Summary # Astrid Finance, an Ethereum-based liquid restaking pool powered by the Eigen Layer, suffered a significant exploit on October 28, 2023, leading to a loss of $228,000. The exploit was executed through a smart contract vulnerability linked to insufficient input validation, specifically within the withdraw function of the protocol. This flaw enabled the attacker to manipulate transaction parameters, allowing the creation and utilization of fake tokens to illegitimately withdraw funds.
...
Summary # Exactly Protocol on Optimism faced a critical security breach on August 18, resulting in a loss of around $7.6 million. The attackers exploited a vulnerability by manipulating market address inputs, allowing them to bypass key security checks within the protocol. This manipulation granted them unauthorized access to execute a deposit function maliciously, leading to the theft of a substantial amount of USDC from users.
Attackers # The identity of the hackers who attacked Multichain is unknown.
...
Summary # On August 13, 2023, Zunami Protocol, a prominent DeFi platform on Ethereum, was compromised through a sophisticated flash loan attack, resulting in a significant loss of 1,178 ETH, approximately valued at $2.16 million. Central to this exploit was a vulnerability within the platform’s contract that allowed for the manipulation of the UZD token’s balance. By leveraging a flash loan the attacker was able to artificially inflate the value of the UZD token.
...
Summary # Steadefi, a yield farming platform on Arbitrum and Avalanche, reported a loss of $1.14 million due to a compromised deployer address. The exploit allowed the attacker to assume control over the platform’s vault contracts, leading to the unauthorized borrowing of all available funds. The total value locked (TVL) in Steadefi dropped from over $2 million to almost $0 as a result. The funds were converted to approximately 625 ETH and landed in Tornado Cash.
...
Summary: # On July 30, a hackers drained approximately $60 million from liquidity pools that decentralized exchanges uses to offer exchange of tokens. Affected protocols include CurveFi, MetronomeDAO, JPEGd and Alchemix.
Curve, as biggest funds lost from the breach, ranks among the most esteemed and reliable DEXes and relies on automated market makers in much the same way as Uniswap. Though it is still functioning, Curve has seen an exodus of funds since the hack.
...
Summary # On July 11, 2023, Rodeo Finance on Arbitrum was breached, losing around 472 ETH ($888,000) due to an attacker exploiting the TWAP Oracle. By manipulating the oracle’s price calculation, through a “sandwich” attack, they inflated asset prices. This allowed them to mislead the protocol, borrow against the inflated prices from the USDC Pool, and conduct swaps to profit from the manipulated price discrepancies, effectively bypassing Rodeo’s security checks.
...
Summary # On July 10, 2023, Arcadia Finance, a DeFi protocol on Ethereum and Optimism, experienced a significant security breach due to vulnerabilities in its smart contract. The incident resulted in a financial loss of approximately $455,000. The breach was due to inadequate security measures in the protocol’s contract, allowing an attacker to manipulate the system for unauthorized asset transfers.
Attackers # The identity of the hackers who attacked Arcadia Finance is unknown.
...
Summary # On June 27, 2023, Themis Protocol, a decentralized lending and borrowing platform on the Arbitrum One chain, fell victim to a sophisticated exploit involving a flawed price oracle, leading to a loss of approximately $370,000. The attacker manipulated the Balancer LP token price by exchanging tokens within the Balancer pool, thus affecting the oracle’s valuation of the pool’s tokens. By utilizing flash loans and a series of calculated transactions, the exploiter was able to inflate the price of the Balancer LP tokens and borrow assets far exceeding their collateral, eventually laundering a portion of the stolen assets through Tornado Cash.
...
Summary # On June 12, 2023, Sturdy Finance, a DeFi protocol on the Ethereum blockchain known for its lending and borrowing services, was compromised in a security breach. Attackers exploited a vulnerability in the protocol’s price oracle, combined with a read-only reentrancy flaw, orchestrating a theft of approximately $800,000.
Attackers # The identity of the hackers who attacked Multichain is unknown.
Hacker Ethereum Wallet:
0x1E8419E724d51E87f78E222D935fbbdeb631a08B
Losses # 442 ETH (800,000 USD) Timeline # June 12, 2023, 01:06:35 AM UTC: The malicious transaction occurred.
...
Summary # On July 6, 2023, Multichain Bridge experienced a security breach due to a private key compromise. The total losses amounted to approximately $126 million, including wBTC, wETH, USDT, USDC, and other assets. The stolen assets were transferred to several addresses.
Attackers # The identity of the hackers who attacked Multichain is unknown.
Hacker ETH Wallets:
0x9d5765ae1c95c21d4cc3b1d5bba71bad3b012b68 0xefeef8e968a0db92781ac7b3b7c821909ef10c88 0x418ed2554c010a0c63024d1da3a93b4dc26e5bb7 0x622e5f32e9ed5318d3a05ee2932fd3e118347ba0 0x48bead89e696ee93b04913cb0006f35adb844537 0x027f1571aca57354223276722dc7b572a5b05cd8 Losses # Multichain estimated the losses from the hack to be $126 million.
...