Summary # On April 8, 2023, SushiSwap, a renowned decentralized exchange, came under attack due to a vulnerability in its newly launched RouteProcessor2 contract. The contract was part of the SushiSwap’s version 3 (V3) upgrades and was deployed on 14 different networks. Before SushiSwap could react, anonymous attackers exploited the vulnerability and managed to drain approximately 1800 Wrapped Ether (WETH) from user wallets.
Attackers # The identity of the attacker is unknown.
...
Summary # On April 2, 2023, AllBridge, a multichain token bridge, fell victim to an exploit that resulted in approximately $573,000 worth of assets being drained from its BNB Chain pools. The attacker, acting as both a liquidity provider and a swapper, exploited a flaw in a smart contract that enabled them to manipulate swap prices. This led to the theft of $282,889 in Binance USD (BUSD) and $290,868 in Tether (USDT).
...
Summary # In March 2023, SafeMoon, a DeFi protocol, experienced a significant security breach when a vulnerability in its contract allowed an attacker to steal approximately $8.9 million. The attacker exploited unprotected burn and mint functions, essentially manipulating the value of the SFM token. In a surprising turn of events, the attacker agreed to return 80% of the stolen funds, retaining the remaining 20% as a bug bounty.
Attackers # The attacker’s identity remains unknown.
...
Summary # On March 13, 2023, a flash loan attack targeted Euler Finance, a noncustodial lending platform on the Ethereum blockchain. The attack led to a loss of roughly $196 million in various cryptocurrencies, including Dai, USD Coin, Staked Ether, and Wrapped Bitcoin. The attacker took advantage of a weakness in Euler’s smart contract, specifically in a feature called “donateToReserves.”
The attacker used multiple Ethereum addresses to exploit this weakness in the contract and took advantage of a problem in Euler’s system for liquidation.
...
Summary # On February 16, 2023, Platypus Finance, the project behind the USP stablecoin, fell victim to a flash loan attack. This resulted in an estimated loss of $8.5 million. The exploit led to a significant drop in the price of the $USP stablecoin, devaluing it by more than 66% from its intended $1 peg. The attack was carried out by minting an excessive number of USP tokens from the MasterPlatypusV4 contract and using an inflated amount of Platypus LP-USDC tokens as collateral.
...
Summary # On February 9, 2023, dForce, a DeFi protocol, fell victim to a reentrancy attack. The attacker exploited a known vulnerability in the smart contract, resulting in a loss of approximately $3.6 million.
Attackers # The identity of the attacker is unknown. The attackers utilized the following addresses:
Arbitrum:
0xe0d551017c0111ac11108641771897aa33b2817c Optimism:
0xe0d551017c0111ac11108641771897aa33b2817c Losses # ~$3.65 million total
Arbitrum:
1,236.65 ETH (~1,893,000 USD) 719,437 USX Optimism:
1,037,492 USDC source
...
Summary # On February 7, 2023, CoW Swap, a decentralized exchange (DEX) protocol, fell victim to a smart contract exploit, resulting in a loss of approximately 550 BNB, or about $180,000 USD. The breach occurred due to a flaw in the protocol’s smart contract, which allowed an unidentified attacker to approve fund transfers from the protocol.
Attackers # The identity of the attacker is unknown.
0xc0e82c1ed4786f8b7f806d1b8a6335ec485266ff 0x55a37a2e5e5973510ac9d9c723aec213fa161919 Losses # $166,183 Timeline # January 27, 2023: Barter Solver enters the CoW Swap solver competition.
...
Summary # On February 2, 2023, Orion Protocol, a decentralized blockchain platform that aggregates liquidity across both centralized and decentralized exchanges, fell victim to a sophisticated smart contract exploit. The attacker manipulated a reentrancy vulnerability within the protocol’s core smart contracts, which enabled them to divert approximately $3 million in tokens across the Ethereum and Binance Smart Chain networks.
Attackers # The identity of the attacker is unknown. Two addresses were primarily involved in the attack:
...
Summary # In February 2023, BonqDAO, a lending platform hosted on the Polygon network, was hacked. The attacker exploited protocol’s price oracle weakness to manipulate the price of the $WALBT token. This allowed the attacker to borrow 100 million $BEUR, a stablecoin pegged to the euro, and liquidate other users’ collateral. The total loss from the hack was estimated to be around $120 million.
Attackers # The attackers are unidentified.
...
Summary # A hacker exploited a vulnerability in the LendHub protocol to steal approximately $6 million in digital assets. The vulnerability was caused by the existence of two IBSV tokens on the platform, one of which had been deprecated but not removed. The attacker was able to mint and redeem tokens in the old market while borrowing against them in the new market, ultimately making off with the majority of the assets on the platform.
...