7 DeFi protocol hacks in Feb see $21 million in funds stolen: DefiLlama

Reentrancy, worth oracle assaults and exploits throughout seven protocols brought on the decentralized finance (DeFi) house to bleed not less than $21 million in crypto in February. 

In accordance with DeFi information analytics platform DefiLlama, one of many largest within the month was the flash mortgage reentrancy assault on Platypus Finance, which led to $8.5 million of funds misplaced.

DefiLlama highlighted six different noteworthy hacks within the month, the primary being the worth oracle assault on BonqDAO on Feb 1.

DeFi platforms suffered seven assaults all through February. Supply: DefiLlama

BonqDAO: $1.7 million

BonqDAO revealed to its followers in a Feb. 1 put up that its Bonq protocol was uncovered to an oracle assault that allowed the exploiter to control the worth of the AllianceBlock (ALBT) token.

The exploiter elevated the ALBT worth and minted massive quantities of Bonq Euro (BEUR). The BEUR was then swapped for different tokens on Uniswap. Then, the worth decreased to nearly zero, which triggered the liquidation of ALBT.

Blockchain safety agency PeckShield estimated the losses to be round $120 million; nevertheless, it was later revealed hackers reportedly solely cashed out round $1 million attributable to a scarcity of liquidity on BonqDAO.

Orion Protocol: $Three million

Only a day later, on Feb. 2, decentralized alternate Orion Protocol suffered a lack of roughly $Three million by way of a reentrancy assault, the place attackers used a malicious good contract to empty funds from a goal with repeated withdrawal orders.

Orion Protocol CEO Alexey Koloskov confirmed the assault on the time, assuring everybody that “All customers’ funds are secure and safe.“

“We now have causes to consider that the problem was not a results of any shortcomings in our core protocol code however moderately may need been brought on by a vulnerability in mixing third-party libraries in one of many good contracts utilized by our experimental and personal brokers,” he mentioned.

DForce Community: $3.65 million

DeFi protocol dForce community was one other February sufferer of a reentrancy assault leading to round $3.65 million in losses.

In a Feb. 10 put up, dForce confirmed the exploit; nevertheless, in a twist, all funds have been returned when the attacker got here ahead as a white hat hacker.

“On Feb. 13, 2023, the exploited funds have been absolutely returned to our multisig on each Arbitrum and Optimism, an ideal ending for all,” dForce mentioned.

Platypus Finance: $9.1 million

On Feb. 16, DeFi protocol Platypus Finance suffered a flash mortgage assault leading to $8.5 million being drained from the protocol.

A autopsy report from Platypus auditor Omniscia famous that the assault was attainable due to code within the mistaken order.

On Feb. 23, the group introduced that they’re in search of to return round 78% of the principle pool funds by reminting frozen stablecoins.

The group additionally confirmed second and third incidents, which led to a different $667,000 exploited, bringing whole losses to round $9.1 million.

French police arrested two suspects associated to the hack and seized round $222,000 price of crypto property on Feb. 25.

Hope Finance: $1.86 million

Just a few days later, on Feb. 20, customers of Arbitrum-based algorithmic stablecoin venture Hope Finance fell prey to a sensible contract exploit, which noticed roughly $2 million stolen from customers.

Web3 safety agency CertiK flagged the incident on Feb. 21, following an announcement from the Hope Finance Twitter account notifying customers of the rip-off.

A member of the CertiK group informed Cointelegraph on the time that the scammer had modified the small print of the good contract, which led to funds being drained from Hope Finance genesis protocol:

“It seems that the scammer modified the TradingHelper contract which meant that when 0x4481 calls OpenTrade on the GenesisRewardPool the funds are transferred to the scammer.”

Dexible: $2 million

Multichain alternate aggregator Dexible was hit by an exploit that focused the app’s selfSwap perform, with $2 million price of cryptocurrency misplaced attributable to the Feb. 17 assault.

In accordance with a Feb. 18 put up from the alternate, “a hacker exploited a vulnerability in our latest good contract. This allowed the hacker to steal funds from any pockets that had an unspent spend approval on the contract.“

After investigating, the Dexible group discovered the attacker had used the app’s selfSwap perform to maneuver over $2 million price of crypto from customers that had beforehand approved the app to maneuver their tokens.

After receiving the tokens into their very own good contract, the attacker withdrew the cash by way of Twister Money into unknown BNB (BNB) wallets.

LaunchZone: $700,000

BNB Chain-based DeFi protocol LaunchZone had $700,000 price of funds drained on Feb. 27.

In accordance with blockchain safety agency Immunefi, an attacker leveraged an unverified contract to empty the funds.

“An approval had been made to the unverified contract…


You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *