Topic: DeFi hacks [history] - page 6. (Read 19534 times)
PeckShield 'Team of leading cryptocurrency security researchers', unveils the alleged design of the attack on the Orion Protocol. Meanwhile, his team said it was only internal funds that were at risk. Orion Protocol was hacked for $3 million thanks to a well-known bug: PeckShield According to a statement shared by a PeckShield representative on Twitter, Orion Protocol, the popular liquidity engine for CEX and DEX, came under a hacker attack.
so they demand 90% of the total assets stolen, do those who demand know who did the theft, or is there some kind of address tracking where the hackers are?
and if that's the case I think the thieves will have a hard time selling the asset since their address has been tagged.
I don't think Ethereum is very difficult to sell or exchange for other coins right now. Euler Finance returned their 90% of the assets, then they will restart the protocol and fix the bugs.
___
https://twitter.com/peckshieldalert/status/1642717704934273030?
In Mar. 2023, $10.9M worth of #NFTs were stolen, representing a 32.72%% decrease from the previous month
Half of the stolen NFTs were quickly sold on marketplaces within 2 hours
~74.9% of the stolen NFTs were first sold on @blur_io, followed by 19.5% on @opensea
The hacker committed a $196 million flash loan attack on the Ethereum-based lending protocol on March 13.
Ethereum-based noncustodial lending protocol Euler Finance is trying to cut a deal with the exploiter that stole millions from its protocol, demanding the hacker returns 90% of the funds they stole within 24 hours or face legal consequences.
https://cointelegraph.com/news/euler-finance-s-offer-to-hacker-keep-20m-or-face-the-law
Ethereum-based noncustodial lending protocol Euler Finance is trying to cut a deal with the exploiter that stole millions from its protocol, demanding the hacker returns 90% of the funds they stole within 24 hours or face legal consequences.
https://cointelegraph.com/news/euler-finance-s-offer-to-hacker-keep-20m-or-face-the-law
so they demand 90% of the total assets stolen, do those who demand know who did the theft, or is there some kind of address tracking where the hackers are?
and if that's the case I think the thieves will have a hard time selling the asset since their address has been tagged.
https://www.blockhead.co/2023/04/04/exploiter-front-runs-25m-from-mev-bots-using-ethereum-validator/
Exploiter Front Runs $25M From MEV Bots Using Ethereum Validator
"Twitter reminds us that the MEV exploit in the code is a feature, not a bug
In smart contract land, it is well known that if there's a vulnerability in the code, it is a feature and not a bug. One sophisticated exploiter albeit with malicious intent had successfully deployed an exploit using an Ethereum validator and a Flashbots MEV-relay to drain a group of MEV bots for a total of $25 million at time of writing.
The exploiter planned the reverse-sandwich attack by essentially honey potting a group of top performing Maximal Extractable Value (MEV) bots after verifying that these bots used his validator on low-liquidity pools throughout an 18-day operation."
https://twitter.com/Mudit__Gupta/status/1642844239733071872?s=19
Exploiter Front Runs $25M From MEV Bots Using Ethereum Validator
"Twitter reminds us that the MEV exploit in the code is a feature, not a bug
In smart contract land, it is well known that if there's a vulnerability in the code, it is a feature and not a bug. One sophisticated exploiter albeit with malicious intent had successfully deployed an exploit using an Ethereum validator and a Flashbots MEV-relay to drain a group of MEV bots for a total of $25 million at time of writing.
The exploiter planned the reverse-sandwich attack by essentially honey potting a group of top performing Maximal Extractable Value (MEV) bots after verifying that these bots used his validator on low-liquidity pools throughout an 18-day operation."
https://twitter.com/Mudit__Gupta/status/1642844239733071872?s=19
Euler Finance hacker returns ‘all of the recoverable funds’
Euler Finance has announced a total possible recovery of all the stolen funds.
The recovery ends the $1 million bounty that Euler Labs had issued.
The total recovery comes after Euler Finance convinced the hacker to return the money.
Euler Finance has today announced that the total refundable funds have been returned twenty-three days after the protocol was hacked.
Euler Finance has announced a total possible recovery of all the stolen funds.
The recovery ends the $1 million bounty that Euler Labs had issued.
The total recovery comes after Euler Finance convinced the hacker to return the money.
Euler Finance has today announced that the total refundable funds have been returned twenty-three days after the protocol was hacked.
https://ambcrypto.com/safemoon-sfm-hackers-say-relax-as-dex-loses-millions-in-exploit/
DEFISafeMoon [SFM]: Hackers say ‘relax’ as DEX loses millions in exploit
Decentralized exchange SafeMoon was exploited to the tune of $8.9 million earlier today.
The hackers took advantage of a public burn bug to drain one of the DEX’s liquidity pools.
Decentralized Finance exchange SafeMoon [SFM] has lost millions of dollars following a compromised liquidity pool. which allowed hackers to exploit the BNB Chain-based DEX. The exploit took place on 29 March and drained $8.9 million from the liquidity pool.
DEFISafeMoon [SFM]: Hackers say ‘relax’ as DEX loses millions in exploit
Decentralized exchange SafeMoon was exploited to the tune of $8.9 million earlier today.
The hackers took advantage of a public burn bug to drain one of the DEX’s liquidity pools.
Decentralized Finance exchange SafeMoon [SFM] has lost millions of dollars following a compromised liquidity pool. which allowed hackers to exploit the BNB Chain-based DEX. The exploit took place on 29 March and drained $8.9 million from the liquidity pool.
Euler Token Gains 28% as Exploiter returns 58,000 Stolen ETH
Euler Finance exploiter returned over 58,000 ETH on March 25 to the DeFi protocol.
Arkham Intelligence reported that the hacker still held over $100 million worth of the stolen assets.
Euler Finance exploiter returned over 58,000 ETH on March 25 to the DeFi protocol.
Arkham Intelligence reported that the hacker still held over $100 million worth of the stolen assets.
Subsequently, on March 28, the hacker returned the balance of 5 million DAi, thereby reimbursing almost all the damage done to the Euler Finance team, which incidentally caused a small pump EUL
https://twitter.com/PeckShieldAlert/status/1640585382843785216
https://etherscan.io/tx/0x92f3110e3239507b4c1d60ffdde14fbae443436f9cb33070383a7a3d9a2b4099
https://blockchain.news/news/kokomo-finance-accused-of-4m-exit-scam
"Kokomo Finance, an open-source and noncustodial lending protocol on Optimism, has been accused of an exit scam worth $4 million. The protocol allegedly plucked user funds via a smart contract loophole, causing the Kokomo Finance token to plummet 95% in value in a matter of minutes. Blockchain security firm CertiK alerted its followers to the situation in a tweet on March 26.
According to CertiK, the deployer of the KOKO token attacked the smart contract code of a wrapped Bitcoin token, cBTC, by resetting the reward speed and pausing the borrow function. An address beginning with "0x5a2d.." then approved the new cBTC smart contract to spend over 7000 Sonne Wrapped Bitcoin (So-WBTC). The attacker then called another command to swap the So-WBTC to the 0x5a2d address, which produced a $4 million profit, according to the security firm."
"Kokomo Finance, an open-source and noncustodial lending protocol on Optimism, has been accused of an exit scam worth $4 million. The protocol allegedly plucked user funds via a smart contract loophole, causing the Kokomo Finance token to plummet 95% in value in a matter of minutes. Blockchain security firm CertiK alerted its followers to the situation in a tweet on March 26.
According to CertiK, the deployer of the KOKO token attacked the smart contract code of a wrapped Bitcoin token, cBTC, by resetting the reward speed and pausing the borrow function. An address beginning with "0x5a2d.." then approved the new cBTC smart contract to spend over 7000 Sonne Wrapped Bitcoin (So-WBTC). The attacker then called another command to swap the So-WBTC to the 0x5a2d address, which produced a $4 million profit, according to the security firm."
Euler Token Gains 28% as Exploiter returns 58,000 Stolen ETH
Euler Finance exploiter returned over 58,000 ETH on March 25 to the DeFi protocol.
Arkham Intelligence reported that the hacker still held over $100 million worth of the stolen assets.
Euler Finance exploiter returned over 58,000 ETH on March 25 to the DeFi protocol.
Arkham Intelligence reported that the hacker still held over $100 million worth of the stolen assets.
Euler Finance Hack Contacted Developers
https://twitter.com/CertiKAlert/status/1638008865055813632?
"Lending platform @eulerfinance received on-chain messages earlier today from the exploiter.
The exploiter seeks to come to an agreement and have "no intention of keeping what is not theirs."
Their full message and the Euler response seen below 👇"
https://forklog.com/news/vzlomshhik-euler-finance-vyshel-na-svyaz-s-razrabotchikami
"Euler representatives responded to the message and offered to contact via EOA or email."
https://twitter.com/CertiKAlert/status/1638008865055813632?
"Lending platform @eulerfinance received on-chain messages earlier today from the exploiter.
The exploiter seeks to come to an agreement and have "no intention of keeping what is not theirs."
Their full message and the Euler response seen below 👇"
https://forklog.com/news/vzlomshhik-euler-finance-vyshel-na-svyaz-s-razrabotchikami
"Euler representatives responded to the message and offered to contact via EOA or email."
hacker returned 3000 ETH to Euler
https://etherscan.io/tx/0x20f89e9f029c1552ac1b1e2346c8305924ac76d9252a84c91a2b3157c669ab6a
https://etherscan.io/tx/0xe57b44752efa79fc06bba4e269738a27add7adb13603c4aa90e0437151e62023
https://etherscan.io/tx/0xc07feca033ff90cfcbeeac71d01daa8898e2cc4a9a22e9704e383740ab0da24a
Euler replied
https://etherscan.io/tx/0xc72d8b553651500c88730573a9839f230a98273dba16d1aad2496c8916ab1d04
https://etherscan.io/tx/0x20f89e9f029c1552ac1b1e2346c8305924ac76d9252a84c91a2b3157c669ab6a
https://etherscan.io/tx/0xe57b44752efa79fc06bba4e269738a27add7adb13603c4aa90e0437151e62023
https://etherscan.io/tx/0xc07feca033ff90cfcbeeac71d01daa8898e2cc4a9a22e9704e383740ab0da24a
Euler replied
https://etherscan.io/tx/0xc72d8b553651500c88730573a9839f230a98273dba16d1aad2496c8916ab1d04
It's amazing that in just 1 year there have been 9 attacks on decentralized finance. it is a challenge for developers to fix the system to cover the loopholes that could be harmful. also to realize a new and better security system.
Yet, we are been advice to move out of centralized exchanges, the losses from centralized exchanges is far more higher than all the losses of defi in combine but still, decentralised finance still have to get better with their security, hackers keeps taking advantage of projects is not encouraging for crypto space altogether, this is why Bitcoin is a much safer digital currency than the others. For anyone who gets affected by the #Euler hack, watch this:
Someone(0x2a) sends a message to the hacker saying his life-saving (78 $ETH) is in @eulerfinance
The hacker then sends him 100 $ETH.
If 0x2a is being honest, it made extra 22 $ETH back.
https://twitter.com/ScopeProtocol/status/1636215381126938624?
Ironically that person who got back 100eth instead of 78 is a criminal If he/she spends a dime from that that extra eth.Someone(0x2a) sends a message to the hacker saying his life-saving (78 $ETH) is in @eulerfinance
The hacker then sends him 100 $ETH.
If 0x2a is being honest, it made extra 22 $ETH back.
https://twitter.com/ScopeProtocol/status/1636215381126938624?
Weirdly i wouldn't even know where should it be returned. I might ask consultation from police
https://etherscan.io/tx/0xbb450229bf8eaf62d41e62b8d4e6495f1d952a10da0ef72bf048c376c56719e1
"I was affected by the recent Euler Finance hack and fortunately, I received back 100 ETH from the hacker, which is 12 ETH more than my original deposit of ~78 wstETH. With this transaction, I'm returning the extra 12 ETH that doesn't belong to me to the Euler Finance Deployer."
___
I just don't understand why 0x2Af returned 12 ETH. 78+12 =90 not 100, it should return 22 ETH.
Or 78 wstETH = 88 ETH
For anyone who gets affected by the #Euler hack, watch this:
Someone(0x2a) sends a message to the hacker saying his life-saving (78 $ETH) is in @eulerfinance
The hacker then sends him 100 $ETH.
If 0x2a is being honest, it made extra 22 $ETH back.
https://twitter.com/ScopeProtocol/status/1636215381126938624?
Ironically that person who got back 100eth instead of 78 is a criminal If he/she spends a dime from that that extra eth.Someone(0x2a) sends a message to the hacker saying his life-saving (78 $ETH) is in @eulerfinance
The hacker then sends him 100 $ETH.
If 0x2a is being honest, it made extra 22 $ETH back.
https://twitter.com/ScopeProtocol/status/1636215381126938624?
Weirdly i wouldn't even know where should it be returned. I might ask consultation from police
For anyone who gets affected by the #Euler hack, watch this:
Someone(0x2a) sends a message to the hacker saying his life-saving (78 $ETH) is in @eulerfinance
The hacker then sends him 100 $ETH.
If 0x2a is being honest, it made extra 22 $ETH back.
https://twitter.com/ScopeProtocol/status/1636215381126938624?
Someone(0x2a) sends a message to the hacker saying his life-saving (78 $ETH) is in @eulerfinance
The hacker then sends him 100 $ETH.
If 0x2a is being honest, it made extra 22 $ETH back.
https://twitter.com/ScopeProtocol/status/1636215381126938624?
A good way to get your coins back is by chatting with a hacker on the blockchain:
https://etherscan.io/tx/0xbe21a9719a4f89f7dc98419f60b247d69780b569cd8869c0031aae000f98cf17
This message was in the transaction signature:
"Please consider returning 90%/80%. I'm just a user that only had 78 wstETH as my life savings deposited into Euler, I'm not whale or millionaire. You can't imagine the mess I'm into right now, completely destroyed. I'm pretty sure 20M is already life changing for you and you'll bring back joy to a lot of affected people."
Euler Finance Exploiter 2
https://etherscan.io/address/0xb66cd966670d962c227b3eaba30a872dbfb995db
A lot of correspondence in the blockchain and a lot of begging.
For anyone who gets affected by the #Euler hack, watch this:
Someone(0x2a) sends a message to the hacker saying his life-saving (78 $ETH) is in @eulerfinance
The hacker then sends him 100 $ETH.
If 0x2a is being honest, it made extra 22 $ETH back.
https://twitter.com/ScopeProtocol/status/1636215381126938624?
Someone(0x2a) sends a message to the hacker saying his life-saving (78 $ETH) is in @eulerfinance
The hacker then sends him 100 $ETH.
If 0x2a is being honest, it made extra 22 $ETH back.
https://twitter.com/ScopeProtocol/status/1636215381126938624?
https://coinmarketcap.com/headlines/news/peopledao-hacked-via-google-sheets/
PeopleDAO hacked via Google Sheets, $120,000 worth of ether stolen
"PeopleDAO, a group formed to buy a copy of the U.S. Constitution, has lost 76.5 ETH ($120,000) to a social engineering hack on March 6 that targeted the project’s monthly contributor payout form on Google Sheets.
A combination of errors led to the theft, according to the project team. First, the accounting lead mistakenly shared a link to the payout form with edit access to a public channel on the project’s Discord Server. The hacker was able to use this edit access on the form to insert their address and a 76.5 ETH payment. The hacker then made this row invisible on the form."
PeopleDAO hacked via Google Sheets, $120,000 worth of ether stolen
"PeopleDAO, a group formed to buy a copy of the U.S. Constitution, has lost 76.5 ETH ($120,000) to a social engineering hack on March 6 that targeted the project’s monthly contributor payout form on Google Sheets.
A combination of errors led to the theft, according to the project team. First, the accounting lead mistakenly shared a link to the payout form with edit access to a public channel on the project’s Discord Server. The hacker was able to use this edit access on the form to insert their address and a 76.5 ETH payment. The hacker then made this row invisible on the form."
The hacker committed a $196 million flash loan attack on the Ethereum-based lending protocol on March 13.
Ethereum-based noncustodial lending protocol Euler Finance is trying to cut a deal with the exploiter that stole millions from its protocol, demanding the hacker returns 90% of the funds they stole within 24 hours or face legal consequences.
https://cointelegraph.com/news/euler-finance-s-offer-to-hacker-keep-20m-or-face-the-law
Ethereum-based noncustodial lending protocol Euler Finance is trying to cut a deal with the exploiter that stole millions from its protocol, demanding the hacker returns 90% of the funds they stole within 24 hours or face legal consequences.
https://cointelegraph.com/news/euler-finance-s-offer-to-hacker-keep-20m-or-face-the-law
Euler Finance was exploited in a flash loan attack that drained hundreds of millions of decentralized stablecoins and synthetic ERC-20 tokens.
Ethereum-based noncustodial lending protocol Eurler finance faced a flash loan attack on March 13, with the attacker managing to steal millions in Dai, staked Ether (StETH) and wrapped Bitcoin (WBTC).According to on-chain data, as per the last update, the exploiter carried out multiple transactions, stealing nearly $196 million. The ongoing attack has already become the largest hack of 2023.
https://cointelegraph.com/news/euler-finance-hacked-for-over-195m-in-a-flash-loan-attack
Ethereum-based noncustodial lending protocol Eurler finance faced a flash loan attack on March 13, with the attacker managing to steal millions in Dai, staked Ether (StETH) and wrapped Bitcoin (WBTC).According to on-chain data, as per the last update, the exploiter carried out multiple transactions, stealing nearly $196 million. The ongoing attack has already become the largest hack of 2023.
https://cointelegraph.com/news/euler-finance-hacked-for-over-195m-in-a-flash-loan-attack
https://thesis.neworder.network/#defi-landscape-consolidation-of-power-amongst-a-few-dominant-players
"Even as the number of DeFi applications has increased to around 1400 dapps, the top five Dapps still control a sizable portion of the total market. This occurrence is largely due to certain applications dominating specific sectors within the DeFi market. For example, Uniswap is the dominant player in the decentralized exchange (DEX) market, holding a market share of 59% by volume, an increase from 43.2% since the bear market. This pattern of dominance can be seen across other categories as well, with Lido leading in the liquid staking market, dYdX in the derivatives market, and MakerDAO in the lending and borrowing market. As most demand is concentrated among a few applications, these apps have an incentive to build out app-specific blockchains in order to extract as much value as possible from the blockchain and into the application itself."
"Even as the number of DeFi applications has increased to around 1400 dapps, the top five Dapps still control a sizable portion of the total market. This occurrence is largely due to certain applications dominating specific sectors within the DeFi market. For example, Uniswap is the dominant player in the decentralized exchange (DEX) market, holding a market share of 59% by volume, an increase from 43.2% since the bear market. This pattern of dominance can be seen across other categories as well, with Lido leading in the liquid staking market, dYdX in the derivatives market, and MakerDAO in the lending and borrowing market. As most demand is concentrated among a few applications, these apps have an incentive to build out app-specific blockchains in order to extract as much value as possible from the blockchain and into the application itself."
Jump to: