1. Home
  2. crypto exploit

crypto exploit

EigenLayer says $5.7M hack ‘isolated’ incident, no vulnerability on protocol

EigenLayer said that some of the stolen funds have been frozen as part of ongoing recovery efforts.

Ethereum restaking protocol EigenLayer assured the community that its protocol has no vulnerabilities after an incident where almost $6 million in tokens were stolen from an investor. 

On Oct. 4, the EigenLayer team said it was investigating an “unapproved selling activity” concerning a wallet ending in “f10D.” The wallet address sold about 1.6 million of EigenLayer’s EIGEN tokens, worth about $5.7 million. 

Etherscan quickly marked the address as under investigation following EigenLayer’s announcement. 

Read more

Ethereum layer 2s hold $13.5B stablecoin supply

Alex Labs rolls out post-exploit recovery plan

Alex Labs has revealed a recovery roadmap and enhanced security measures post-exploit aimed at rebuilding community trust and resuming operations.

Alex Labs, a Bitcoin layer-2 (L2) developer, announced its roadmap to restore community trust and restart operations on its platform after a recent breach.

The Alex Labs Foundation has two ongoing governance votes, including the re-opening of pools and plans to roll out the migration of its native token and automated market maker (AMM).

The Alex Lab Foundation hosted an X Space on May 29, during which the team detailed the recovery process, answered community questions, and discussed governance.

Read more

Ethereum layer 2s hold $13.5B stablecoin supply

Losses from crypto rug pulls outpaced DeFi exploits in May: Beosin

Over $45 million was lost to exit scams in May while exploits on DeFi protocols racked up less than half that amount over the same period.

The amount of cryptocurrency lost to "rug pull" or "exit scams" — where founders suddenly up and leave with investors’ money — had outpaced the amount stolen from decentralized finance (DeFi) projects in May, a blockchain security firm has revealed.

A June 1 report from Beosin said in May total losses from rug pulls and scams reached over $45 million across six incidents.

Meanwhile, there were 10 attacks on decentralized finance (DeFi) protocols that netted only $19.7 million. The amount is a nearly 80% decrease from April and losses from these types of exploits had been on the decline for two months, it added.

The largest of such rug pulls was the $32 million that crypto project Fintoch is alleged to have made off with on May 24. The $7.5 million attack on the DeFi platform Jimbos protocol was the largest attack last month according to Beosin.

Related: Could Ben.eth’s PSYOP tokens face legal scrutiny? It depends, say lawyers

“Hackers and scammers are gradually shifting the target of their attacks from various project parties to ordinary users,” Beosin wrote.

It recommended crypto users “raise their anti-fraud awareness,” undertake due diligence on a project before investing and learn how to better safeguard their crypto.

Beosin also warned against using shared or public charging devices for mobile phones as these could potentially be modified to inject malicious programs that could compromise private keys.

In April, the United States Federal Bureau of Investigation (FBI) issued a similar warning the use of free charging stations such as those found at airports should be avoided.

“Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices,” the FBI’s Denver office tweeted on April 6. It instead advised carrying a charger and USB cord for use in an electrical outlet.

Hall of Flame: Crypto Wendy on trashing the SEC, sexism, and how underdogs can win

Ethereum layer 2s hold $13.5B stablecoin supply

The 10 largest crypto hacks and exploits in 2022 saw $2.1B stolen

Just the top 10 major cryptocurrency exploits garnered over $2 billion for malicious actors in a year that was marred with bankruptcies and collapses.

It's been a turbulent year for the cryptocurrency industry — market prices have taken a huge dip, crypto giants have collapsed and billions have been stolen in crypto exploits and hacks.

It was not even halfway through October when Chainalysis declared 2022 to be the “biggest year ever for hacking activity.”

As of Dec. 29, the 10 largest exploits of 2022 have seen $2.1 billion stolen from crypto protocols. Below are those exploits and hacks, ranked from smallest to largest.

10: Beanstalk Farms exploit — $76M

Stablecoin protocol Beanstalk Farms suffered a $76 million exploit on April 18 from an attacker using a flash loan to buy governance tokens. This was used to pass two proposals that inserted malicious smart contracts.

The exploit was initially thought to have cost around $182 million as Beanstalk was drained of all its collateral but in the end, the attacker only managed to get away with less than half that.

9: Qubit Finance bridge exploit — $80M

Qubit Finance, a decentralized finance (DeFi) protocol on BNB Smart Chain, had over $80 million worth of BNB (BNB) stolen on Jan. 28 in a bridge exploit.

The attacker duped the protocol's smart contract into believing they had deposited collateral that allowed them to mint an asset representing bridged Ether (ETH).

They repeated this multiple times and borrowed multiple cryptocurrencies against the unbacked bridged ETH, draining the protocol’s funds.

8: Rari Fuse exploit — $79.3M

Another DeFi protocol called Rari Capital was exploited on April 30 for the sum of roughly $79.3 million.

The attacker exploited a reentrancy vulnerability in the protocol’s Rar Fuse liquidity pool smart contracts, making them call a function to a malicious contract to drain the pools of all crypto.

In September, Tribe DAO, which includes Rari Capital and other DeFi protocols, voted to reimburse affected users from the hack.

7: Harmony bridge hack — $100M

In yet another bridge hack, the Horizon Bridge that links Ethereum, Bitcoin (BTC), and BNB Chain to Harmony’s layer-1 blockchain was drained of around $100 million in multiple cryptocurrencies.

Blockchain forensics firm Elliptic pinned the hack on North Korean cybercriminal syndicate Lazarus Group, as the funds were laundered in a similar way to other known Lazarus attacks.

Lazarus is understood to have targeted Harmony employee login credentials, breaching the platform’s security system and gaining control of the protocol before deploying automated laundering programs to move their ill-gotten gains.

6: BNB Chain bridge exploit — $100M

The BNB Chain was paused on Oct. 6 due to “irregular activity” on the network, which later was revealed as an exploit that drained around $100 million from its cross-chain bridge, the BSC Token Hub.

Initially, it was thought the attacker was able to take around $600 million due to a vulnerability that allowed the creation of roughly two million BNB, the chain’s native token.

Unfortunately for the attacker, they had roughly over $400 million worth of digital assets frozen on the blockchain and more was possibly stuck in cross-chain bridges on the BNB blockchain side.

5: Wintermute hack — $160M

United Kingdom based crypto market-maker Wintermute suffered from a compromised hot wallet that saw approximately $160 million across 70 tokens transferred out of the wallet.

Analysis from blockchain cybersecurity firm CertiK claimed a vulnerable private key was attacked that was likely generated by Profanity — an app that allows users to generate vanity crypto addresses, that has a known exploit.

According to CertiK, this allowed the attacker to use a function with the private key that allowed the hacker to change the platform’s swap contract to the hacker’s own.

Conspiracy theories alleging the hack was an “inside job” due to how it was carried out were debunked by blockchain security firm BlockSec, who said the allegations were “not convincing enough.”

4: Nomad token bridge exploit — 190M

On Aug. 2, the Nomad token bridge, which allows users to swap cryptocurrencies across multiple blockchains, was drained by multiple attackers to the tune of $190 million.

A smart contract vulnerability that failed to properly validate transaction inputs was the cause of the exploit.

Multiple users, seemingly both malicious and benevolent, were able to copy the original attacker’s moves to funnel funds to themselves. Around 88% of addresses taking part in the exploit were identified as “copycats” in a report.

Only around $32.6 million worth of funds were able to be intercepted and returned to the protocol by white hat hackers.

3: Wormhole bridge exploit — $321M

The Wormhole token bridge suffered an exploit on Feb. 2 that resulted in the loss of 120,000 Wrapped Ether (wETH) tokens worth $321 million.

Wormhole allows users to send and receive crypto between multiple blockchains. An attacker found a vulnerability in the protocol’s smart contract and was able to mint 120,000 wETH on Solana (SOL) unbacked by collateral and was then able to swap this for ETH.

At the time it was marked as the largest exploit in 2022 and is the third-largest protocol loss overall for the year.

2: FTX wallet hack — $477 million

During the start of FTX’s bankruptcy proceedings on Nov. 11 and 12, a series of unauthorized transactions took place at the exchange, with Elliptic suggesting that around $477 million worth of crypto was stolen.

Sam Bankman-Fried said in a Nov. 16 interview that he believed it was “either an ex-employee or somewhere someone installed malware on an ex-employee’s computer” and had narrowed the perpetrator down to eight people before he was shut out of the company’s systems.

Related: 7 biggest crypto collapses of 2022 the industry would like to forget

According to reports, on Dec. 27 the United States Department of Justice launched an investigation into the whereabouts of around $372 million of the missing crypto.

1: Ronin bridge hack — $612M

The largest exploit to take place in 2022 happened on March 23, when the Ronin bridge was exploited for around $612 million — 173,600 ETH and 25.5 million USD Coin (USDC).

Ronin is an Ethereum sidechain built for Axie Infinity, a play-to-earn nonfungible token (NFT) game. Sky Mavis, Axie Infinity’s developers, said the hackers gained access to private keys, compromised validator nodes and approved transactions that drained funds from the bridge.

The U.S. Treasury Department updated its Specially Designated Nationals and Blocked Persons (SDN) list on April 14 to reflect the possibility that Lazarus Group was behind the bridge’s exploit.

The Ronin bridge hack is the largest cryptocurrency exploit to ever take place.

Ethereum layer 2s hold $13.5B stablecoin supply

$100M drained from Solana DeFi platform Mango Markets, token plunges 52%

The platform’s treasury was drained of over $100 million worth of cryptocurrency after an attacker manipulated price data of its native token to take out loans against their holdings.

Solana (SOL) based decentralized finance (DeFi) exchange Mango Markets has been hit with a reported exploit of over $100 million through an attacker manipulating price oracle data, allowing them to take out under-collateralized cryptocurrency loans.

The exploit was first identified by blockchain security firm OtterSec which tweeted the exchange had been drained of over $100 million due to the attacker manipulating the value of their Mango (MNGO) native token collateral, then taking out “massive loans” from Mango’s treasury.

The Mango Markets team tweeted soon after warning users not to deposit funds until “the situation was more clear” and asked the attacker to contact them to discuss a bug bounty.

The team later confirmed the manipulation of a price oracle — a price data feed of the value of its MNGO token — and stated that it had disabled deposits whilst it continued investigations of the incident.

Due to news of the exploit, the price of the platforms’ MNGO token has fallen by around 52% in the last 24-hours at the time of writing according to data from CoinGecko.

Related: TempleDAO exploit results in $2M loss

The exploiters' account on the platform shows the three largest withdrawals were for $50 million worth of USD Coin (USDC), over $26.7 million worth of a Solana staking token called Marinade Staked SOL (mSOL), and nearly $24 million worth of SOL.

Over $14.7 million worth of MNGO was withdrawn and Mango said it’s “taking steps to have third parties freeze funds in flight.”

Meanwhile, the QANplatform blockchain also suffered from an exploit of its ownon Oct. 11, with its Ethereum (ETH) bridge drained of around $1.89 million worth of its native QANX token according to blockchain security company Beosin. QANplatform says it’s investigating the incident.

Ethereum layer 2s hold $13.5B stablecoin supply

Inverse Finance exploited again for $1.2M in flashloan oracle attack

No user funds have been affected by the exploit, but Inverse Finance has incurred a debt and offered the attacker a bounty to return the stolen funds.

Just two months after losing $15.6 million in a price oracle manipulation exploit, Inverse Finance has again been hit with a flashloan exploit that saw the attackers make off with $1.26 million in Tether (USDT) and Wrapped Bitcoin (WBTC).

Inverse Finance is an Ethereum based decentralized finance (DeFi) protocol and a flashloan is a type of crypto loan that is usually borrowed and returned within a single transaction. Oracles report outside pricing information.

The latest exploit worked by using a flashloan to manipulate the price oracle for a liquidity provider (LP) token used by the protocol’s money market application. This allowed the attacker to borrow a larger amount of the protocol’s stablecoin DOLA than the amount of collateral they posted, letting them pocket the difference.

The attack comes just over two months after a similar April 2 exploit which saw attackers artificially manipulate collateralized token prices through a price oracle to drain funds using the inflated prices.

In response to the attack, Inverse Finance temporarily paused borrowing and removed its DOLA stablecoin from the money market while it investigated the incident, saying no user funds were at risk.

It later confirmed that only the attacker's deposited collateral was affected in the incident and only incurred a debt to itself due to the stolen DOLA. It encouraged the attacker to return the funds in return for a “generous bounty”.

Related: Attackers loot $5M from Osmosis in LP exploit, $2M returned soon after

In total, the attacker’s gained 99,976 USDT and 53.2 WBTC from the attack, swapping them to ETH before sending it all through the cryptocurrency mixer Tornado Cash, attempting to obfuscate the ill-gotten gains.

The previous attack in April saw attackers make off with $15.6 million in ETH, WBTC, YFI and DOLA.

DeFi marketplace Deus Finance suffered from a similar exploit in March, with attackers manipulating a price pairing within an oracle leading to a gain of 200,000 Dai (DAI) and 1101.8 ETH worth over $3 million at the time.

Beanstalk Farms, a credit based stablecoin protocol lost all $182 million worth of collateral in a flash loan attack caused by two malicious governance proposals which in the end drained all funds from the protocol.

How the latest attack went down

Blockchain security firm BlockSec analyzed that the attacker borrowed 27,000 WBTC in a flashloan swapping a small amount to the LP token used to post collateral in Inverse Finance so users can borrow crypto assets.

The remaining WBTC was swapped to USDT, causing the price of the attacker's collateralized LP token to rise significantly in the eyes of the price oracle. With the value of these LP tokens now worth far more due to the price rise, the attacker borrowed a larger amount than usual of the DOLA stablecoin.

The value of the DOLA was worth much more than the deposited collateral, so the attacker swapped the DOLA to USDT, and the earlier WBTC to USDT swap was reversed to repay the original flashloan.

Ethereum layer 2s hold $13.5B stablecoin supply