Extractable Value (MEV) bots after verifying that these bots used his validator on low-liquidity pools throughout an 18-day operation."
https://twitter.com/Mudit__Gupta/status/1642844239733071872?s=19
Exploiter Front Runs $25M From MEV Bots Using Ethereum Validator
"Twitter reminds us that the MEV exploit in the code is a feature, not a bug
In smart contract land, it is well known that if there's a vulnerability in the code, it is a feature and not a bug. One sophisticated exploiter albeit with malicious intent had successfully deployed an exploit using an Ethereum validator and a Flashbots MEV-relay to drain a group of MEV bots for a total of $25 million at time of writing.
The exploiter planned the reverse-sandwich attack by essentially honey potting a group of top performing Maximal Extractable Value (MEV) bots after verifying that these bots used his validator on low-liquidity pools throughout an 18-day operation."
https://twitter.com/Mudit__Gupta/status/1642844239733071872?s=19
Euler Finance hacker returns ‘all of the recoverable funds’
Euler Finance has announced a total possible recovery of all the stolen funds.
The recovery ends the $1 million bounty that Euler Labs had issued.
The total recovery comes after Euler Finance convinced the hacker to return the money.
Euler Finance has today announced that the total refundable funds have been returned twenty-three days after the protocol was hacked.
Euler Finance has announced a total possible recovery of all the stolen funds.
The recovery ends the $1 million bounty that Euler Labs had issued.
The total recovery comes after Euler Finance convinced the hacker to return the money.
Euler Finance has today announced that the total refundable funds have been returned twenty-three days after the protocol was hacked.
https://ambcrypto.com/safemoon-sfm-hackers-say-relax-as-dex-loses-millions-in-exploit/
DEFISafeMoon [SFM]: Hackers say ‘relax’ as DEX loses millions in exploit
Decentralized exchange SafeMoon was exploited to the tune of $8.9 million earlier today.
The hackers took advantage of a public burn bug to drain one of the DEX’s liquidity pools.
Decentralized Finance exchange SafeMoon [SFM] has lost millions of dollars following a compromised liquidity pool. which allowed hackers to exploit the BNB Chain-based DEX. The exploit took place on 29 March and drained $8.9 million from the liquidity pool.
DEFISafeMoon [SFM]: Hackers say ‘relax’ as DEX loses millions in exploit
Decentralized exchange SafeMoon was exploited to the tune of $8.9 million earlier today.
The hackers took advantage of a public burn bug to drain one of the DEX’s liquidity pools.
Decentralized Finance exchange SafeMoon [SFM] has lost millions of dollars following a compromised liquidity pool. which allowed hackers to exploit the BNB Chain-based DEX. The exploit took place on 29 March and drained $8.9 million from the liquidity pool.
Euler Token Gains 28% as Exploiter returns 58,000 Stolen ETH
Euler Finance exploiter returned over 58,000 ETH on March 25 to the DeFi protocol.
Arkham Intelligence reported that the hacker still held over $100 million worth of the stolen assets.
Euler Finance exploiter returned over 58,000 ETH on March 25 to the DeFi protocol.
Arkham Intelligence reported that the hacker still held over $100 million worth of the stolen assets.
Subsequently, on March 28, the hacker returned the balance of 5 million DAi, thereby reimbursing almost all the damage done to the Euler Finance team, which incidentally caused a small pump EUL
https://twitter.com/PeckShieldAlert/status/1640585382843785216
https://etherscan.io/tx/0x92f3110e3239507b4c1d60ffdde14fbae443436f9cb33070383a7a3d9a2b4099
https://blockchain.news/news/kokomo-finance-accused-of-4m-exit-scam
"Kokomo Finance, an open-source and noncustodial lending protocol on Optimism, has been accused of an exit scam worth $4 million. The protocol allegedly plucked user funds via a smart contract loophole, causing the Kokomo Finance token to plummet 95% in value in a matter of minutes. Blockchain security firm CertiK alerted its followers to the situation in a tweet on March 26.
According to CertiK, the deployer of the KOKO token attacked the smart contract code of a wrapped Bitcoin token, cBTC, by resetting the reward speed and pausing the borrow function. An address beginning with "0x5a2d.." then approved the new cBTC smart contract to spend over 7000 Sonne Wrapped Bitcoin (So-WBTC). The attacker then called another command to swap the So-WBTC to the 0x5a2d address, which produced a $4 million profit, according to the security firm."
"Kokomo Finance, an open-source and noncustodial lending protocol on Optimism, has been accused of an exit scam worth $4 million. The protocol allegedly plucked user funds via a smart contract loophole, causing the Kokomo Finance token to plummet 95% in value in a matter of minutes. Blockchain security firm CertiK alerted its followers to the situation in a tweet on March 26.
According to CertiK, the deployer of the KOKO token attacked the smart contract code of a wrapped Bitcoin token, cBTC, by resetting the reward speed and pausing the borrow function. An address beginning with "0x5a2d.." then approved the new cBTC smart contract to spend over 7000 Sonne Wrapped Bitcoin (So-WBTC). The attacker then called another command to swap the So-WBTC to the 0x5a2d address, which produced a $4 million profit, according to the security firm."
Euler Token Gains 28% as Exploiter returns 58,000 Stolen ETH
Euler Finance exploiter returned over 58,000 ETH on March 25 to the DeFi protocol.
Arkham Intelligence reported that the hacker still held over $100 million worth of the stolen assets.
Euler Finance exploiter returned over 58,000 ETH on March 25 to the DeFi protocol.
Arkham Intelligence reported that the hacker still held over $100 million worth of the stolen assets.
Euler Finance Hack Contacted Developers
https://twitter.com/CertiKAlert/status/1638008865055813632?
"Lending platform @eulerfinance received on-chain messages earlier today from the exploiter.
The exploiter seeks to come to an agreement and have "no intention of keeping what is not theirs."
Their full message and the Euler response seen below 👇"
https://forklog.com/news/vzlomshhik-euler-finance-vyshel-na-svyaz-s-razrabotchikami
"Euler representatives responded to the message and offered to contact via EOA or email."
https://twitter.com/CertiKAlert/status/1638008865055813632?
"Lending platform @eulerfinance received on-chain messages earlier today from the exploiter.
The exploiter seeks to come to an agreement and have "no intention of keeping what is not theirs."
Their full message and the Euler response seen below 👇"
https://forklog.com/news/vzlomshhik-euler-finance-vyshel-na-svyaz-s-razrabotchikami
"Euler representatives responded to the message and offered to contact via EOA or email."
hacker returned 3000 ETH to Euler
https://etherscan.io/tx/0x20f89e9f029c1552ac1b1e2346c8305924ac76d9252a84c91a2b3157c669ab6a
https://etherscan.io/tx/0xe57b44752efa79fc06bba4e269738a27add7adb13603c4aa90e0437151e62023
https://etherscan.io/tx/0xc07feca033ff90cfcbeeac71d01daa8898e2cc4a9a22e9704e383740ab0da24a
Euler replied
https://etherscan.io/tx/0xc72d8b553651500c88730573a9839f230a98273dba16d1aad2496c8916ab1d04
https://etherscan.io/tx/0x20f89e9f029c1552ac1b1e2346c8305924ac76d9252a84c91a2b3157c669ab6a
https://etherscan.io/tx/0xe57b44752efa79fc06bba4e269738a27add7adb13603c4aa90e0437151e62023
https://etherscan.io/tx/0xc07feca033ff90cfcbeeac71d01daa8898e2cc4a9a22e9704e383740ab0da24a
Euler replied
https://etherscan.io/tx/0xc72d8b553651500c88730573a9839f230a98273dba16d1aad2496c8916ab1d04
It's amazing that in just 1 year there have been 9 attacks on decentralized finance. it is a challenge for developers to fix the system to cover the loopholes that could be harmful. also to realize a new and better security system.
Yet, we are been advice to move out of centralized exchanges, the losses from centralized exchanges is far more higher than all the losses of defi in combine but still, decentralised finance still have to get better with their security, hackers keeps taking advantage of projects is not encouraging for crypto space altogether, this is why Bitcoin is a much safer digital currency than the others. Jump to: