1. Home
  2. DeFi hacks

DeFi hacks

Study: Criminals Target Defi Platforms, Steal More Than $67 Million in February Alone

Study: Criminals Target Defi Platforms, Steal More Than  Million in February AloneIn February alone, criminals stole digital funds worth over $67 million from decentralized finance (defi) platforms. The latest Immunefi data shows that hacking attacks accounted for more than $65 million, or 97% of the month’s losses. The Ethereum blockchain suffered the most individual attacks, with 12 incidents representing 85.71% of the total losses across targeted […]

Tornado Cash dev wants charges dropped after court said OFAC ‘overstepped’

Hacker Siphons Close to $300K in OHM Tokens From the Olympus DAO

Hacker Siphons Close to 0K in OHM Tokens From the Olympus DAOOn Friday, October 21, a malicious entity siphoned 30,437 OHM tokens from the Olympus DAO after finding a loophole in the rebase project’s smart contract. Following the exploit, the blockchain security and data analytics company, Peckshield, detailed the hackers stole close to $300K in OHM tokens. Hacker Exploits Smart Contract’s ‘BondFixedExpiryTeller’ Parameter, $292,000 in OHM […]

Tornado Cash dev wants charges dropped after court said OFAC ‘overstepped’

Crypto Hackers Gross Over $3 Billion From 125 Hacks so Far This Year

Crypto Hackers Gross Over  Billion From 125 Hacks so Far This YearData from blockchain analytics firm Chainalysis shows that October is “the biggest month in the biggest year ever for hacking activity.” The firm added that crypto hackers have grossed over $3 billion across 125 hacks so far this year. Crypto-Hacking Activity Soars in October Chainalysis shared some crypto-related hacking statistics Wednesday. The blockchain data analytics […]

Tornado Cash dev wants charges dropped after court said OFAC ‘overstepped’

Barely halfway and October’s the ‘biggest month’ in crypto hacks: Chainalysis

While 2021 was the biggest year on record for crypto hacks, 2022 could “likely” beat the record “at this rate” according to Chainalysis.

Blockchain analytics firm Chainalysis has labeled October 2022 as “the biggest month in the biggest year ever for hacking activity” with the total hacked value for the month nearly reaching $718 million.

Despite not being more than halfway through the month, Chainalysis said 11 different hacks on decentralized finance (DeFi) protocols had seen hundreds of millions exploited.

Four exploits alone took place on Oct. 11 worth around $122 million. Hackers siphoned $200,000 in crypto using a smart contract from crypto wallet Rabby Wallet, $1.89 million from blockchain QANplatform’s Ethereum (ETH) bridge, $2 million from TempleDAO, and a $118 million exploit on the Solana (SOL)-native Mango Markets.

Chainalysis says 2021 was the biggest year for blockchain-based hacks on record both in terms of total value hacked and the total number of hacks, but at the current rate, 2022 could “likely surpass” last year's figures as over $3 billion has been exploited across 125 hacks so far.

The firm says it’s seeing a shift in where exploits are taking place too.

In 2019 most hacks took place on centralized cryptocurrency exchanges but as those companies increased security, the huge majority of hacks, around 90% in 2022, have taken place on DeFi protocols.

Related: From neglecting security to bad tokenomics, DeFi has played a hand in its own decline

The biggest target for hackers is cross-chain bridges with three bridges targeted this month accounting for 82% of October’s losses according to Chainalysis, the largest of these bridge hacks was a roughly $100 million exploit in the bridge between crypto exchange Binance’s BNB Smart Chain and Beacon Chain.

Tornado Cash dev wants charges dropped after court said OFAC ‘overstepped’

Harmony’s $100M Hack Was Due to a Compromised Multi-Sig Scheme, Says Analyst

Harmony’s 0M Hack Was Due to a Compromised Multi-Sig Scheme, Says AnalystOn June 23, 2022, the Harmony development team announced that $100 million was siphoned from the Horizon bridge, and the organization explained it was working with national authorities and forensic specialists. According to an account published Polygon’s chief information security officer, Mudit Gupta, the Horizon bridge attacker allegedly took control of the multi-signature wallet leveraged […]

Tornado Cash dev wants charges dropped after court said OFAC ‘overstepped’

Illicit crypto usage as a percent of total usage has fallen: Report

A rapidly growing crypto market means that hacks and scams are accounting for less overall activity, and their percentage of total usage continues to decline.

Illicit cryptocurrency activity in 2021 and the first quarter of 2022 has declined as a percentage of overall crypto activity, according to blockchain forensics firm CipherTrace.

The cryptocurrency industry has long held a reputation in some jurisdictions as a haven for illegal activity. However, CipherTrace estimates that illicit activity was between 0.62% and 0.65% of overall cryptocurrency activity in 2020. The firm reported that it has now fallen to between 0.10% and 0.15% of overall activity in 2021.

Source: CipherTrace

In its Cryptocurrency Crime and Anti-Money Laundering Report released June 13, CipherTrace outlined that the top ten decentralized finance (DeFi) hacks in 2021 and Q1 2022 netted attackers $2.4 billion.

Over half of that figure came from just two events, the largest being the late March 2022 Ronin Network exploit worth about $650 million and the $610 million August 2021 hack of the Poly Network, most of which was returned by the anonymous hacker.

Within a similar time period, anti-money laundering (AML) related fines in the banking sector increased dramatically with 80 institutions fined in 2021, up from just 24 in 2020 according to Kyckr.

While the total dollar amount of the fines fell from 2020, last year saw the banks pay $2.7 billion worth of fines for AML or Know Your Customer (KYC) related violations, the largest single fine totaling around $700 million.

While significant sums have been exploited in crypto, CipherTrace detailed the rapidly expanding crypto ecosystem, noting the total crypto market activity for 2020 was around $4.3 trillion, which grew to approximately $16 trillion of activity just in the first half of 2021.

CipherTrace says that the growth of the crypto market also brings with it increased scrutiny from the world's regulators, who are “starting to take decisive action to ensure that the space isn’t just a modern-day wild west.”

Related: A life after crime: What happens to crypto seized in criminal investigations?

Some of the most significant regulatory events cited in the report include the United States President Biden’s crypto executive order in March to study blockchain technology, Dubai establishing a virtual assets regulator, and the European Union’s proposed anti-money laundering laws.

CipherTrace added organizations are going to have a “very real incentive to shape up” or face “heavy losses at the hands of the government,” adding it expects the threats existing in crypto will be the focus of future regulatory efforts.

Tornado Cash dev wants charges dropped after court said OFAC ‘overstepped’

Report: $1.3 Billion in Crypto Stolen in Q1 2022, 97% Stemmed From Defi Exploits

Report: .3 Billion in Crypto Stolen in Q1 2022, 97% Stemmed From Defi ExploitsAccording to a research report, $1.3 billion in digital currencies have been stolen during the first quarter of 2022. The study, published by cryptomonday.de researchers, further highlights that 97% of the stolen funds derived from decentralized finance (defi) protocol exploits. Defi Exploits Account for Lion’s Share of Stolen Crypto This Year 2022 is already breaking […]

Tornado Cash dev wants charges dropped after court said OFAC ‘overstepped’

ImmuneFi report $10B in DeFi hacks and losses across 2021

The research reveals that crypto losses in the nature of exploits and rug-pulls saw a 137% rise in comparison to figure calculated in 2020.

Decentralized finance, or DeFi, security platform and bug bounty service ImmuneFi published an official report on Thursday, which calculated the total volume of losses in the cryptocurrency markets in 2021. According to its report, the company found that losses resulting from hacks, scams and other malicious activities exceeded $10.2 billion dollars over the past year.

Responsible for protecting over $100 billion worth of assets for a number of well-established DeFi protocols, including Synthetix, Chainlink, SushiSwap and PancakeSwap, among others, ImmuneFi has regularly facilitated seven-figure pay-outs to whitehat hackers and other good-willed entities for preventing protocol compromises.

According to the report, across 2021, there were 120 instances of crypto exploits or fraudulent rug-pulls, the highest-valued hack being Poly Network at $613 million, followed by Venus and BitMart with $200 million and $150 million, respectively.

Other notable entries to the list were Alpha Finance and Cream Finance, who were both hacked for $37.5 million, Yearn.finance’s $11 million, Furucombo’s $14 million evil contract exploit, as well as the infamous Alchemix reverse rug in which the platform’s users claimed a welcome fortune due of $6.5 million after a withdrawal issue arose with one of the platform’s smart contracts synthetic assets, alETH.

The year 2021 saw a stark rise in both the frequency and volume of security breaches in comparison to the previous year, which recorded 123 incidences totaling $4.38 billion, a 137% increase.

In conversation with Cointelegraph, CEO and founder of Immunefi, Mitchell Amador, spoke of his optimism for the future of on-chain security, despite what he described as a “year of dramatic losses” for the industry.

“Despite the appearance of entirely new vulnerabilities in the onchain economy, the community is adapting rapidly. At Immunefi alone, we saved double the amount lost to exploitation this year, and security best practices are circulating throughout the community.”

Amador cited ImmuneFi’s role in facilitating Polygon’s (MATIC) recent $3.47 million pay-out to two whitehat hackers for their instrumental role in averting what was described as a “critical” vulnerability in the network’s proof-of-stake Genesis contract, placing almost all of the MATIC token supply of $10 billion at risk.

Related: Recounting 2021’s biggest DeFi hacking incidents

In September last year, ImmuneFi organized what was reported at the time as being the largest bounty in the history of DeFi to renowned white hat programmer Alexander Schlindwein for averting a potential $10-million bug crisis in automated market maker, or AMM, protocol Belt Finance.

Schlindwein received a compensation of $1.05 million in total, $1 million of which was granted by Belt Finance with ImmuneFi acting as the middleman, and the remaining $50,000 offered by Binance Smart Chain’s Priority One program.

In October, ImmuneFi announced a $5.5 million capital raise from a number of institutional investors, including Blueprint Forest, Electric Capital, with the intention of expanding its security services across the DeFi industry in a concerted effort to lower the prevalence and financial impact of benevolent security exploits in the space.

Tornado Cash dev wants charges dropped after court said OFAC ‘overstepped’

Immunefi to bolster DeFi security service with new funds

The platform has paid out more than $7.5 million in bug bounties since inception in December 2020.

DeFi security platform Immunefi has announced a $5.5 million funding from a panoply of eleven institutional investors including Blueprint Forest, Electric Capital, Framework Ventures and Bitscale Capital, in addition to a series of private individuals. 

Immunefi will utilize the funds to advance its services in DeFi security, providing asset protection to smart contract protocols, as well as implementing financial incentives to benevolent hackers.

The service is reportedly responsible for protecting more than $50 billion in protocol assets from projects such as Synthetix, Chainlink, SushiSwap and PancakeSwap. It has paid out $7.5 million in bug bounties throughout its history.

According to analytical data from REKT Database, the DeFi space has experienced malicious hacks totaling more than $1.74 billion in its entire lifespan, a vast proportion of which has been witnessed in the months since July 2021.

The $609 million hack of cross-chain protocol Poly Network in early August this year bears the undesirable crown for the industry's largest-ever hack. However, in welcomely unusual circumstances, Mr. White Hat — as they came to be known — returned all of the available funds, the remaining balance being the $33 million USDT tokens initially frozen.

Over the past year, the prevalence and severity of financial breaches within the DeFi space have established a surging demand for security services such as Immunefi.

Related: ​​White hat hacker paid DeFi’s largest reported bounty fee

Founder and CEO of Immunefi, Mitchell Amador, spoke of the importance of offering DeFi protective measures:

“DeFi is unique because vulnerabilities in code represent a possibility of a direct loss of users’ money. Bug bounty programs are open invitations to security researchers to find those vulnerabilities in exchange for a reward, and have proved one of the most effective ways to deal with critical security holes.”

In late September, a $1.05 million bug bounty fee was paid to renowned white hat programmer Alexander Schlindwein in the aftermath of the Belt Finance saga, for his instrumental role in preventing a potential $10 million downfall for the protocol. The claim was facilitated through Immunefi’s specialist bounty program.

More recently, white-hat hacker, Gerhard Wagner, pocketed a cool $2 million for diligently advising a solution to a “double-spend” flaw on the Polygon network, preventing a potentially catastrophic $850 million, the former of which now stands as an industry record.

Immunefi’s Amador also commented on the potential impact a service such as Immunefi could have on the wider technology landscape:

"We believe that by helping launch such programs on Immunefi, we contribute not only to protecting DeFi projects for today, but also to shaping the tech industry for the future.”

Tornado Cash dev wants charges dropped after court said OFAC ‘overstepped’