Summary # On April 15, 2023, at 2:12 pm UTC, Hundred Finance’s Optimism deployment fell victim to an exploit that drained the platform of all assets in hToken markets. The attacker utilized an integer rounding vulnerability within the hToken contract logic to redeem underlying tokens when a market was empty. The total loss amounted to roughly $6.8 million USD in various cryptocurrencies.
Attackers # The attackers remain unidentified.
Exploiter addresses:
...
Summary: # On April 14, 2023, cryptocurrency exchange Bitrue was hacked, resulting in the theft of cryptocurrencies worth approximately $23 million. Hackers gained access to the exchange’s hot wallets and stole various cryptocurrencies, including ETH, SHIB, QNT, HOT, MATIC, and GALA.
Attackers: # The identity of the hackers who carried out the attack on Bitrue is unknown.
Bitrue Drainer wallet: 0x1819ede3b8411ebc613f3603813bf42ae09ba5a5
Losses: # Bitrue estimated the losses from the hack to be approximately $23 million.
...
Summary # On April 13, 2023, Yearn Finance, a prominent DeFi protocol on the Ethereum blockchain, was exploited due to a misconfiguration in its yUSDT vault’s smart contract. The attacker leveraged this vulnerability to mint an excessive number of yUSDT tokens, which were subsequently exchanged for stablecoins. The exploit led to the loss of approximately $11.54 million.
Attackers # The attackers are unidentified, but their wallet addresses and contracts are known:
...
Summary # On April 9, 2023, South Korean cryptocurrency exchange GDAC was hacked, resulting in the theft of cryptocurrencies worth approximately $13 million. Hackers gained access to the exchange’s hot wallets and stole various cryptocurrencies, including Bitcoin (BTC), Ethereum (ETH), and Wemix (WEMIX).
Attackers # The attackers behind the GDAC hack remain unidentified.
GDAC Hacker ETH wallets:
0x244615D99684175d31369332039b2D84ce925EC5 0x57192cca8b8e4beb77f3466c6d0550e64cc53b0f Losses # GDAC lost approximately $13 million:
10,000,000 WEMIX 220,000 USDT 350 ETH 60.
...
Summary # On April 8, 2023, SushiSwap, a renowned decentralized exchange, came under attack due to a vulnerability in its newly launched RouteProcessor2 contract. The contract was part of the SushiSwap’s version 3 (V3) upgrades and was deployed on 14 different networks. Before SushiSwap could react, anonymous attackers exploited the vulnerability and managed to drain approximately 1800 Wrapped Ether (WETH) from user wallets.
Attackers # The identity of the attacker is unknown.
...
Summary # On April 2, 2023, AllBridge, a multichain token bridge, fell victim to an exploit that resulted in approximately $573,000 worth of assets being drained from its BNB Chain pools. The attacker, acting as both a liquidity provider and a swapper, exploited a flaw in a smart contract that enabled them to manipulate swap prices. This led to the theft of $282,889 in Binance USD (BUSD) and $290,868 in Tether (USDT).
...
Summary # In March 2023, SafeMoon, a DeFi protocol, experienced a significant security breach when a vulnerability in its contract allowed an attacker to steal approximately $8.9 million. The attacker exploited unprotected burn and mint functions, essentially manipulating the value of the SFM token. In a surprising turn of events, the attacker agreed to return 80% of the stolen funds, retaining the remaining 20% as a bug bounty.
Attackers # The attacker’s identity remains unknown.
...
Summary # On March 13, 2023, a flash loan attack targeted Euler Finance, a noncustodial lending platform on the Ethereum blockchain. The attack led to a loss of roughly $196 million in various cryptocurrencies, including Dai, USD Coin, Staked Ether, and Wrapped Bitcoin. The attacker took advantage of a weakness in Euler’s smart contract, specifically in a feature called “donateToReserves.”
The attacker used multiple Ethereum addresses to exploit this weakness in the contract and took advantage of a problem in Euler’s system for liquidation.
...
Summary # On February 16, 2023, Platypus Finance, the project behind the USP stablecoin, fell victim to a flash loan attack. This resulted in an estimated loss of $8.5 million. The exploit led to a significant drop in the price of the $USP stablecoin, devaluing it by more than 66% from its intended $1 peg. The attack was carried out by minting an excessive number of USP tokens from the MasterPlatypusV4 contract and using an inflated amount of Platypus LP-USDC tokens as collateral.
...
Summary # On February 9, 2023, dForce, a DeFi protocol, fell victim to a reentrancy attack. The attacker exploited a known vulnerability in the smart contract, resulting in a loss of approximately $3.6 million.
Attackers # The identity of the attacker is unknown. The attackers utilized the following addresses:
Arbitrum:
0xe0d551017c0111ac11108641771897aa33b2817c Optimism:
0xe0d551017c0111ac11108641771897aa33b2817c Losses # ~$3.65 million total
Arbitrum:
1,236.65 ETH (~1,893,000 USD) 719,437 USX Optimism:
1,037,492 USDC source
...