1. Home
  2. defi exploit

defi exploit

Ronin Network Reclaims $12 Million in Stolen Digital Assets

Ronin Network Reclaims  Million in Stolen Digital AssetsRonin Network stated that digital assets worth $12 million, siphoned by so-called white hat hackers on August 6, were returned in full the same day. The Ronin team mentioned that they paused the bridge approximately 40 minutes after the first on-chain action was detected. The team also assured users that their funds were “safe and […]

BRICS Set to Welcome 9 Nations as Partners—Russia Hints 4 More to Join Soon

Attackers Steal $1.6 Million in Digital Assets From Defi Protocol Pike Finance

Attackers Steal .6 Million in Digital Assets From Defi Protocol Pike FinanceUnknown attackers recently siphoned digital assets valued at just under $1.6 million from the decentralized finance protocol, Pike Finance. The protocol announced it is offering a 20% reward for the return of the funds, while an ongoing investigation into the incident continues. USDC Vulnerability The decentralized finance (defi) protocol, Pike Finance, said on May 1 […]

BRICS Set to Welcome 9 Nations as Partners—Russia Hints 4 More to Join Soon

No ‘respite’ for exploits, flash loans or exit scams in 2023: Cybersecurity firm

The industry is likely to see “further attempts from hackers targeting bridges in 2023," while users are urged to be warier of their private keys.

The new year is a fresh start for malicious actors in the crypto space and 2023 won’t likely see a slowdown in scams, exploits and hacks, according to CertiK.

The blockchain security company told Cointelegraph its expectations for the year ahead regarding bad actors in the space, saying:

“We saw a large number of incidents last year despite the crypto bear market, so we do not anticipate a respite in exploits, flash loans or exit scams.”

Regarding other ill-natured incidents the crypto community might face, the company pointed to the “devastating” exploits that took place on cross-chain bridges in 2022. Of the 10 largest exploits during the year, six were bridge exploits, which stole a total of around $1.4 billion.

Due to these historically high returns, CertiK noted the likelihood of “further attempts from hackers targeting bridges in 2023.”

Protect your keys

On the other hand, CertiK said there will likely be “fewer brute force attacks” on crypto wallets, given that the Profanity tool vulnerability — which has been used to attack a number of crypto wallets in the past — is now widely known.

The Profanity tool allows users to generate customized “vanity” crypto addresses. A vulnerability in the tool was used to exploit $160 million worth of crypto in the September hack of algorithmic crypto market maker Wintermute, according to CertiK.

Instead, wallet compromises this year will likely come because of poor user security, CertiK said, stating:

“It’s possible that funds lost to private key compromises in 2023 will be due to poor management of private keys, bar any future vulnerability found in wallet generators.”

The firm said it will also be monitoring phishing techniques that could proliferate in the new year. It noted the slew of Discord group hacks in mid-2022 that tricked participants into clicking phishing links such as the Bored Ape Yacht Club (BAYC) Discord hack in June, which resulted in 145 Ether (ETH) being stolen.

Related: Revoke your smart contract approvals ASAP, warns crypto investor

Last year, $2.1 billion worth of crypto was stolen through just the 10 biggest incidents alone, while 2021 saw $10.2 billion total stolen from Decentralized Finance (DeFi) protocols, according to peer security firm Immunefi.

The biggest incident in 2022 — and of all time — was the Ronin bridge exploit, which saw attackers making off with around $612 million. The largest flash loan attack was the $76 million Beanstalk Farms exploit and the largest DeFi protocol exploit was the $79.3 million stolen from Rari Capital.

BRICS Set to Welcome 9 Nations as Partners—Russia Hints 4 More to Join Soon

$62M crypto stolen in Dec was the ‘lowest monthly figure’ in 2022: CertiK

December proved to be the month with the least crypto stolen in 2022, although there were still 23 major incidents, according to CertiK.

Cryptocurrency hackers and exploiters seemingly slowed down for the 2022 holidays as December saw $62.2 million worth of cryptocurrencies stolen, the “lowest monthly figure” of the year, according to CertiK.

The blockchain security company on Dec. 31 tweeted a list of the month's most significant attacks. It highlighted the $15.5 million worth of exit scams as the method that stole the most value over the month, followed by the $7.6 million worth of flash loan-based exploits.

A later tweet on Jan. 1 confirmed that the 23 largest exploits were responsible for around 98.5% of the $62.2 million figure, with the $15 million Helio Protocol incident on Dec. 2 the largest of the month.

The protocol, which manages the stablecoin HAY (HAY), suffered a loss when a trader took advantage of a price discrepancy in Ankr Reward Bearing Staked BNB (aBNBc) to borrow millions worth of HAY.

At the time, the decentralized finance (DeFi) protocol Ankr suffered a separate exploit where an attacker minted 20 trillion aBNBc, causing its price to plummet. The Helio trader quickly deposited aBNBc tokens to borrow 16 million HAY, causing the loan to be significantly undercollateralized, leading to the protocol's loss and a depeg of its stablecoin.

The second largest incident of the month was the $12.9 million exploits of Defrost Finance’s v1 and v2 protocols on Dec. 23, where an attacker carried out a flash loan attack by adding a fake collateral token and a malicious price oracle to liquidate the protocol.

Days after the exploit, the hacker returned the funds stolen from the v1 protocol to an address controlled by Defrost, though funds are yet to have been returned for the v2 hack.

CertiK labeled the exploit an “exit scam” due to the fact an admin key was required to conduct the attack. Defrost denied the allegations to Cointelegraph, claiming the key was compromised.

Related: Crypto’s recovery requires more aggressive solutions to fraud

The December figure is much lower than the month prior, seeing an 89.5% decrease from the $595 million worth of exploits across 36 major incidents CertiK recorded in November, a figure largely skewed by the $477 million hack of crypto exchange FTX.

Overall for 2022, just the largest 10 exploits of the year funneled around $2.1 billion to bad actors, largely on cross-blockchain bridges and DeFi protocols.

BRICS Set to Welcome 9 Nations as Partners—Russia Hints 4 More to Join Soon

Defi Platform Moola Exploited for $8.4 Million in Incident Described as ‘Incredibly Simple Attack’

Defi Platform Moola Exploited for .4 Million in Incident Described as ‘Incredibly Simple Attack’Moola, a decentralized finance (defi) lending and borrowing platform, was recently exploited for $8.4 million in what has been described as an “incredibly simple attack.” Moola responded to the attack by pausing all activity on the platform. The defi platform also told the attacker(s) it was willing to negotiate a “bounty payment in exchange for […]

BRICS Set to Welcome 9 Nations as Partners—Russia Hints 4 More to Join Soon

Binance CEO Says Exchange Recovered $450 Million From the Curve Finance Attack

Binance CEO Says Exchange Recovered 0 Million From the Curve Finance AttackFollowing the recent Curve Finance attack, Binance CEO Changpeng Zhao announced that the exchange had recovered $450 million from hackers. The decentralized finance (defi) platform Curve saw roughly $570 million siphoned from the application on August 9. Binance Boss Says Exchange Froze 83% of the Curve Finance Hack Funds, Domain Provider Says Exploit Was DNS […]

BRICS Set to Welcome 9 Nations as Partners—Russia Hints 4 More to Join Soon

Inverse Finance exploited again for $1.2M in flashloan oracle attack

No user funds have been affected by the exploit, but Inverse Finance has incurred a debt and offered the attacker a bounty to return the stolen funds.

Just two months after losing $15.6 million in a price oracle manipulation exploit, Inverse Finance has again been hit with a flashloan exploit that saw the attackers make off with $1.26 million in Tether (USDT) and Wrapped Bitcoin (WBTC).

Inverse Finance is an Ethereum based decentralized finance (DeFi) protocol and a flashloan is a type of crypto loan that is usually borrowed and returned within a single transaction. Oracles report outside pricing information.

The latest exploit worked by using a flashloan to manipulate the price oracle for a liquidity provider (LP) token used by the protocol’s money market application. This allowed the attacker to borrow a larger amount of the protocol’s stablecoin DOLA than the amount of collateral they posted, letting them pocket the difference.

The attack comes just over two months after a similar April 2 exploit which saw attackers artificially manipulate collateralized token prices through a price oracle to drain funds using the inflated prices.

In response to the attack, Inverse Finance temporarily paused borrowing and removed its DOLA stablecoin from the money market while it investigated the incident, saying no user funds were at risk.

It later confirmed that only the attacker's deposited collateral was affected in the incident and only incurred a debt to itself due to the stolen DOLA. It encouraged the attacker to return the funds in return for a “generous bounty”.

Related: Attackers loot $5M from Osmosis in LP exploit, $2M returned soon after

In total, the attacker’s gained 99,976 USDT and 53.2 WBTC from the attack, swapping them to ETH before sending it all through the cryptocurrency mixer Tornado Cash, attempting to obfuscate the ill-gotten gains.

The previous attack in April saw attackers make off with $15.6 million in ETH, WBTC, YFI and DOLA.

DeFi marketplace Deus Finance suffered from a similar exploit in March, with attackers manipulating a price pairing within an oracle leading to a gain of 200,000 Dai (DAI) and 1101.8 ETH worth over $3 million at the time.

Beanstalk Farms, a credit based stablecoin protocol lost all $182 million worth of collateral in a flash loan attack caused by two malicious governance proposals which in the end drained all funds from the protocol.

How the latest attack went down

Blockchain security firm BlockSec analyzed that the attacker borrowed 27,000 WBTC in a flashloan swapping a small amount to the LP token used to post collateral in Inverse Finance so users can borrow crypto assets.

The remaining WBTC was swapped to USDT, causing the price of the attacker's collateralized LP token to rise significantly in the eyes of the price oracle. With the value of these LP tokens now worth far more due to the price rise, the attacker borrowed a larger amount than usual of the DOLA stablecoin.

The value of the DOLA was worth much more than the deposited collateral, so the attacker swapped the DOLA to USDT, and the earlier WBTC to USDT swap was reversed to repay the original flashloan.

BRICS Set to Welcome 9 Nations as Partners—Russia Hints 4 More to Join Soon

Illicit crypto usage as a percent of total usage has fallen: Report

A rapidly growing crypto market means that hacks and scams are accounting for less overall activity, and their percentage of total usage continues to decline.

Illicit cryptocurrency activity in 2021 and the first quarter of 2022 has declined as a percentage of overall crypto activity, according to blockchain forensics firm CipherTrace.

The cryptocurrency industry has long held a reputation in some jurisdictions as a haven for illegal activity. However, CipherTrace estimates that illicit activity was between 0.62% and 0.65% of overall cryptocurrency activity in 2020. The firm reported that it has now fallen to between 0.10% and 0.15% of overall activity in 2021.

Source: CipherTrace

In its Cryptocurrency Crime and Anti-Money Laundering Report released June 13, CipherTrace outlined that the top ten decentralized finance (DeFi) hacks in 2021 and Q1 2022 netted attackers $2.4 billion.

Over half of that figure came from just two events, the largest being the late March 2022 Ronin Network exploit worth about $650 million and the $610 million August 2021 hack of the Poly Network, most of which was returned by the anonymous hacker.

Within a similar time period, anti-money laundering (AML) related fines in the banking sector increased dramatically with 80 institutions fined in 2021, up from just 24 in 2020 according to Kyckr.

While the total dollar amount of the fines fell from 2020, last year saw the banks pay $2.7 billion worth of fines for AML or Know Your Customer (KYC) related violations, the largest single fine totaling around $700 million.

While significant sums have been exploited in crypto, CipherTrace detailed the rapidly expanding crypto ecosystem, noting the total crypto market activity for 2020 was around $4.3 trillion, which grew to approximately $16 trillion of activity just in the first half of 2021.

CipherTrace says that the growth of the crypto market also brings with it increased scrutiny from the world's regulators, who are “starting to take decisive action to ensure that the space isn’t just a modern-day wild west.”

Related: A life after crime: What happens to crypto seized in criminal investigations?

Some of the most significant regulatory events cited in the report include the United States President Biden’s crypto executive order in March to study blockchain technology, Dubai establishing a virtual assets regulator, and the European Union’s proposed anti-money laundering laws.

CipherTrace added organizations are going to have a “very real incentive to shape up” or face “heavy losses at the hands of the government,” adding it expects the threats existing in crypto will be the focus of future regulatory efforts.

BRICS Set to Welcome 9 Nations as Partners—Russia Hints 4 More to Join Soon

Maiar decentralized crypto exchange goes offline after bug discovery

The DEX has been taken offline due to the discovery of the bug, and the team has implemented an “emergency fix” and update.

The Maiar Exchange, a decentralized exchange (DEX) native to the Elrond blockchain, has been temporarily taken offline after an attacker utilized an exploit and made off with roughly $113 million worth of Elrond eGold (EGLD).

Minutes before 12:00 am UTC on Monday, the co-founder and CEO of Elrond, Beniamin Mincu, tweeted that he and his team were “investigating a set of suspicious activities” on the Maiar decentralized cryptocurrency exchange.

Soon after, the DEX was taken offline, with Mincu reporting that the issue had been identified and an “emergency fix” was being implemented.

In a Twitter thread posted almost 24 hours later at around 11:00 pm UTC on Monday, Mincu said a potentially critical bug was identified that opened “an exploit area that we simply had to address and mitigate immediately.”

The suspicious activities have been possibly identified and explained in a Twitter thread by pseudonymous on-chain analyst Foudres, who revealed that the potential attacker deployed a smart contract that somehow allowed them to withdraw over 1.65 million EGLD.

Three wallets were able to mysteriously withdraw 800,000, 400,000 and 450,000 EGLD, respectively, which at current prices is worth nearly $113 million in total.

The attackers were able to sell around 800,000 EGLD, worth around $54 million, which caused the price of EGLD on Maiar to plummet from $76 down to around $5. The rest of the crypto is either still held in various wallets, has been bridged to USD Coin (USDC) and Ether (ETH), or was sold on centralized exchanges.

The price of EGLD dropped 9.5% from around $74 down to a 24-hour low of $65.50 but has since slightly recovered, now trading near $68.

Mincu stated in his update that an upgrade was implemented to fix the bug and a technical explanation would be provided after clarification that the implemented solutions are tested and working.

Related: DeFi attacks are on the rise — Will the industry be able to stem the tide?

He claimed that all funds are safe and will be available when the DEX restarts, which is scheduled for Tuesday, saying most exploited funds have been either recovered in full or will be covered by the Elrond Foundation.

As previously reported by Cointelegraph, approximately $1.6 billion in cryptocurrency has been stolen from decentralized finance (DeFi) platforms in the first quarter of 2022, and over 90% of all stolen crypto is from hacked decentralized finance (DeFi) protocols such as DEXs.

BRICS Set to Welcome 9 Nations as Partners—Russia Hints 4 More to Join Soon

More than $1.6 billion exploited from DeFi so far in 2022

The amount exploited this year so far surpasses the total amount stolen in all of 2020 and 2021 combined, with the month of March alone beating 2020 by over $200 million.

The decentralized finance (DeFi) space has been rife with hacks, exploits, and scams so far this year with over $1.6 billion in crypto stolen from users, surpassing the total amount stolen in 2020 and 2021 combined.

Analysis from blockchain security firm CertiK revealed the statistics on May 2 showing the month of March having the most value stolen at $719.2 million, over $200 million more than what was stolen in all of 2020. The March figure is largely due to the Ronin Bridge exploit where attackers made off with over $600 million worth of crypto.

April was a busy month for attacks with CertiK recording 31 major incidents, an average of nearly one a day. The most valuable was the $182 million siphoned from Beanstalk Farms using a flash loan attack.

CertiK noted the nearly $80 million lost by Fei Protocol, the second most valuable heist last month, and the $10 million lost from automated market maker protocol Saddle Finance which both took place at the end of the month.

Both protocols took to Twitter to offer their respective attackers a bounty in exchange for returning the stolen funds. Whilst the chances of that happening may be slim, it’s not unheard of as the Poly Network hacker in 2021 returned nearly all of the $610 million stolen from the network along with refusing a $500,000 bounty reward.

CertiK said that April 2022 “holds the record for highest dollar amount losses in flash loan attacks ever recorded by us” with losses from that type of exploit reaching $301.4 million. In comparison, flash loan attack losses in January, February, and March 2022 combined were only $6.7 million.

Related: The biggest crypto heists of all time

The analysis of this year's DeFi exploits comes as the total value locked (TVL) in DeFi has dropped below $200 billion for the first time since March 16 according to DeFiLlama.

Between April 30 and May 1, TVL dropped by just over 3.5% to $195.87 billion, only slightly recovering to $199.42 billion today Tuesday, May 3. The last 30 days since April 3 have seen a 13.5% decrease in TVL and a nearly 22% decline since the all-time high of over $254 billion on December 2, 2021.

BRICS Set to Welcome 9 Nations as Partners—Russia Hints 4 More to Join Soon