Attackers Steal $1.6 Million in Digital Assets From Defi Protocol Pike Finance

May 2, 2024 Bitcoin.com

No ‘respite’ for exploits, flash loans or exit scams in 2023: Cybersecurity firm

January 3, 2023 Coin Telegraph

2022 crypto scams

The industry is likely to see “further attempts from hackers targeting bridges in 2023," while users are urged to be warier of their private keys.

The new year is a fresh start for malicious actors in the crypto space and 2023 won’t likely see a slowdown in scams, exploits and hacks, according to CertiK.

The blockchain security company told Cointelegraph its expectations for the year ahead regarding bad actors in the space, saying:

“We saw a large number of incidents last year despite the crypto bear market, so we do not anticipate a respite in exploits, flash loans or exit scams.”

Regarding other ill-natured incidents the crypto community might face, the company pointed to the “devastating” exploits that took place on cross-chain bridges in 2022. Of the 10 largest exploits during the year, six were bridge exploits, which stole a total of around $1.4 billion.

Due to these historically high returns, CertiK noted the likelihood of “further attempts from hackers targeting bridges in 2023.”

Protect your keys

On the other hand, CertiK said there will likely be “fewer brute force attacks” on crypto wallets, given that the Profanity tool vulnerability — which has been used to attack a number of crypto wallets in the past — is now widely known.

The Profanity tool allows users to generate customized “vanity” crypto addresses. A vulnerability in the tool was used to exploit $160 million worth of crypto in the September hack of algorithmic crypto market maker Wintermute, according to CertiK.

Instead, wallet compromises this year will likely come because of poor user security, CertiK said, stating:

“It’s possible that funds lost to private key compromises in 2023 will be due to poor management of private keys, bar any future vulnerability found in wallet generators.”

The firm said it will also be monitoring phishing techniques that could proliferate in the new year. It noted the slew of Discord group hacks in mid-2022 that tricked participants into clicking phishing links such as the Bored Ape Yacht Club (BAYC) Discord hack in June, which resulted in 145 Ether (ETH) being stolen.

Last year, $2.1 billion worth of crypto was stolen through just the 10 biggest incidents alone, while 2021 saw $10.2 billion total stolen from Decentralized Finance (DeFi) protocols, according to peer security firm Immunefi.

The biggest incident in 2022 — and of all time — was the Ronin bridge exploit, which saw attackers making off with around $612 million. The largest flash loan attack was the $76 million Beanstalk Farms exploit and the largest DeFi protocol exploit was the $79.3 million stolen from Rari Capital.

$62M crypto stolen in Dec was the ‘lowest monthly figure’ in 2022: CertiK

January 2, 2023 Coin Telegraph

2022 crypto hacks

December proved to be the month with the least crypto stolen in 2022, although there were still 23 major incidents, according to CertiK.

Cryptocurrency hackers and exploiters seemingly slowed down for the 2022 holidays as December saw $62.2 million worth of cryptocurrencies stolen, the “lowest monthly figure” of the year, according to CertiK.

The blockchain security company on Dec. 31 tweeted a list of the month's most significant attacks. It highlighted the $15.5 million worth of exit scams as the method that stole the most value over the month, followed by the $7.6 million worth of flash loan-based exploits.

#CertiKStatsAlert

Combining all the incidents in December we’ve confirmed ~$62.2M lost to exploits, hacks and scams.

The lowest monthly figure this year.

Exit scams were ~$15.5M

Flashloans were ~$7.6M

See the details below pic.twitter.com/1ub3mYVv6K
— CertiK Alert (@CertiKAlert) December 31, 2022

A later tweet on Jan. 1 confirmed that the 23 largest exploits were responsible for around 98.5% of the $62.2 million figure, with the $15 million Helio Protocol incident on Dec. 2 the largest of the month.

The protocol, which manages the stablecoin HAY (HAY), suffered a loss when a trader took advantage of a price discrepancy in Ankr Reward Bearing Staked BNB (aBNBc) to borrow millions worth of HAY.

At the time, the decentralized finance (DeFi) protocol Ankr suffered a separate exploit where an attacker minted 20 trillion aBNBc, causing its price to plummet. The Helio trader quickly deposited aBNBc tokens to borrow 16 million HAY, causing the loan to be significantly undercollateralized, leading to the protocol's loss and a depeg of its stablecoin.

The second largest incident of the month was the $12.9 million exploits of Defrost Finance’s v1 and v2 protocols on Dec. 23, where an attacker carried out a flash loan attack by adding a fake collateral token and a malicious price oracle to liquidate the protocol.

Days after the exploit, the hacker returned the funds stolen from the v1 protocol to an address controlled by Defrost, though funds are yet to have been returned for the v2 hack.

CertiK labeled the exploit an “exit scam” due to the fact an admin key was required to conduct the attack. Defrost denied the allegations to Cointelegraph, claiming the key was compromised.

The December figure is much lower than the month prior, seeing an 89.5% decrease from the $595 million worth of exploits across 36 major incidents CertiK recorded in November, a figure largely skewed by the $477 million hack of crypto exchange FTX.

#CertiKStatsAlert

36 major attacks were recorded in November totalling a loss of ~$595 Million.

As always, make sure a project has an audit & KYC before investing!

Remember to always #DYOR and read the audit reports! pic.twitter.com/UhiDU2itAm
— CertiK Alert (@CertiKAlert) December 1, 2022

Overall for 2022, just the largest 10 exploits of the year funneled around $2.1 billion to bad actors, largely on cross-blockchain bridges and DeFi protocols.

Defi Platform Moola Exploited for $8.4 Million in Incident Described as ‘Incredibly Simple Attack’

October 19, 2022 Bitcoin.com

Binance CEO Says Exchange Recovered $450 Million From the Curve Finance Attack

August 13, 2022 Bitcoin.com

Inverse Finance exploited again for $1.2M in flashloan oracle attack

June 17, 2022 Coin Telegraph

Inverse Finance exploited again for .2M in flashloan oracle attack

Coin Telegraph

No user funds have been affected by the exploit, but Inverse Finance has incurred a debt and offered the attacker a bounty to return the stolen funds.

Just two months after losing $15.6 million in a price oracle manipulation exploit, Inverse Finance has again been hit with a flashloan exploit that saw the attackers make off with $1.26 million in Tether (USDT) and Wrapped Bitcoin (WBTC).

Inverse Finance is an Ethereum based decentralized finance (DeFi) protocol and a flashloan is a type of crypto loan that is usually borrowed and returned within a single transaction. Oracles report outside pricing information.

The latest exploit worked by using a flashloan to manipulate the price oracle for a liquidity provider (LP) token used by the protocol’s money market application. This allowed the attacker to borrow a larger amount of the protocol’s stablecoin DOLA than the amount of collateral they posted, letting them pocket the difference.

The attack comes just over two months after a similar April 2 exploit which saw attackers artificially manipulate collateralized token prices through a price oracle to drain funds using the inflated prices.

In response to the attack, Inverse Finance temporarily paused borrowing and removed its DOLA stablecoin from the money market while it investigated the incident, saying no user funds were at risk.

Inverse has temporarily paused borrows following an incident this morning where DOLA was removed from our money market, Frontier. We are investigating the incident however no user funds were taken or were at risk. We are investigating and will provide more details soon.
— Inverse+ (@InverseFinance) June 16, 2022

It later confirmed that only the attacker's deposited collateral was affected in the incident and only incurred a debt to itself due to the stolen DOLA. It encouraged the attacker to return the funds in return for a “generous bounty”.

In total, the attacker’s gained 99,976 USDT and 53.2 WBTC from the attack, swapping them to ETH before sending it all through the cryptocurrency mixer Tornado Cash, attempting to obfuscate the ill-gotten gains.

The previous attack in April saw attackers make off with $15.6 million in ETH, WBTC, YFI and DOLA.

DeFi marketplace Deus Finance suffered from a similar exploit in March, with attackers manipulating a price pairing within an oracle leading to a gain of 200,000 Dai (DAI) and 1101.8 ETH worth over $3 million at the time.

Beanstalk Farms, a credit based stablecoin protocol lost all $182 million worth of collateral in a flash loan attack caused by two malicious governance proposals which in the end drained all funds from the protocol.

How the latest attack went down

Blockchain security firm BlockSec analyzed that the attacker borrowed 27,000 WBTC in a flashloan swapping a small amount to the LP token used to post collateral in Inverse Finance so users can borrow crypto assets.

The remaining WBTC was swapped to USDT, causing the price of the attacker's collateralized LP token to rise significantly in the eyes of the price oracle. With the value of these LP tokens now worth far more due to the price rise, the attacker borrowed a larger amount than usual of the DOLA stablecoin.

The value of the DOLA was worth much more than the deposited collateral, so the attacker swapped the DOLA to USDT, and the earlier WBTC to USDT swap was reversed to repay the original flashloan.

Illicit crypto usage as a percent of total usage has fallen: Report

June 14, 2022 Coin Telegraph

AML

A rapidly growing crypto market means that hacks and scams are accounting for less overall activity, and their percentage of total usage continues to decline.

Illicit cryptocurrency activity in 2021 and the first quarter of 2022 has declined as a percentage of overall crypto activity, according to blockchain forensics firm CipherTrace.

The cryptocurrency industry has long held a reputation in some jurisdictions as a haven for illegal activity. However, CipherTrace estimates that illicit activity was between 0.62% and 0.65% of overall cryptocurrency activity in 2020. The firm reported that it has now fallen to between 0.10% and 0.15% of overall activity in 2021.

In its Cryptocurrency Crime and Anti-Money Laundering Report released June 13, CipherTrace outlined that the top ten decentralized finance (DeFi) hacks in 2021 and Q1 2022 netted attackers $2.4 billion.

Over half of that figure came from just two events, the largest being the late March 2022 Ronin Network exploit worth about $650 million and the $610 million August 2021 hack of the Poly Network, most of which was returned by the anonymous hacker.

Within a similar time period, anti-money laundering (AML) related fines in the banking sector increased dramatically with 80 institutions fined in 2021, up from just 24 in 2020 according to Kyckr.

While the total dollar amount of the fines fell from 2020, last year saw the banks pay $2.7 billion worth of fines for AML or Know Your Customer (KYC) related violations, the largest single fine totaling around $700 million.

While significant sums have been exploited in crypto, CipherTrace detailed the rapidly expanding crypto ecosystem, noting the total crypto market activity for 2020 was around $4.3 trillion, which grew to approximately $16 trillion of activity just in the first half of 2021.

CipherTrace says that the growth of the crypto market also brings with it increased scrutiny from the world's regulators, who are “starting to take decisive action to ensure that the space isn’t just a modern-day wild west.”

Some of the most significant regulatory events cited in the report include the United States President Biden’s crypto executive order in March to study blockchain technology, Dubai establishing a virtual assets regulator, and the European Union’s proposed anti-money laundering laws.

CipherTrace added organizations are going to have a “very real incentive to shape up” or face “heavy losses at the hands of the government,” adding it expects the threats existing in crypto will be the focus of future regulatory efforts.

Maiar decentralized crypto exchange goes offline after bug discovery

June 7, 2022 Coin Telegraph

Coin Telegraph

The DEX has been taken offline due to the discovery of the bug, and the team has implemented an “emergency fix” and update.

The Maiar Exchange, a decentralized exchange (DEX) native to the Elrond blockchain, has been temporarily taken offline after an attacker utilized an exploit and made off with roughly $113 million worth of Elrond eGold (EGLD).

Minutes before 12:00 am UTC on Monday, the co-founder and CEO of Elrond, Beniamin Mincu, tweeted that he and his team were “investigating a set of suspicious activities” on the Maiar decentralized cryptocurrency exchange.

Soon after, the DEX was taken offline, with Mincu reporting that the issue had been identified and an “emergency fix” was being implemented.

In a Twitter thread posted almost 24 hours later at around 11:00 pm UTC on Monday, Mincu said a potentially critical bug was identified that opened “an exploit area that we simply had to address and mitigate immediately.”

The suspicious activities have been possibly identified and explained in a Twitter thread by pseudonymous on-chain analyst Foudres, who revealed that the potential attacker deployed a smart contract that somehow allowed them to withdraw over 1.65 million EGLD.

Three wallets were able to mysteriously withdraw 800,000, 400,000 and 450,000 EGLD, respectively, which at current prices is worth nearly $113 million in total.

The attackers were able to sell around 800,000 EGLD, worth around $54 million, which caused the price of EGLD on Maiar to plummet from $76 down to around $5. The rest of the crypto is either still held in various wallets, has been bridged to USD Coin (USDC) and Ether (ETH), or was sold on centralized exchanges.

The price of EGLD dropped 9.5% from around $74 down to a 24-hour low of $65.50 but has since slightly recovered, now trading near $68.

Mincu stated in his update that an upgrade was implemented to fix the bug and a technical explanation would be provided after clarification that the implemented solutions are tested and working.

He claimed that all funds are safe and will be available when the DEX restarts, which is scheduled for Tuesday, saying most exploited funds have been either recovered in full or will be covered by the Elrond Foundation.

As previously reported by Cointelegraph, approximately $1.6 billion in cryptocurrency has been stolen from decentralized finance (DeFi) platforms in the first quarter of 2022, and over 90% of all stolen crypto is from hacked decentralized finance (DeFi) protocols such as DEXs.

More than $1.6 billion exploited from DeFi so far in 2022

May 3, 2022 Coin Telegraph

More than .6 billion exploited from DeFi so far in 2022

2022 crypto stolen

The amount exploited this year so far surpasses the total amount stolen in all of 2020 and 2021 combined, with the month of March alone beating 2020 by over $200 million.

The decentralized finance (DeFi) space has been rife with hacks, exploits, and scams so far this year with over $1.6 billion in crypto stolen from users, surpassing the total amount stolen in 2020 and 2021 combined.

Analysis from blockchain security firm CertiK revealed the statistics on May 2 showing the month of March having the most value stolen at $719.2 million, over $200 million more than what was stolen in all of 2020. The March figure is largely due to the Ronin Bridge exploit where attackers made off with over $600 million worth of crypto.

We have seen $1.6B lost in the #crypto/#web3 world so far this year.

In just the first 4 months on 2022 we have passed the total amount lost in 2021 ($1.3B) and in 2020 ($516MM). https://t.co/jDohhaUYUN
— CertiK (@CertiKTech) May 2, 2022

April was a busy month for attacks with CertiK recording 31 major incidents, an average of nearly one a day. The most valuable was the $182 million siphoned from Beanstalk Farms using a flash loan attack.

CertiK noted the nearly $80 million lost by Fei Protocol, the second most valuable heist last month, and the $10 million lost from automated market maker protocol Saddle Finance which both took place at the end of the month.

Both protocols took to Twitter to offer their respective attackers a bounty in exchange for returning the stolen funds. Whilst the chances of that happening may be slim, it’s not unheard of as the Poly Network hacker in 2021 returned nearly all of the $610 million stolen from the network along with refusing a $500,000 bounty reward.

CertiK said that April 2022 “holds the record for highest dollar amount losses in flash loan attacks ever recorded by us” with losses from that type of exploit reaching $301.4 million. In comparison, flash loan attack losses in January, February, and March 2022 combined were only $6.7 million.

The analysis of this year's DeFi exploits comes as the total value locked (TVL) in DeFi has dropped below $200 billion for the first time since March 16 according to DeFiLlama.

Between April 30 and May 1, TVL dropped by just over 3.5% to $195.87 billion, only slightly recovering to $199.42 billion today Tuesday, May 3. The last 30 days since April 3 have seen a 13.5% decrease in TVL and a nearly 22% decline since the all-time high of over $254 billion on December 2, 2021.

Attackers Steal $80 Million From Rari Capital’s Fuse Platform, Fei Protocol Suffers From Exploit

April 30, 2022 Bitcoin.com

defi exploit