Summary # Astrid Finance, an Ethereum-based liquid restaking pool powered by the Eigen Layer, suffered a significant exploit on October 28, 2023, leading to a loss of $228,000. The exploit was executed through a smart contract vulnerability linked to insufficient input validation, specifically within the withdraw function of the protocol. This flaw enabled the attacker to manipulate transaction parameters, allowing the creation and utilization of fake tokens to illegitimately withdraw funds.
...
Summary # Exactly Protocol on Optimism faced a critical security breach on August 18, resulting in a loss of around $7.6 million. The attackers exploited a vulnerability by manipulating market address inputs, allowing them to bypass key security checks within the protocol. This manipulation granted them unauthorized access to execute a deposit function maliciously, leading to the theft of a substantial amount of USDC from users.
Attackers # The identity of the hackers who attacked Multichain is unknown.
...
Summary # On August 13, 2023, Zunami Protocol, a prominent DeFi platform on Ethereum, was compromised through a sophisticated flash loan attack, resulting in a significant loss of 1,178 ETH, approximately valued at $2.16 million. Central to this exploit was a vulnerability within the platform’s contract that allowed for the manipulation of the UZD token’s balance. By leveraging a flash loan the attacker was able to artificially inflate the value of the UZD token.
...
Summary: # On July 30, a hackers drained approximately $60 million from liquidity pools that decentralized exchanges uses to offer exchange of tokens. Affected protocols include CurveFi, MetronomeDAO, JPEGd and Alchemix.
Curve, as biggest funds lost from the breach, ranks among the most esteemed and reliable DEXes and relies on automated market makers in much the same way as Uniswap. Though it is still functioning, Curve has seen an exodus of funds since the hack.
...
Summary # On July 11, 2023, Rodeo Finance on Arbitrum was breached, losing around 472 ETH ($888,000) due to an attacker exploiting the TWAP Oracle. By manipulating the oracle’s price calculation, through a “sandwich” attack, they inflated asset prices. This allowed them to mislead the protocol, borrow against the inflated prices from the USDC Pool, and conduct swaps to profit from the manipulated price discrepancies, effectively bypassing Rodeo’s security checks.
...
Summary # On July 10, 2023, Arcadia Finance, a DeFi protocol on Ethereum and Optimism, experienced a significant security breach due to vulnerabilities in its smart contract. The incident resulted in a financial loss of approximately $455,000. The breach was due to inadequate security measures in the protocol’s contract, allowing an attacker to manipulate the system for unauthorized asset transfers.
Attackers # The identity of the hackers who attacked Arcadia Finance is unknown.
...
Summary # On June 27, 2023, Themis Protocol, a decentralized lending and borrowing platform on the Arbitrum One chain, fell victim to a sophisticated exploit involving a flawed price oracle, leading to a loss of approximately $370,000. The attacker manipulated the Balancer LP token price by exchanging tokens within the Balancer pool, thus affecting the oracle’s valuation of the pool’s tokens. By utilizing flash loans and a series of calculated transactions, the exploiter was able to inflate the price of the Balancer LP tokens and borrow assets far exceeding their collateral, eventually laundering a portion of the stolen assets through Tornado Cash.
...
Summary # On June 12, 2023, Sturdy Finance, a DeFi protocol on the Ethereum blockchain known for its lending and borrowing services, was compromised in a security breach. Attackers exploited a vulnerability in the protocol’s price oracle, combined with a read-only reentrancy flaw, orchestrating a theft of approximately $800,000.
Attackers # The identity of the hackers who attacked Multichain is unknown.
Hacker Ethereum Wallet:
0x1E8419E724d51E87f78E222D935fbbdeb631a08B
Losses # 442 ETH (800,000 USD) Timeline # June 12, 2023, 01:06:35 AM UTC: The malicious transaction occurred.
...
Summary # On May 5, 2023, Deus Finance, a DeFi protocol operating across Ethereum, Arbitrum, and BNB Chain, experienced a severe security breach. A vulnerability in the $DEI token contract allowed attackers to unauthorizedly burn and transfer tokens, culminating in losses estimated at $6.5 million.
Attackers # The identity of the hackers who attacked Deus Finance is unknown.
Hacker Wallets:
Ethereum: 0x189cf534de3097c08b6beaf6eb2b9179dab122d1 Binance Smart Chain: 0x5a647e376d3835b8f941c143af3eb3ddf286c474 Arbitrum: 0x189cf534de3097c08b6beaf6eb2b9179dab122d1 Losses # The total loss from the Deus Finance hack amounted to approximately $6.
...
Summary # On May 1, 2023, Level Finance, a decentralized finance (DeFi) protocol, was hacked for $1.1 million in LVL tokens. The attacker exploited a vulnerability in the protocol’s Referral Controller Contract.
Attackers # The identity of the attacker is unknown.
BSC:
0x70319d1c09e1373fc7b10403c852909e5b20a9d5 Losses # The attacker stole 214,000 LVL tokens and swapped LVL to 3,345 BNB, which were worth approximately $1.1 million at the time of the hack.
...