Summary # On September 20, 2022, Wintermute, a London-based algorithmic market maker offering liquidity across Centralized Finance (CeFi) and Decentralized Finance (DeFi) exchanges and over-the-counter (OTC) deals, was the victim of a security breach. The exploit resulted in a loss of approximately $160 million, impacting 90 different assets including stable coins, Bitcoin, Ether, and various altcoins. The attack was executed through a brute force private key compromise Source. The suspected vulnerability originated from Profanity, a service Wintermute used for generating vanity addresses, despite efforts to blacklist their Profanity-associated accounts after the vulnerability became known.
...
Summary # On August 1, 2022, Nomad, a cryptocurrency platform, experienced a chaotic hacking incident resulting in a loss of more than $190 million. The hack occurred when multiple users took advantage of an accidental error in a recent update, allowing them to drain funds from the blockchain protocol. An investigation conducted by samczsun, the head of security at Paradigm, a web3 investment firm, revealed that one of Nomad’s smart contracts had been modified in a way that made it vulnerable to transaction spoofing.
...
Summary # On June 23, 2022, the Harmony Protocol team discovered a malicious attack on their Horizon Bridge, a blockchain bridge enabling asset transfers between Ethereum, Binance Smart Chain, and Harmony blockchains. In the morning, several transactions compromised the bridge. The hackers were able to steal the following assets: Frax (FRAX), Wrapped Ether (WETH), Aave (AAVE), Sushi (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD), Dai (DAI), Tether (USDT), Wrapped BTC (WBTC), and USD Coin (USDC).
...
Summary # The Terra Classic Network, worth $40 billion, collapsed due to a mix of market factors and significant events. The network hinged on its two primary coins, $LUNC and $USTC. $USTC, an algorithmic Stablecoin, was designed to hold a steady value of $1. $LUNC was created to soak up $USTC’s instability through minting and burning processes and built-in opportunities for arbitrage. Trouble began when the Luna Foundation Guard withdrew a large portion of $USTC from Curve3pool to make room for the new Curve4pool.
...
Summary # On April 30, 2022, Fei Protocol, a decentralized finance (DeFi) protocol that merged with Rari Capital in 2021, was hacked for $80 million. The attacker exploited a reentrancy vulnerability in the protocol’s smart contracts to withdraw funds from the protocol’s reserves.
Attackers # The identity of the attacker(s) is unknown.
ERC-20
FeiProtocol-Fuse Exploiter: 0x6162759eDAd730152F0dF8115c698a42E666157F Losses # $80 Million
Timeline # April 30, 2022, 09:01:35 AM +UTC: The hacker exploited a reentrancy vulnerability in lending protocol April 30, 2022, 10:23:58 AM +UTC: Funds have started to be laundered through Tornado Cash.
...
Summary # On April 17, 2022, Beanstalk Farms, an Ethereum-based DeFi protocol that enables users to earn yield on their cryptocurrency deposits, fell victim to a flash loan attack. This attack resulted in a staggering loss of $182 million, including around $77 million in assets taken from liquidity pools unrelated to Beanstalk. The attacker managed to profit from the exploit, absconding with 24,840 ETH, equivalent to roughly $80 million. The remaining $106 million was returned via a flash loan to Aave, the lending platform.
...
Summary # On March 23, 2022, Ronin Network, a blockchain that powers the popular game Axie Infinity, suffered a 51% attack. This allows the attacker to control the network via compromising validators private keys and perform malicious actions, such as double-spending transactions or preventing new blocks from being mined. The attack resulted in the theft of $625 million worth of Ethereum and USDC. The hackers were able to reorganize over 100 blocks, which allowed them to double-spend large amount of assets.
...
Summary # On February 3, 2022, a security breach occurred on Wormhole, a DeFi platform designed to facilitate the transfer of tokens and NFTs across various blockchains such as Ethereum, Solana, and Binance Smart Chain. The attacker successfully exploited a vulnerability by utilizing a spoofed sysvar account, enabling them to mint 120,000 wrapped ETH (wETH) tokens on the Solana network. These tokens were later deemed invalid. Subsequently, the attacker redeemed 93,750 wETH tokens for an equivalent value of ETH tokens on the Ethereum network.
...
Summary # On February 1, 2022, BitBNS, an Indian crypto exchange, fell victim to a hacking incident resulting in the loss of $8 million. The exploit was made possible through a vulnerability in their AWS (Amazon Web Services) cloud storage, allowing the attacker to access the exchange’s private keys and steal funds. BitBNS initially attempted to hide the breach from users by tweeting about “system maintenance in progress.” The CEO later admitted to concealing the incident, stating that the decision was made following law enforcement advice.
...
Summary # On January 28, 2022, Qubit Finance, a project built on the BNB Chain (formerly known as Binance Smart Chain), announced a breach of its QBridge credit protocol on their Twitter page. The platform was hacked due to a specific vulnerability in the bridge. Hackers were able to mint an unlimited amount of xETH as collateral for loans on the Binance Smart Chain network. The platform’s native token, QBT, plummeted by 26% overnight.
...