Summary # On April 28, 2021, Uranium Finance, a BSC-based decentralized exchange, was exploited due to a calculation error bug in its v2 pair contracts, which had been forked from the Uniswap v2 code. The bug allowed an attacker to swap minimum amount of the input token for 98% of the total balance of the output token, leading to massive losses. Uranium Finance had discovered the potential vulnerability but failed to prevent the attack:
...
Summary # On April 19, 2021, a hacker stole $81 million worth of cryptocurrency from EasyFi, a decentralized finance platform. The hacker introduced a malicious version of MetaMask into the computer and stole the private key.
Attackers # The identity of the hackers who attacked EasyFi is unknown.
Hacker ETH Wallet:
0x83a2EB63B6Cc296529468Afa85DbDe4A469d8B37 Losses # EasyFi estimated the losses from the hack to be $81 million. The stolen assets included:
...
Summary # On February 13, 2021, Alpha Finance, a DeFi project, suffered a hack that resulted in a $37.5 million loss. The attacker exploited a rounding error in the repayment process, accumulating a substantial amount of cySUSD. They used this to obtain loans in different assets and distributed the stolen Ether. Iron Bank responded by modifying the smart contract configuration, freezing funds and preventing lenders on Alpha Homora from withdrawing their liquidity.
...
Summary # On November 6, 2017, a user named devops199 accidentally triggered a sequence of actions that led to the compromise of the Parity Multisig WalletLibrary contract. By mistakenly executing the initWallet function followed by the kill function, the WalletLibrary contract was removed from the blockchain. As a result, approximately 513k ETH became locked and inaccessible in the affected contracts. The funds were not stolen but remained frozen, highlighting the need for better security measures in decentralized applications and smart contracts.
...
Summary # On July 19, 2017, Parity Technologies fell victim to a wallet hack. A vulnerability was discovered and exploited in the Parity MultiSig Wallet version 1.5+, enabling the attacker to take control over the contracts and drain all their funds. The attack resulted in a loss of 153,037 ETH, equivalent to approximately $34 million from three ( one, two, and three) wallets.
Attackers # The attacker’s identity remains unknown.
...