Summary # On November 10, 2023, Raft Protocol experienced an exploit resulting in a loss of about 1,575 cbETH. The exploiter employed a sophisticated multistep attack strategy focusing on a smart contract’s precision calculation vulnerability. Initially, the attacker obtained cbETH through a flash loan before donating and liquidating the cbETH to the Interest Rate Position Manager. This maneuver manipulated the collateral token’s index rate, allowing the exploiter to systematically increase their position in small increments, exploiting a rounding issue in the mint function.
...
Summary # On August 13, 2023, Zunami Protocol, a prominent DeFi platform on Ethereum, was compromised through a sophisticated flash loan attack, resulting in a significant loss of 1,178 ETH, approximately valued at $2.16 million. Central to this exploit was a vulnerability within the platform’s contract that allowed for the manipulation of the UZD token’s balance. By leveraging a flash loan the attacker was able to artificially inflate the value of the UZD token.
...
Summary # On February 16, 2023, Platypus Finance, the project behind the USP stablecoin, fell victim to a flash loan attack. This resulted in an estimated loss of $8.5 million. The exploit led to a significant drop in the price of the $USP stablecoin, devaluing it by more than 66% from its intended $1 peg. The attack was carried out by minting an excessive number of USP tokens from the MasterPlatypusV4 contract and using an inflated amount of Platypus LP-USDC tokens as collateral.
...
Summary # In February 2023, BonqDAO, a lending platform hosted on the Polygon network, was hacked. The attacker exploited protocol’s price oracle weakness to manipulate the price of the $WALBT token. This allowed the attacker to borrow 100 million $BEUR, a stablecoin pegged to the euro, and liquidate other users’ collateral. The total loss from the hack was estimated to be around $120 million.
Attackers # The attackers are unidentified.
...
Summary # On April 30, 2022, Fei Protocol, a decentralized finance (DeFi) protocol that merged with Rari Capital in 2021, was hacked for $80 million. The attacker exploited a reentrancy vulnerability in the protocol’s smart contracts to withdraw funds from the protocol’s reserves.
Attackers # The identity of the attacker(s) is unknown.
ERC-20
FeiProtocol-Fuse Exploiter: 0x6162759eDAd730152F0dF8115c698a42E666157F Losses # $80 Million
Timeline # April 30, 2022, 09:01:35 AM +UTC: The hacker exploited a reentrancy vulnerability in lending protocol April 30, 2022, 10:23:58 AM +UTC: Funds have started to be laundered through Tornado Cash.
...
Summary # On November 19, 2017, Tether, a company behind the USDT stablecoin pegged 1:1 to the US dollar, announced a malicious action by an external attacker. The attacker maliciously removed tokens from the Tether Treasury wallet and sent them to an unauthorized Bitcoin address. As a result, approximately $31 million worth of USDT was taken. In response to the breach, Tether temporarily suspended its back-end wallet service and initiated steps to prevent the stolen coins from entering the ecosystem.
...