Summary # The Terra Classic Network, worth $40 billion, collapsed due to a mix of market factors and significant events. The network hinged on its two primary coins, $LUNC and $USTC. $USTC, an algorithmic Stablecoin, was designed to hold a steady value of $1. $LUNC was created to soak up $USTC’s instability through minting and burning processes and built-in opportunities for arbitrage. Trouble began when the Luna Foundation Guard withdrew a large portion of $USTC from Curve3pool to make room for the new Curve4pool.
...
Summary # On April 30, 2022, Fei Protocol, a decentralized finance (DeFi) protocol that merged with Rari Capital in 2021, was hacked for $80 million. The attacker exploited a reentrancy vulnerability in the protocol’s smart contracts to withdraw funds from the protocol’s reserves.
Attackers # The identity of the attacker(s) is unknown.
ERC-20
FeiProtocol-Fuse Exploiter: 0x6162759eDAd730152F0dF8115c698a42E666157F Losses # $80 Million
Timeline # April 30, 2022, 09:01:35 AM +UTC: The hacker exploited a reentrancy vulnerability in lending protocol April 30, 2022, 10:23:58 AM +UTC: Funds have started to be laundered through Tornado Cash.
...
Summary # On April 17, 2022, Beanstalk Farms, an Ethereum-based DeFi protocol that enables users to earn yield on their cryptocurrency deposits, fell victim to a flash loan attack. This attack resulted in a staggering loss of $182 million, including around $77 million in assets taken from liquidity pools unrelated to Beanstalk. The attacker managed to profit from the exploit, absconding with 24,840 ETH, equivalent to roughly $80 million. The remaining $106 million was returned via a flash loan to Aave, the lending platform.
...
Summary # On March 23, 2022, Ronin Network, a blockchain that powers the popular game Axie Infinity, suffered a 51% attack. This allows the attacker to control the network via compromising validators private keys and perform malicious actions, such as double-spending transactions or preventing new blocks from being mined. The attack resulted in the theft of $625 million worth of Ethereum and USDC. The hackers were able to reorganize over 100 blocks, which allowed them to double-spend large amount of assets.
...
Summary # On February 3, 2022, a security breach occurred on Wormhole, a DeFi platform designed to facilitate the transfer of tokens and NFTs across various blockchains such as Ethereum, Solana, and Binance Smart Chain. The attacker successfully exploited a vulnerability by utilizing a spoofed sysvar account, enabling them to mint 120,000 wrapped ETH (wETH) tokens on the Solana network. These tokens were later deemed invalid. Subsequently, the attacker redeemed 93,750 wETH tokens for an equivalent value of ETH tokens on the Ethereum network.
...
Summary # On February 1, 2022, BitBNS, an Indian crypto exchange, fell victim to a hacking incident resulting in the loss of $8 million. The exploit was made possible through a vulnerability in their AWS (Amazon Web Services) cloud storage, allowing the attacker to access the exchange’s private keys and steal funds. BitBNS initially attempted to hide the breach from users by tweeting about “system maintenance in progress.” The CEO later admitted to concealing the incident, stating that the decision was made following law enforcement advice.
...
Summary # On January 28, 2022, Qubit Finance, a project built on the BNB Chain (formerly known as Binance Smart Chain), announced a breach of its QBridge credit protocol on their Twitter page. The platform was hacked due to a specific vulnerability in the bridge. Hackers were able to mint an unlimited amount of xETH as collateral for loans on the Binance Smart Chain network. The platform’s native token, QBT, plummeted by 26% overnight.
...
Summary # On January 8, 2023, cryptocurrency exchange LCX was hacked, resulting in the theft of cryptocurrencies $8 million. Hackers gained access to the exchange’s hot wallets and stole various cryptocurrencies, including ETH, USDC, SAND, LINK, QNT, ENJ, and MKR.
Attackers # The identity of the hackers who attacked LCX is unknown.
Hacker ETH Wallets:
0x165402279F2C081C54B00f0E08812F3fd4560A05 0x29875bd49350aC3f2Ca5ceEB1c1701708c795FF3 Losses # LCX estimated the losses from the hack to be $8 million.
...
Summary # In December 2021, Vulcan Forged, a well-known play-to-earn cryptocurrency operating on the Polygon Network, faced a devastating exploit involving the theft of $140 million. As outlined in the post-mortem report released by the developers, the attacker managed to employ social engineering tactics to compromise the credentials of user wallets, thereby gaining access to private keys. Consequently, the hacker succeeded in withdrawing 4.5 million Vulcan Forged tokens (PYR), which, at that time, held a value exceeding $140,000,000.
...
Summary # On December 11, 2021, AscendEX, a cryptocurrency exchange, was the victim of a hot wallet breach that resulted in the loss of $77 million. The attacker gained access to one of the exchange’s hot wallets, used to store user funds available for withdrawal.
Attackers # The identity of the attacker(s) remains unknown.
Wallet addresses to which assets were transferred:
ERC20: 0x2c6900b24221de2b4a45c8c89482fff96ffb7e55 Polygon: 0x2c6900b24221de2b4a45c8c89482fff96ffb7e55 BSC: 0x2c6900b24221de2b4a45c8c89482fff96ffb7e55 LTC: LSvQWLf2kGm7UdXtwKvNj4GU1B4xKWUQXR BCH: qp2x5rnn2fkraxcp4hr6suqmnpdehfaaaqn3tv6jke Losses # The attackers managed to steal approximately $77 million worth of assets from the AscendEX network.
...