Summary # On November 22, 2023, KyberSwap, a decentralized finance platform, experienced a sophisticated exploit resulting in a loss of approximately $49,000,000. The attack involved manipulating the platform’s smart contract through complex transactions. The attacker used flash loans to manipulate token prices, which enabled them to exploit a numerical anomaly in the smart contract. This allowed the attacker to double-count liquidity and withdraw substantial funds. Despite KyberSwap having failsafe mechanisms, the attacker skillfully avoided triggering these protections.
...
Summary: # On July 30, a hackers drained approximately $60 million from liquidity pools that decentralized exchanges uses to offer exchange of tokens. Affected protocols include CurveFi, MetronomeDAO, JPEGd and Alchemix.
Curve, as biggest funds lost from the breach, ranks among the most esteemed and reliable DEXes and relies on automated market makers in much the same way as Uniswap. Though it is still functioning, Curve has seen an exodus of funds since the hack.
...
Summary # On July 10, 2023, Arcadia Finance, a DeFi protocol on Ethereum and Optimism, experienced a significant security breach due to vulnerabilities in its smart contract. The incident resulted in a financial loss of approximately $455,000. The breach was due to inadequate security measures in the protocol’s contract, allowing an attacker to manipulate the system for unauthorized asset transfers.
Attackers # The identity of the hackers who attacked Arcadia Finance is unknown.
...
Summary # On February 9, 2023, dForce, a DeFi protocol, fell victim to a reentrancy attack. The attacker exploited a known vulnerability in the smart contract, resulting in a loss of approximately $3.6 million.
Attackers # The identity of the attacker is unknown. The attackers utilized the following addresses:
Arbitrum:
0xe0d551017c0111ac11108641771897aa33b2817c Optimism:
0xe0d551017c0111ac11108641771897aa33b2817c Losses # ~$3.65 million total
Arbitrum:
1,236.65 ETH (~1,893,000 USD) 719,437 USX Optimism:
1,037,492 USDC source
...
Summary # On February 2, 2023, Orion Protocol, a decentralized blockchain platform that aggregates liquidity across both centralized and decentralized exchanges, fell victim to a sophisticated smart contract exploit. The attacker manipulated a reentrancy vulnerability within the protocol’s core smart contracts, which enabled them to divert approximately $3 million in tokens across the Ethereum and Binance Smart Chain networks.
Attackers # The identity of the attacker is unknown. Two addresses were primarily involved in the attack:
...
Summary # On April 30, 2022, Fei Protocol, a decentralized finance (DeFi) protocol that merged with Rari Capital in 2021, was hacked for $80 million. The attacker exploited a reentrancy vulnerability in the protocol’s smart contracts to withdraw funds from the protocol’s reserves.
Attackers # The identity of the attacker(s) is unknown.
ERC-20
FeiProtocol-Fuse Exploiter: 0x6162759eDAd730152F0dF8115c698a42E666157F Losses # $80 Million
Timeline # April 30, 2022, 09:01:35 AM +UTC: The hacker exploited a reentrancy vulnerability in lending protocol April 30, 2022, 10:23:58 AM +UTC: Funds have started to be laundered through Tornado Cash.
...