Pages:
Author

Topic: DeFi hacks [history] - page 5. (Read 19387 times)

legendary
Activity: 1932
Merit: 4602
Buy on Amazon with Crypto
June 14, 2023, 06:57:40 AM
https://cryptonews.com/news/new-report-north-koreas-cyber-army-allegedly-stole-3-billion-crypto-fund-nuclear-program.htm
New Report: North Korea's Cyber Army Allegedly Stole $3 Billion in Crypto to Fund Nuclear Program
"According to a recent analysis by The Wall Street Journal, state-sponsored hackers from North Korea have netted more than $3 billion from crypto thefts over the past five years.

The stolen funds have been supplying roughly half of North Korea's ballistic missile program, with defense accounting for a significant portion of the country's expenditure.

The report noted that North Korean hacking groups account for a huge portion of illicit cyber activities, as well as some of the biggest crypto heists ever.

For one, the North Korean Lazarus group of hackers is believed to be behind the hack of Axie Infinity's Ronin blockchain, which saw hackers make off with about $625 million worth of Ethereum and USDC in one of the largest crypto hacks of all time.

“When you look at the amount of funds stolen, [it] would look like an existential threat to what you are building," Aleksander Larsen, chief operating officer at Sky Mavis, told the WSJ.

The gaming company lost the funds after North Korean hackers reached out as a recruiter to an engineer. "
legendary
Activity: 1932
Merit: 4602
Buy on Amazon with Crypto
May 31, 2023, 12:31:22 PM
https://www.msn.com/en-us/travel/other/1-this-crypto-coin-is-called-jimbo-2-8m-was-stolen-from-its-devs-in-flash-loan-attack/ar-AA1bUkUz
"Just days after releasing the second – and supposedly more stable and secure – version of its decentralized finance (DeFi) app, Jimbos Protocol over the weekend was hit by attackers who stole stole 4,090 ETH tokens from the project worth about $7.5 million.…

The developers behind the Arbitrum-based app were the apparent victims of a flash loan attack and now are scrambling to track down the light-fingered coders and retrieve the lost funds."
legendary
Activity: 1834
Merit: 1131
May 31, 2023, 11:35:13 AM
The Swaprum team has drained $3M in ETH from the protocol.
Swaprum is an Arbitrum-based decentralized exchange.
SAPR tokens have essentially become worthless following the heist.
Swaprum developers execute $3M heist
Despite their anonymity nature, cryptocurrencies follow the principles of transparency and trust. Nonetheless, exit scams and hacks have been long-term challenges in this space. Recent Swaprum events have reminded market players of the threats that scammers and hackers cause.

https://invezz.com/news/2023/05/20/just-in-sapr-tokens-worthless-following-3m-rug-pull-by-swaprum-developers/
legendary
Activity: 1932
Merit: 4602
Buy on Amazon with Crypto
May 25, 2023, 07:29:18 AM
https://www.worldstockmarket.net/zachxbt-defi-project-fintoch-stole-31-6-million-from-users/
ZachXBT: DeFi project Fintoch stole $31.6 million from users
"DeFi project Fintoch was accused of that. that it may be a pyramid scheme, and its creators stole $31.6 million from users. Blockchain investigator @ZachXBT reported this.
Millions of users have been withdrawn to BNB Chain (formerly Binance Smart Chain) through the Tron and Ethereum networks. @ZachXBT writes that he began to suspect the Fintoch team of fraud after the project’s clients began to regularly report problematic withdrawal of capital from the site."
jr. member
Activity: 840
Merit: 6
May 22, 2023, 03:40:57 AM
Q Blockchain is the only chain with a legal layer that protects users. The constitution is recognized by international law and is enforced by root nodes who are also lawyers.
legendary
Activity: 1834
Merit: 1131
May 21, 2023, 08:27:37 AM
UNIDENTIFIED INDIVIDUALS SEIZED CONTROL OF TORNADO CASH
On May 20, unknown persons seized control over the control mechanism of the Tornado Cash Ethereum mixer. According to Paradigm analyst samczsun, attackers have already begun to withdraw TORN tokens from smart contracts of the protocol.
According to the expert, unknown people introduced a malicious proposal, the code of which provided the ability to call the function EmergencyStop to update logic after acceptance. With its help, unknown people appropriated 1.2 million votes.

Hackers were able to revoke blocked tokens, transfer assets to the managing smart contract, and stop the router.

The analyst emphasized that attackers cannot withdraw cryptocurrency from separate pools. However, they have already begun to “merge” the blocked votes.

https://www.archyde.com/unidentified-individuals-seized-control-of-tornado-cash/
legendary
Activity: 1932
Merit: 4602
Buy on Amazon with Crypto
May 10, 2023, 02:50:25 PM
https://cointelegraph.com/news/deus-finance-loses-6m-following-stablecoin-hack

Deus Finance loses $6M following stablecoin hack
"The attacker targeted the BNB Smart Chain and the Arbitrum network, with CoinMarketCap data showing the DEI price dropping 30% following the security incident.
Decentralized finance (DeFi) protocol Deus Finance has lost over $6 million due to a security breach on its stablecoin DEI. The hacker exploited a vulnerability in BNB Smart Chain (BSC) on May 5, according to blockchain security firm PeckShield.

A bot initiated the hack on BSC, which led to a more than $1.3 million loss. The attacker also targeted the Arbitrum network, with ARB/ETH deployments losing over $5 million. Twitter users claimed the token contract had a basic implementation error as the root cause."
sr. member
Activity: 1624
Merit: 339
https://duelbits.com/
May 05, 2023, 06:35:30 AM
I have always said that all forms of modern finance have advantages and disadvantages. I hope this can be a punch in the face of those who praise DeFi as the best financial instrument. I prefer to think realistically. DeFi or centralization has several advantages. The drawback of being centralized is that all forms of finance are not completely transparent and data manipulation can occur. We also don't have full control over our assertion where we have to follow some rules made by the Bank or other security. And DeFi is very prone to being hijacked and hacked. For those who are really tech savvy it might not be a problem but when it's not your lucky day then you will face some downsides with your Defi.
legendary
Activity: 1932
Merit: 4602
Buy on Amazon with Crypto
May 03, 2023, 02:30:36 PM
https://cointelegraph.com/news/level-finance-confirms-1m-exploit-due-to-buggy-smart-contract

Level Finance confirms $1M exploit due to buggy smart contract
An attacker manipulated a “claim multiple” bug in a Level Finance smart contract to steal more than 214,000 LVL tokens from the exchange.
Level Finance informed its 20,000 Twitter followers that more than 214,000 of the exchange’s LVL tokens had been drained and swapped into 3,345 Binance Coin, with an approximate value of $1.01 million.
https://twitter.com/Level__Finance/status/1653140756540825638?
legendary
Activity: 1932
Merit: 4602
Buy on Amazon with Crypto
April 26, 2023, 10:10:48 AM
https://news.coincu.com/183924-breaking-zksync-dex-merlin-hacked-1-82-m/

BREAKING: zkSync DEX Merlin Hacked, $1.82 Million In Stolen Funds

zkSync, a Layer 2 scaling solution for Ethereum, has experienced a significant setback as its DEX Merlin was hacked. The hacker has stolen over $1.82 million in funds, and the LP has been drained.
BREAKING: zkSync DEX Merlin Hacked, $1.82 Million In Stolen Funds
According to the founder of OxScope, 0xBobie, the stolen funds have been identified to be in two wallets:

0x0b8a3ef6307049aa0ff215720ab1fc885007393d
0x2744d62a1e9ab975f4d77fe52e16206464ea79b7
The potential hacker bridged all the stolen funds to Ethereum.
legendary
Activity: 1834
Merit: 1131
April 26, 2023, 05:53:14 AM
Hacker Exploits Hundred Finance Protocol In $7.4 Million Heist
The multi-chain lending protocol hopes to contact its attacker as the HND token value falls 46%.
The multi-chain lending protocol Hundred Finance disclosed Saturday that it lost around $7 million after being hacked on the Ethereum layer-2 blockchain Optimism.
https://decrypt.co/136918/hacker-exploits-hundred-finance-protocol-in-7-4-million-heist
legendary
Activity: 1932
Merit: 4602
Buy on Amazon with Crypto
April 19, 2023, 06:16:59 AM
https://www.coindesk.com/business/2023/04/13/defi-protocols-aave-yearn-finance-likely-impacted-in-exploit-peckshield/

DeFi Protocol Yearn Finance Impacted in Nearly $11M Exploit That Occurred Via Aave Version 1

Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.
Secure Your Seat
A bug in a token issued by decentralized finance (DeFi) protocol Yearn Finance was impacted in an exploit this morning, security firm PeckShield tweeted, leading to millions of dollars in losses.
Losses could total over $11 million and occurred on Aave version 1, the data suggested. These were spread over U.S. dollar-pegged stablecoins dai (DAI), tether (USDT), USD coin (USDC), Binance USD (BUSD) and tru USD (TUSD).
legendary
Activity: 1834
Merit: 1131
April 13, 2023, 07:25:09 AM
Tether Blacklists MEV Bots Exploiter ‘Sandwich the Ripper’ After ‘Official Requests’
Tether, a centralized entity behind popular stablecoin USDT, has blacklisted an Ethereum validator who had front-run MEV bots, earning $25 million via a sandwich attack.
The exploiter, who called themselves “Sandwich the Ripper,” will no longer be able to receive, send or redeem the $3 million worth of USDT held in their address.

Tether’s decision to blacklist the exploiter has drawn criticism from industry participants.

Uri Klarman, the CEO of bloXrouteLabs, told Blockworks in an interview that the exploiter did exactly what a sandwich bot would do.

“It didn’t hurt the consensus, it didn’t create two blocks at the same time, it gave them an invalid block that didn’t propagate,” Klarman said.
https://blockworks.co/news/tether-blacklists-mev-bots-exploiter
legendary
Activity: 1932
Merit: 4602
Buy on Amazon with Crypto
April 10, 2023, 08:08:33 AM
https://decrypt.co/125799/sushiswap-smart-contract-bug-exploited-in-3-3-million-theft

SushiSwap Smart Contract Bug Exploited in $3.3 Million Theft
The decentralized exchange says it's "all hands on deck" and that some of the funds have been recovered.

"A bug introduced into SushiSwap four days ago was exploited late Saturday to drain about $3.3 million worth of Ethereum from a single user's account.

According to a Twitter post by blockchain security and data analytics company PeckShield, a wallet controlled by the victim—a prominent member of the Crypto Twitter community known as Sifu—was targeted by an "approve-related bug" in SushiSwap's RouterProcessor2 contract to steal about 1,800 ETH."
legendary
Activity: 2604
Merit: 1504
April 08, 2023, 04:46:08 AM
CertiK Analysis presented a report on how much crypto projects lost in Q1 2023.
According to their data, losses of Web3 crypto projects are estimated at $320 million as a result of 207 incidents that occurred between January and March 2023, but this is almost three times less than DEFI losses in Q4 2022 ($950 million) and four times less than in Q1 2022 ($1.3 billion).
The biggest loss in Q1 2023 is considered to be the Euler Finance exploit, which caused damage in the amount of $197 million or more than 60% of the total losses for this period.
In total, we can talk about 90 incidents with exit scams that caused damage to investors by $31,043,335 and 52 incidents with flashloan/oracle manipulation exploits, the damage from which is estimated at $222,963,863





Source: https://www.certik.com/resources/blog/3BaCA6ytR6uLFc1JVvt313-hack3d-the-web3-security-quarterly-report-q1-2023
There is also a video version of the report: https://www.youtube.com/watch?v=oAgLdGl56CE
member
Activity: 199
Merit: 59
April 05, 2023, 02:52:24 PM
PeckShield 'Team of leading cryptocurrency security researchers', unveils the alleged design of the attack on the Orion Protocol. Meanwhile, his team said it was only internal funds that were at risk. Orion Protocol was hacked for $3 million thanks to a well-known bug: PeckShield According to a statement shared by a PeckShield representative on Twitter, Orion Protocol, the popular liquidity engine for CEX and DEX, came under a hacker attack.
legendary
Activity: 1932
Merit: 4602
Buy on Amazon with Crypto
April 05, 2023, 09:23:16 AM

so they demand 90% of the total assets stolen, do those who demand know who did the theft, or is there some kind of address tracking where the hackers are?
and if that's the case I think the thieves will have a hard time selling the asset since their address has been tagged. Undecided

I don't think Ethereum is very difficult to sell or exchange for other coins right now. Euler Finance returned their 90% of the assets, then they will restart the protocol and fix the bugs.

___
https://twitter.com/peckshieldalert/status/1642717704934273030?
In Mar. 2023, $10.9M worth of #NFTs were stolen, representing a 32.72%% decrease from the previous month
Half of the stolen NFTs were quickly sold on marketplaces within 2 hours
 ~74.9% of the stolen NFTs were first sold on @blur_io,  followed by 19.5% on @opensea
sr. member
Activity: 1526
Merit: 251
April 05, 2023, 07:28:30 AM
The hacker committed a $196 million flash loan attack on the Ethereum-based lending protocol on March 13.
Ethereum-based noncustodial lending protocol Euler Finance is trying to cut a deal with the exploiter that stole millions from its protocol, demanding the hacker returns 90% of the funds they stole within 24 hours or face legal consequences.
https://cointelegraph.com/news/euler-finance-s-offer-to-hacker-keep-20m-or-face-the-law


so they demand 90% of the total assets stolen, do those who demand know who did the theft, or is there some kind of address tracking where the hackers are?
and if that's the case I think the thieves will have a hard time selling the asset since their address has been tagged. Undecided
legendary
Activity: 1932
Merit: 4602
Buy on Amazon with Crypto
April 05, 2023, 05:13:18 AM
https://www.blockhead.co/2023/04/04/exploiter-front-runs-25m-from-mev-bots-using-ethereum-validator/
Exploiter Front Runs $25M From MEV Bots Using Ethereum Validator
"Twitter reminds us that the MEV exploit in the code is a feature, not a bug
In smart contract land, it is well known that if there's a vulnerability in the code, it is a feature and not a bug. One sophisticated exploiter albeit with malicious intent had successfully deployed an exploit using an Ethereum validator and a Flashbots MEV-relay to drain a group of MEV bots for a total of $25 million at time of writing.

The exploiter planned the reverse-sandwich attack by essentially honey potting a group of top performing Maximal Extractable Value (MEV) bots after verifying that these bots used his validator on low-liquidity pools throughout an 18-day operation."
https://twitter.com/Mudit__Gupta/status/1642844239733071872?s=19
legendary
Activity: 1708
Merit: 1615
Payment Gateway Allows Recurring Payments
April 04, 2023, 06:43:04 AM
Euler Finance hacker returns ‘all of the recoverable funds’
Euler Finance has announced a total possible recovery of all the stolen funds.
The recovery ends the $1 million bounty that Euler Labs had issued.
The total recovery comes after Euler Finance convinced the hacker to return the money.
Euler Finance has today announced that the total refundable funds have been returned twenty-three days after the protocol was hacked.

Pages:
Jump to: