1. Home
  2. flash loan

flash loan

Memecoin launcher pump.fun claims ex-employee behind $1.9M exploit

Coin Telegraph
Memecoin launcher pump.fun claims ex-employee behind .9M exploit
bonding curve

Pump.fun said its smart contracts are safe and impacted users will receive “100% of the liquidity” that it previously had within the next 24 hours.

Solana memecoin creation tool pump.fun has claimed a former employee exploited the firm for nearly $2 million through a “bonding curve” attack.

The ex-employee used their “privileged position” to access a “withdraw authority” and compromise the protocol’s internal systems, pump.fun alleged in a May 16 X post.

About $1.9 million was stolen from the total $45 million held in pump.fun’s bonding curve contracts.

Read more

Read more
Crypto Trader Says Blue-Chip Altcoin Could Nosedive by 45%, Updates Outlook on Bitcoin

Crypto Trader Says Blue-Chip Altcoin Could Nosedive by 45%, Updates Outlook on Bitcoin

Euler Finance’s offer to hacker: Keep $20M or face the law

Coin Telegraph
Euler Finance’s offer to hacker: Keep M or face the law
attack

The hacker committed a $196 million flash loan attack on the Ethereum-based lending protocol on March 13.

Ethereum-based noncustodial lending protocol Euler Finance is trying to cut a deal with the exploiter that stole millions from its protocol, demanding the hacker returns 90% of the funds they stole within 24 hours or face legal consequences.

Euler Labs sent its ultimatum to the flash loan attacker who exploited the platform for $196 million by transferring the hacker 0 Ether (ETH) with an attached message on March 14:

“Following up on our message from yesterday. If 90% of the funds are not returned within 24 hours, tomorrow we will launch a $1M reward for information that leads to your arrest and the return of all funds.”

The threat of law enforcement comes as Euler sent the hacker a much more civil message the day before.

“We understand you are responsible for this morning’s attack on the Euler platform,” it read. “We are writing to see whether you would be open to speaking with us about any potential next steps.”

The request for a 90% fund return would see the hacker send back $176.4 million while holding onto the remaining $19.6 million.

However, many observers have noted that the hacker has very little to no incentive to follow through with the deal.

“If I was the hacker I’d simply say ‘to anyone who manages to track me down, I will give you $2 million not to tell Euler,’” one observer said.

“Yeh he has 200 Million they have 2 Million. He wins in a bidding war,” another Twitter user wrote in response.

Euler Labs said it was already working with law enforcement in the United States and the United Kingdom, along with engaging blockchain intelligence platforms Chainalysis, TRM Labs and the broader Ethereum community, to help track down the hacker.

Related: DeFi protocol Platypus suffers $8.5M flash loan attack, suspect identified

The lending platform added it was able to promptly stop the flash loan attack by blocking deposits and the “vulnerable” donation function.

As for the exploited code, the team explained that the vulnerability “was not discovered” in the audit of its smart contract, which had existed on-chain for eight months until bei exploited on March 13.

Read more
Crypto Trader Says Blue-Chip Altcoin Could Nosedive by 45%, Updates Outlook on Bitcoin

Crypto Trader Says Blue-Chip Altcoin Could Nosedive by 45%, Updates Outlook on Bitcoin

Defrost Finance breaks silence on ‘exit scam’ accusations, denies rug pull

Coin Telegraph
Defrost Finance breaks silence on ‘exit scam’ accusations, denies rug pull
attack

Defrost Finance had not publicly commented on the rug-pull accusations in the media until now.

Defrost Finance, the decentralized trading platform that suffered a $12 million exploit in the days leading up to Christmas, has denied allegations that it had “rugged” its users as part of an elaborate “exit scam.”

On Dec. 23, the platform announced it suffered a flash loan attack, leading to the draining of user funds from its v2 protocol. One day later, another incident saw a hacker steal the admin key for a second “much larger” attack on the v1 protocol.

It’s understood the attacker or attackers conducted the flash loan attack by adding a fake collateral token and a malicious price oracle to liquidate users.

Observers, including blockchain security firms Peckshield and CertiK, as well as asset management platform DeFiYield, have suggested based on “community intel” that members of the team may have been behind the “exit scam” — given the fact that an admin key was required to perpetrate the exploit.

However, in an exclusive statement to Cointelegraph on Dec. 28, the team behind Defrost Finance broke its silence on the accusations, stating:

“We deny the accusations that the team rugged users. A compromised key does not equate to a rugpull, as much as the episode may raise doubts among the public.”

Defrost made two key arguments to deny its involvement.

Firstly, Defrost argued that if they had planned to orchestrate a rug pull, they would’ve done it months ago when its total value locked (TVL) neared $200 million.

According to DefiLlama, Defrost Finance’s TVL had fallen to just $13.14 million on Dec. 23, the day of the first attack.

“Anyone behind a rugpull would have probably defrauded investors when our TVL was 15 times what it is today.”

Secondly, Defrost argued that if they had been the perpetrators they would have “fled” long ago, which they haven’t done.

“[Anyone] anticipating the inevitable attention from the crypto community would have fled long ago. Yet here we are, working to get the funds back to their rightful owners,” it said.

Defrost Finance’s statement came just hours after decentralized finance investment platform DeFiYield in a Medium blog post on Dec. 27 again accused Defrost Finance of “rug pulling” its users.

DeFiYield pointed to on-chain data that it claimed suggested the creator of the multisig wallet was the same address that requested and then later approved the transactions that inserted the malicious source oracle that liquidated users.

It also alleged the developers behind Defrost Finance were the same as those of Phoenix Finance (FinNexus) which was exploited for $7.6 million in May 2021 in what some have also speculated was an “inside job.”

Related: Here's how Defrost Finance plans to refund users following $12M hack

Defrost said it regrets being unable to share more details about the attack, as its priority has been helping users retrieve their funds.

"There are several issues that we would like to address in recent reports concerning Defrost Finance. We regret we cannot get deep enough into some details — but surely the community will understand this is a sensitive matter and our priority must be to help our users retrieve their funds. All other concerns are secondary to this,” it said.

The team is certainly unhappy about the allegations and earlier on Dec. 28 warned members of its Telegram group that it will ban members that attempt to perpetrate the “false narrative” that the Defrost team is responsible for the recent attacks.

“At this point, it’s not conducive to moving forward to continue allow [sic] the public chats to operate like the Wild Wild West. Will be implementing stricter protocols.”

A post on Defrost Finance's Telegram group by a core team member. Source: Telegram

On Dec. 26, Defrost announced on Twitter it had managed to recover all the funds taken in the v1 hack, sharing in a post on Medium hours later that it has begun the process of returning funds to affected users.

The Ethereum wallet controlled by Defrost that is being used to facilitate the return of funds currently shows that $2.9 million of Ether (ETH) has been returned, along with $9.9 million worth of Dai (DAI).

“This will take a little time since we need to map who had what and where, but the wheels are turning fast and the entire process will be managed through smart contracts. It will be fully transparent and fairly swift,” Defrost told Cointelegraph in its recent statement.

No word was given about the v2 protocol as of yet, however.

Read more
Crypto Trader Says Blue-Chip Altcoin Could Nosedive by 45%, Updates Outlook on Bitcoin

Crypto Trader Says Blue-Chip Altcoin Could Nosedive by 45%, Updates Outlook on Bitcoin

Polygon-Based Decentralized Exchange Quickswap Loses $220K in Flash Loan Exploit

Bitcoin.com
Polygon-Based Decentralized Exchange Quickswap Loses 0K in Flash Loan Exploit
$220K
Polygon-Based Decentralized Exchange Quickswap Loses 0K in Flash Loan ExploitOn Monday, the Polygon-based decentralized exchange (dex) Quickswap lost $220K in a flash loan exploit and following the attack, the team detailed the Quickswap Lend platform will be terminated. Quickswap Hacked for $220K, Dex Project Sunsets Lending Platform 2022 has been quite the year for decentralized finance (defi) hacks as billions have been stolen due […]
Read more
Crypto Trader Says Blue-Chip Altcoin Could Nosedive by 45%, Updates Outlook on Bitcoin

Crypto Trader Says Blue-Chip Altcoin Could Nosedive by 45%, Updates Outlook on Bitcoin

Bored Ape Yacht Club’s Apecoin DAO Airdrops Millions of Apecoins to NFT Owners

Bitcoin.com
Bored Ape Yacht Club’s Apecoin DAO Airdrops Millions of Apecoins to NFT Owners
Airdrop
Bored Ape Yacht Club’s Apecoin DAO Airdrops Millions of Apecoins to NFT OwnersDuring the last 24 hours, the cryptocurrency community has been discussing the launch of a new token called apecoin (APE), released by the newly-formed Apecoin DAO. At launch, the token exchanged hands for $10.36 per coin, but dropped more than 40% to $6.21. Since the token’s all-time low and Bored Ape Yacht Club (BAYC) owners […]
Read more
Crypto Trader Says Blue-Chip Altcoin Could Nosedive by 45%, Updates Outlook on Bitcoin

Crypto Trader Says Blue-Chip Altcoin Could Nosedive by 45%, Updates Outlook on Bitcoin

Belt Finance loses millions in latest BSC-based DeFi exploit

Coin Telegraph
Belt Finance loses millions in latest BSC-based DeFi exploit
Belt Finance

Another day, another BSC DeFi protocol gets hacked.

Belt Finance has become the latest Binance Smart Chain-based decentralized finance, or DeFi, protocol to lose millions to an opportunistic hacker.

The Rekt Blog, which post mortems DeFi exploits, stated that an attacker exploited a flaw in the way the protocol’s vaults calculates the value of its collateral which helped to “add another notch to the now infamous flash loan exploit season on the BSC,” adding:

“Yet another fork of a fork has rolled off the conveyor belt with $6.3M falling straight into the hands of the hacker.”

Rekt revealed that a total of eight flash loans were made on PancakeSwap for $385 million BUSD. The beltBUSD vault's “Elipsis” strategy was exploited as it was the most undersubscribed strategy on the platform.

Belt Finance uses an optimal yield aggregator to offer passive yield generation to depositors. Elipsis is a decentralized exchange that enables swapping of stablecoins with low slippage on the Binance Smart Chain. The beltUSD vault also deploys capital on the BSC-based protocols Venus, Alpaca, and Fortube for yield generation.

On May 30, SushiSwap core developer Mudit Gupta posted a Twitter thread examining the incident, describing the flash loan attack as one of the “more complex hacks.”

Belt’s vaults operate with a target balance for each strategy employed, he explained. When a user deposits money into a vault, the capital is allocated to the most undersubscribed strategy. When someone withdraws money from the vault, it withdraws it from the most oversubscribed strategy.

Gupta asserted the attacker exploited this system to make several transactions across multiple strategies, inflating the value of its pools before repaying the flash loan and pocketing more than $6 million in profits. Gupta concluded:

“Basically, the issue happened because Belt incorrectly integrated with Elipsis. A similar issue happened last month as well in belt finance but at that time, the problem was a buggy integration with Venus. I wonder if belt has any bug-free integration.”

Venus is another BSC protocol for lending and borrowing via the minting of synthetic stablecoins.

Belt Finance is the latest in a lengthening list of BSC DeFi protocols to get exploited. On May 28, the BurgerSwap DEX was attacked resulting in the draining of $7.2 million.

So far this year, Cream Finance, bEarn, Bogged Finance, Uranium Finance, Meerkat Finance, SafeMoon, and Spartan Protocol have all suffered exploits on Binance Smart Chain. Binance has now turned to blockchain intelligence company CipherTrace for analytics support in a bid to mitigate further incursions.

Read more
Crypto Trader Says Blue-Chip Altcoin Could Nosedive by 45%, Updates Outlook on Bitcoin

Crypto Trader Says Blue-Chip Altcoin Could Nosedive by 45%, Updates Outlook on Bitcoin

BSC Defi Protocol Burgerswap Loses $7.2 Million from a Flash Loan Attack

Bitcoin.com
BSC Defi Protocol Burgerswap Loses .2 Million from a Flash Loan Attack
$7.2 million
BSC Defi Protocol Burgerswap Loses .2 Million from a Flash Loan AttackAnother Binance Smart Chain project has been hit with a flash loan attack according to a post mortem written by the Burgerswap team. The project’s official Twitter account said at around 3 a.m. on Friday, Burgerswap suffered from a flash loan attack with the hackers stealing $7.2 million in funds. Binance Smart Chain Defi Protocol […]
Read more
Crypto Trader Says Blue-Chip Altcoin Could Nosedive by 45%, Updates Outlook on Bitcoin

Crypto Trader Says Blue-Chip Altcoin Could Nosedive by 45%, Updates Outlook on Bitcoin

Flash Loan Attacks Drain 2 Binance Smart Chain Defi Projects for $6 Million

Bitcoin.com
Flash Loan Attacks Drain 2 Binance Smart Chain Defi Projects for Million
binance smart chain
Flash Loan Attacks Drain 2 Binance Smart Chain Defi Projects for MillionThere have been two back-to-back flash loan attacks in a short period of time stemming from two unique Binance Smart Chain decentralized finance (defi) projects. Last Wednesday, the yield-farming platform Pancakebunny lost close to $3 million in a flash loan attack according to reports. The following Sunday, Bogged Finance saw $3 million exploited from a […]
Read more
Crypto Trader Says Blue-Chip Altcoin Could Nosedive by 45%, Updates Outlook on Bitcoin

Crypto Trader Says Blue-Chip Altcoin Could Nosedive by 45%, Updates Outlook on Bitcoin

Binance Smart Chain-based DeFi platform suffers $3M flash loan attack

Coin Telegraph
Binance Smart Chain-based DeFi platform suffers M flash loan attack
Binance

Funds are safe, Bogged Finance assured after the exploit.

Binance Smart Chain’s decentralized finance ecosystem saw a second flash loan exploit in a week after PancakeBunny. A new attack drained $3 million, or half the total liquidity, from DeFi platform Bogged Finance. The team confirmed the attack on Sunday, warning users not to buy its native token until the issue is solved.

The developer team identified and mitigated the exploit within 45 seconds, or 15 blocks, thanks to an online meeting held when the attack started. Still, the culprit was able to drain $3 million of the $6 million of liquidity. The BOG token price crashed from around $1.8 to $0.0003 following the attack.

Bogged Finance enables users to place a limit order on any Binance Smart Chain-based tokens. The team shared details of the attack in a Medium post:

“The attacker was able to utilize flash loans to exploit a flaw in the staking section of the BOG smart contract to manipulate the staking rewards and cause an inflation of supply — without the transaction fee being charged and burned — causing net inflation.”

According to the team, the transaction limit of 47,500 BOG has slowed the attacker’s automated process and potentially mitigated the damage. Within 45 seconds before the lead developer patched the exploit by disabling the transaction fee, the hacker was able to make a total of 11 transactions and made off 11,358 Binance Coin (BNB).

The team is working on migrating the liquidity to a new contract by “using the same exploit the attacker used.” It will deploy an updated version of the contract to Binance Smart Chain.

After burning about 7.5 million previously minted tokens during the migration, Bogged Finance will airdrop the holders’ liquidity tokens. “If you paid for your BOG, the platform’s native token, it is safe,” the announcement reassures. The team expects a smaller circulating supply after the whole process, which will take 48 hours, according to yesterday’s announcement.

Last week, prominent BSC-based DeFi protocol PancakeBunny suffered an attack in the same manner. Hackers made off with more than $200 million in crypto by utilizing an exploit in a flash loan attack.

Read more
Crypto Trader Says Blue-Chip Altcoin Could Nosedive by 45%, Updates Outlook on Bitcoin

Crypto Trader Says Blue-Chip Altcoin Could Nosedive by 45%, Updates Outlook on Bitcoin

PancakeBunny tanks 96% following $200M flash loan exploit

Coin Telegraph
PancakeBunny tanks 96% following 0M flash loan exploit
binance smart chain

PancakeBunny is the latest Binance Smart Chain-native DeFi protocol to suffer a vicious exploit, with more than $200 million being drained from the platform.

Popular Binance Smart Chain-based decentralized finance protocol, PancakeBunny, has suffered a major exploit that allowed a hacker to make off with more than $200 million worth of crypto assets.

According to a series of threads posted by the PancakeBunny team in the past hour, the protocol was subject to a flash loan attack from an external actor. The attacker borrowed “a huge amount” of Binance Coin ($BNB) before manipulating the asset’s price and dumping it on the platform’s BUNNY/BNB market.

The attack saw the price of BUNNY quickly pumped from $150 to $240 before plummeting to $0 over just 30 minutes. After consolidating below $10 for roughly two hours, BUNNY last changed hands for $8.8.

BUNNY/BNB: Poocoin.app

BUNNY/BNB was the only pool to be drained by the hacker, with the malicious actor making off with 697,000 BUNNY and 114,000 $BNB. With Binance Coin trading for roughly $296 each at the time of writing, the hacker is believed to have made off with $200 million in assets.

The attacker also attached a private note containing a rabbit-themed pun to the transactions that drained the pool that reads: “ArentFlashloansEaritating.” All funds borrowed to execute the attack were returned via Pancakeswap.

As the hack wreaked havoc across one of Binance Smart Chain’s leading projects — with Bunny representing a total value locked of more than $1 billion prior to the hack, onlookers are discussing whether Binance will move to roll back the incident.

In May 2019, Binance lost more than $40 million in a major attack, with chief executive CZ suggesting the losses could be reversed by convening with miners to roll-back transactions from the Bitcoin blockchain.

PancakeBunny is the latest DeFi protocol to suffer a flash loan attack, with the exploit increasingly manifesting as a scourge on the decentralized finance sector.

In April, crypto data aggregator, Messari, reported that flash loans had become the most popular attack vector in the DeFi ecosystem, accounting for roughly half of the $285 million worth of DeFi exploits identified since 2019.

Read more
Crypto Trader Says Blue-Chip Altcoin Could Nosedive by 45%, Updates Outlook on Bitcoin

Crypto Trader Says Blue-Chip Altcoin Could Nosedive by 45%, Updates Outlook on Bitcoin

WordPress Theme by cactus.com
Close

Share this video