İstanbul escort bayan sivas escort samsun escort bayan sakarya escort Muğla escort Mersin escort Escort malatya Escort konya Kocaeli Escort Kayseri Escort izmir escort bayan hatay bayan escort antep Escort bayan eskişehir escort bayan erzurum escort bayan elazığ escort diyarbakır escort escort bayan Çanakkale Bursa Escort bayan Balıkesir escort aydın Escort Antalya Escort ankara bayan escort Adana Escort bayan

17.7 C
New York

DeFi Platforms Loses More Than $21Million To Hackers In February: DefiLIama.

Published:

The information released by DefiLIama, the DeFi project aggregator, shows that DeFi platforms suffered more than 7 protocol hacks last February. The funds stolen from the 7 protocols caused the decentralized finance to lose more than $21 million in cryptocurrency.

DifiLIama data analysis shows that of the 7 hacks, the most significant attack occurred on Platypus Finance through flash loan reentrancy last February. Due to this hack, $8.5 million of DiFi funds was lost.

Apart from the hack on Platypus Finance, there were other attacks on the platform in February.

Details of the Hacks

DeFi Platforms and Hackers

BonqDAO

On February 1, BonqDAO suffered a price oracle attack that resulted in a loss of $1.7 million. In their post, they revealed that an exploiter used an oracle hack to manipulate their ALBT (AllianceBlock token) price, which caused the $1.7 million loss.

The hacker escalated the AllianceBlock token price and minted big amounts of BEUR (Bonq Euro). The Bonq Euro was then exchanged with the other Uniswap tokens. Following this, the token price almost dropped to zero, which led to the ALBT liquidation.

According to PeckShield, a Blockchain security company, the estimate for the loss should be up to $120 million. However, a later revelation showed that the hackers only cashed out $1 million due to insufficient liquid assets on BonqDAO.

Orion Protocol

Following the attack on BonqDAO, Orion Protocol, a decentralized exchange, also suffered an attack. This reentrancy attack caused the protocol a loss of almost $3 million. The hackers used a vicious smart contract to sap their target funds through continuous withdrawal orders.

During his tweet on February 2, Alexey Koloskov, the Orion Protocol CEO, confirmed the attack. However, he assured all users their funds were still secure despite the hack. According to him, the firm has reasons to support its belief that the hack wasn’t a result of any defect in their main protocol code. Instead, the problem may be due to their exposure while combining 3rd party libraries. Most especially, it may be during the smart contract our private and experimental brokers conducted, says Koloskov.

DForce Network

Another protocol of DeFi, the DForce network, was also a victim of the reentrancy attacks causing it to lose about $3.65 million.

DForce tweeted on February 10 to confirm the act. However, a surprising thing happened. All their funds were returned as the hacker stepped forward as a white hat shortly after the hack. This led to an agreement between the 2 parties to offer a bounty and drop the law enforcement actions and ongoing investigations.

All the funds exploited were returned completely to DForce multsig on both Optimism and Arbitrum on February 13 2023. This is the best ending for everyone, says dForce.

Platypus Finance

Platypus Finance also fell victim to the flash loan hacks and sustained $8.5 million in losses. There was also a confirmation of a 2nd and 3rd incident resulting in the exploitation of $667,000 from the platform. With this latest incident, the total loss sustained by the platform is up to $9.1 million.

According to Omniscia, the Platypus auditor’s post-mortem report, the attack was possible for the hacker due to the wrong order of their code. However, the auditing firm claims that the version they worked on doesn’t have this troublesome code.

That notwithstanding, the team announced on February 23 to remint frozen stablecoins to help them return up to 78%  of their major pool funds. As a result, the platform updated a compensation page. So, if you have withdrawn or deposited LP tokens from Platypus Finance yield aggregators before the pool pause, you will be compensated accordingly.

Fortunately, 2 of the suspects were identified and arrested by the French police on February 25. This led to the seizure of cryptocurrency assets worth $222,000.

Hope Finance

On February 20, Hope Finance, an Arbitrum-based algorithmic stablecoin, again became the victim of this smart contract exploits. This caused the project to lose up to $1.86 million belonging to users. Certik Web3 Security Company raised the scam alert on February 21.

From the report to Cointelegraph by CertiK team members during the incident, the scammer changed the smart contract details. As a result, funds were drained from the Genesis pool of Hope Finance. According to the information provided by CertiK, the exploiter swapped their TradingHelper contract.

As a result, anytime OpenTrade receives 0x4481 calls on their GenesisRewardPool, the fund will automatically go to the scammer.

Dexible

Scammers hit Dexible, a Multichain exchange aggregator, on February 17. The target of the scammers was the Application’s selfSwap function. Due to this attack, the Multichain exchange lost about $2 million in cryptocurrency funds.

Dexible posted on February 18 that the scammers were able to hit them because of their latest smart contract vulnerability. The hackers noticed their weak link and stole funds from all the contract wallets that still have an unspent spend approval.

The people affected by this hack already authorized the App to transfer their tokens. After the scammers collected the tokens via their smart contract, they withdrew the coins using Tornado Cash to their unknown BNB (Build and Build) wallets. BNB is a native cryptocurrency asset within the Binance ecosystem.

LaunchZone

LaunchZone, a Build and Build chain-based Decentralized Finance protocol, was attacked on February 27, causing them to lose $700 000 of funds. The details of the attack are not yet available. Meanwhile, the LZ native token dropped by over 80% as their funds were moved out via PancakeSwap.

In the meantime, the team sent a warning message to the project’s official Telegram group. They were told not to purchase tokens until they could determine how the exploit happened. According to Immunefi, a security company, the scammer utilized an unproven contract to siphon the funds.

According to the DefiLLama figures, these hacks show a noticeable increase compared to January. The tracker list in January only showed hacks from 2 protocols, Roe Finance and Midas Capital, which resulted in $740 0000.

The 2023 report from Chainalysis to Crypto Crime Report shows that scammers made away with $3.1 billion in 2022 from DeFi protocols. This accounts for over 82% of the overall figure lost to scammers in 2022.

Related articles

Recent articles

spot_img