Summary # On April 8, 2023, SushiSwap, a renowned decentralized exchange, came under attack due to a vulnerability in its newly launched RouteProcessor2 contract. The contract was part of the SushiSwap’s version 3 (V3) upgrades and was deployed on 14 different networks. Before SushiSwap could react, anonymous attackers exploited the vulnerability and managed to drain approximately 1800 Wrapped Ether (WETH) from user wallets.
Attackers # The identity of the attacker is unknown.
...
Summary # On April 2, 2023, AllBridge, a multichain token bridge, fell victim to an exploit that resulted in approximately $573,000 worth of assets being drained from its BNB Chain pools. The attacker, acting as both a liquidity provider and a swapper, exploited a flaw in a smart contract that enabled them to manipulate swap prices. This led to the theft of $282,889 in Binance USD (BUSD) and $290,868 in Tether (USDT).
...
Summary # In March 2023, SafeMoon, a DeFi protocol, experienced a significant security breach when a vulnerability in its contract allowed an attacker to steal approximately $8.9 million. The attacker exploited unprotected burn and mint functions, essentially manipulating the value of the SFM token. In a surprising turn of events, the attacker agreed to return 80% of the stolen funds, retaining the remaining 20% as a bug bounty.
Attackers # The attacker’s identity remains unknown.
...
Summary # On February 16, 2023, Platypus Finance, the project behind the USP stablecoin, fell victim to a flash loan attack. This resulted in an estimated loss of $8.5 million. The exploit led to a significant drop in the price of the $USP stablecoin, devaluing it by more than 66% from its intended $1 peg. The attack was carried out by minting an excessive number of USP tokens from the MasterPlatypusV4 contract and using an inflated amount of Platypus LP-USDC tokens as collateral.
...
Summary # On February 9, 2023, dForce, a DeFi protocol, fell victim to a reentrancy attack. The attacker exploited a known vulnerability in the smart contract, resulting in a loss of approximately $3.6 million.
Attackers # The identity of the attacker is unknown. The attackers utilized the following addresses:
Arbitrum:
0xe0d551017c0111ac11108641771897aa33b2817c Optimism:
0xe0d551017c0111ac11108641771897aa33b2817c Losses # ~$3.65 million total
Arbitrum:
1,236.65 ETH (~1,893,000 USD) 719,437 USX Optimism:
1,037,492 USDC source
...
Summary # On February 7, 2023, CoW Swap, a decentralized exchange (DEX) protocol, fell victim to a smart contract exploit, resulting in a loss of approximately 550 BNB, or about $180,000 USD. The breach occurred due to a flaw in the protocol’s smart contract, which allowed an unidentified attacker to approve fund transfers from the protocol.
Attackers # The identity of the attacker is unknown.
0xc0e82c1ed4786f8b7f806d1b8a6335ec485266ff 0x55a37a2e5e5973510ac9d9c723aec213fa161919 Losses # $166,183 Timeline # January 27, 2023: Barter Solver enters the CoW Swap solver competition.
...
Summary # On February 2, 2023, Orion Protocol, a decentralized blockchain platform that aggregates liquidity across both centralized and decentralized exchanges, fell victim to a sophisticated smart contract exploit. The attacker manipulated a reentrancy vulnerability within the protocol’s core smart contracts, which enabled them to divert approximately $3 million in tokens across the Ethereum and Binance Smart Chain networks.
Attackers # The identity of the attacker is unknown. Two addresses were primarily involved in the attack:
...
Summary # A hacker exploited a vulnerability in the LendHub protocol to steal approximately $6 million in digital assets. The vulnerability was caused by the existence of two IBSV tokens on the platform, one of which had been deprecated but not removed. The attacker was able to mint and redeem tokens in the old market while borrowing against them in the new market, ultimately making off with the majority of the assets on the platform.
...
Summary # Team Finance experienced a significant breach on the Ethereum blockchain during a migration process from Uniswap v2 to v3, resulting in the theft of approximately $14.5 million. The exploit was executed through vulnerabilities in the smart contract, facilitating unauthorized token transfers and manipulations of the Initialize price within the V3 liquidity pool.
Attackers # The identity of the hackers who attacked Team Finance is unknown.
Hacker Ethereum Wallets:
...
Summary # On August 1, 2022, Nomad, a cryptocurrency platform, experienced a chaotic hacking incident resulting in a loss of more than $190 million. The hack occurred when multiple users took advantage of an accidental error in a recent update, allowing them to drain funds from the blockchain protocol. An investigation conducted by samczsun, the head of security at Paradigm, a web3 investment firm, revealed that one of Nomad’s smart contracts had been modified in a way that made it vulnerable to transaction spoofing.
...