Summary # On March 13, 2023, a flash loan attack targeted Euler Finance, a noncustodial lending platform on the Ethereum blockchain. The attack led to a loss of roughly $196 million in various cryptocurrencies, including Dai, USD Coin, Staked Ether, and Wrapped Bitcoin. The attacker took advantage of a weakness in Euler’s smart contract, specifically in a feature called “donateToReserves.”
The attacker used multiple Ethereum addresses to exploit this weakness in the contract and took advantage of a problem in Euler’s system for liquidation.
...
Summary # On February 16, 2023, Platypus Finance, the project behind the USP stablecoin, fell victim to a flash loan attack. This resulted in an estimated loss of $8.5 million. The exploit led to a significant drop in the price of the $USP stablecoin, devaluing it by more than 66% from its intended $1 peg. The attack was carried out by minting an excessive number of USP tokens from the MasterPlatypusV4 contract and using an inflated amount of Platypus LP-USDC tokens as collateral.
...
Summary # On February 9, 2023, dForce, a DeFi protocol, fell victim to a reentrancy attack. The attacker exploited a known vulnerability in the smart contract, resulting in a loss of approximately $3.6 million.
Attackers # The identity of the attacker is unknown. The attackers utilized the following addresses:
Arbitrum:
0xe0d551017c0111ac11108641771897aa33b2817c Optimism:
0xe0d551017c0111ac11108641771897aa33b2817c Losses # ~$3.65 million total
Arbitrum:
1,236.65 ETH (~1,893,000 USD) 719,437 USX Optimism:
1,037,492 USDC source
...
Summary # On February 7, 2023, CoW Swap, a decentralized exchange (DEX) protocol, fell victim to a smart contract exploit, resulting in a loss of approximately 550 BNB, or about $180,000 USD. The breach occurred due to a flaw in the protocol’s smart contract, which allowed an unidentified attacker to approve fund transfers from the protocol.
Attackers # The identity of the attacker is unknown.
0xc0e82c1ed4786f8b7f806d1b8a6335ec485266ff 0x55a37a2e5e5973510ac9d9c723aec213fa161919 Losses # $166,183 Timeline # January 27, 2023: Barter Solver enters the CoW Swap solver competition.
...
Summary # On February 2, 2023, Orion Protocol, a decentralized blockchain platform that aggregates liquidity across both centralized and decentralized exchanges, fell victim to a sophisticated smart contract exploit. The attacker manipulated a reentrancy vulnerability within the protocol’s core smart contracts, which enabled them to divert approximately $3 million in tokens across the Ethereum and Binance Smart Chain networks.
Attackers # The identity of the attacker is unknown. Two addresses were primarily involved in the attack:
...
Summary # In February 2023, BonqDAO, a lending platform hosted on the Polygon network, was hacked. The attacker exploited protocol’s price oracle weakness to manipulate the price of the $WALBT token. This allowed the attacker to borrow 100 million $BEUR, a stablecoin pegged to the euro, and liquidate other users’ collateral. The total loss from the hack was estimated to be around $120 million.
Attackers # The attackers are unidentified.
...
Summary # A hacker exploited a vulnerability in the LendHub protocol to steal approximately $6 million in digital assets. The vulnerability was caused by the existence of two IBSV tokens on the platform, one of which had been deprecated but not removed. The attacker was able to mint and redeem tokens in the old market while borrowing against them in the new market, ultimately making off with the majority of the assets on the platform.
...
Summary # Team Finance experienced a significant breach on the Ethereum blockchain during a migration process from Uniswap v2 to v3, resulting in the theft of approximately $14.5 million. The exploit was executed through vulnerabilities in the smart contract, facilitating unauthorized token transfers and manipulations of the Initialize price within the V3 liquidity pool.
Attackers # The identity of the hackers who attacked Team Finance is unknown.
Hacker Ethereum Wallets:
...
Summary # On October 11th, 2022, Mango Markets, a decentralized exchange on Solana, was exploited. The hacker manipulated the price oracle for the protocol’s MNGO token by first taking out a long MNGO position on Mango. Then the attacker artificially raised the price of the MNGO token by taking advantage of low liquidity on secondary markets. The exploiter then used the temporary high price of MNGO to take out loans of USDC, various other stable coins, and SOL against unrealized profit on the long MNGO position.
...
Summary # On August 1, 2022, Nomad, a cryptocurrency platform, experienced a chaotic hacking incident resulting in a loss of more than $190 million. The hack occurred when multiple users took advantage of an accidental error in a recent update, allowing them to drain funds from the blockchain protocol. An investigation conducted by samczsun, the head of security at Paradigm, a web3 investment firm, revealed that one of Nomad’s smart contracts had been modified in a way that made it vulnerable to transaction spoofing.
...