Bitcoin Forum

DeFi financial system has been compared to the wild west, but that's how a new story begins.
2020
18 February 2020
Arbs Exploit DeFi to Make $900k in Seconds; bZx hack.
https://thedefiant.substack.com/p/arbs-exploit-defi-to-make-900k-in

21 February 2020
Fulcrum had a $2.5M vulnerability over a month ago and still hasn’t told anyone
https://medium.com/@1inch.exchange/yes-we-hacked-bzx-fulcrum-but-one-month-ago-3f7e5c437ee3

19 April 2020
Multicoin Capital-backed DeFi protocol dForce loses ~$25M total locked value in an exploit
https://www.theblockcrypto.com/amp/linked/62346/multicoin-capital-backed-defi-protocol-dforce-loses-25m-total-locked-value-in-an-exploit

21 April 2020
Dforce return $ 25 million back !!!
https://twitter.com/lawmaster/status/1252483198115774464

19 May 2020
BlockFi Experiences Data Breach – Crypto Lending Hack
https://defirate.com/blockfi-hack/

18 Jun 2020
A cryptocurrency bug put $545,000 of DeFi funds at risk
https://decrypt.co/32720/a-cryptocurrency-bug-put-545000-of-defi-funds-at-risk

20 Jun 2020
Balancer hacked ~ $ 500,000
https://medium.com/balancer-protocol/incident-with-non-standard-erc20-deflationary-tokens-95a0f6d46dea

14 Jul 2020
How BZRX Uniswap Listing Made One Trader $550K In 30 Mins
https://cryptopotato.com/how-bzrx-uniswap-listing-made-one-trader-550k-in-30-mins/

5 August 2020
Blatant “bug” led to $370,000 DeFi hack, say experts. Opyn hack.
https://decrypt.co/37671/blatant-bug-led-to-370000-defi-hack-say-expert

7 September 2020
$250k Soft Yearn (SYFI)
https://cointelegraph.com/news/jackpot-user-turns-200-into-250k-thanks-to-a-buggy-defi-protocol

13 September 2020
$8M  bZx protocol
https://www.theblockcrypto.com/post/77656/defi-protocol-bzx-attacked-lost-8-million-faulty-code

14 September 2020
$8M returned  bZx protocol
https://twitter.com/bZxHQ/status/1305496675474006017

29 September 2020
$15 Million  Hackers Drain $15 Million From ‘Unreleased’ Yearn Finance Project
https://bitcointalk.org/index.php?topic=5267124.msg55282297#msg55282297

29 September 2020
$10 Million  $10 Million Ethereum Vulnerability Patched by Whitehat Hacker
https://fullycrypto.com/10-million-ethereum-vulnerability-patched-by-whitehat-hacker

11 October 2020
wLEO Was Hacked on Ethereum. Damage $ 42,000
https://bitcointalk.org/index.php?topic=5267124.msg55365482#msg55365482

26 October 2020
Harvest Finance- 23 million US dollars
https://bitcointalk.org/index.php?topic=5267124.msg55455370#msg55455370

12 November 2020
Akropolis- 2 million US dollars
https://bitcointalk.org/index.php?topic=5267124.msg55591391#msg55591391

14 November 2020
Value DeFi 6 million US dollars
https://twitter.com/value_defi/status/1327660571592773632

17 November 2020
Origin Defi Protocol 7 million US dollars
https://news.bitcoin.com/origin-defi-protocol-suffers-massive-flash-loan-attack-ousd-stablecoin-value-plunges-85/

22 November 2020
DeFi Protocol Pickle Finance 20 million US dollars
https://bitcointalk.org/index.php?topic=5267124.msg55653413#msg55653413

14 December 2020
Nexus Mutual  8 million US dollars
https://bitcointalk.org/index.php?topic=5267124.msg55829590#msg55829590

18 December 2020
Warp Finance 7,7 million US dollars
https://www.theblockcrypto.com/linked/88415/defi-warp-finance-attacked-lost-7-7-million-stablecoins

28 December 2020
DeFi protocol Cover 5 million US dollars
https://www.theblockcrypto.com/post/89368/defi-protocol-cover-exploited-attackers-minted-at-least-40-quintillion-tokens

___

https://decrypt.co/54128/hackers-stole-3-8-billion-in-cryptocurrency-hacks-in-2020
Hackers Stole $3.8 Billion in Cryptocurrency Hacks in 2020

Information disclosure and analysis of major hacks in the DeFe ecosystem
https://github.com/yearn/yearn-security/tree/master/disclosures
__

2021

February 4, 2021
Yearn.finance 9 million US dollars
https://bitcointalk.org/index.php?topic=5267124.msg56271047#msg56271047

February 14, 2021
Cream Finance 37,5 million US dollars
https://bitcointalk.org/index.php?topic=5267124.msg56458888#msg56458888

February 28, 2021
Furucombo 14 million US dollars
https://bitcointalk.org/index.php?topic=5267124.msg56458888#msg56458888

March 4, 2021
Meerkat Finance (Binance Smart Chain) 32 million US dollars
https://bitcointalk.org/index.php?topic=5267124.msg56490389#msg56490389

March 5, 2021
PAID Network (PAID) 3 million US dollars
https://bitcointalk.org/index.php?topic=5267124.msg56498767#msg56498767

March 8, 2021
DODO DEX 2 million US dollars, $1.89 million has been recovered
https://bitcointalk.org/index.php?topic=5267124.msg56530098#msg56530098

March 15, 2021
Roll 3000 ETH
https://cryptoslate.com/hackers-steal-3000-eth-from-roll-causing-massive-price-dumps-of-nearly-100/

March 17, 2021
Iron Finance $170,000  
https://bitcointalk.org/index.php?topic=5267124.msg56605708#msg56605708

March 20, 2021
TurtleDex  9000 BNB =2.4M $  
https://bitcointalk.org/index.php?topic=5267124.msg56617046#msg56617046

April 4, 2021
Force DAO - $367 000
https://bitcointalk.org/index.php?topic=5267124.msg56864596#msg56864596

April 19, 2021
EasyFi DeFi protocol - 6M $
https://bitcointalk.org/index.php?topic=5267124.msg56835129#msg56835129

May 2, 2021
Spartan Protocol -30M
https://bitcointalk.org/index.php?topic=5267124.msg56919497#msg56919497

May 9, 2021
Rari Capital  -10M
https://bitcointalk.org/index.php?topic=5267124.msg57018020#msg57018020

May 12, 2021
(DeFi) protocol xToken  -24.5M
https://bitcointalk.org/index.php?topic=5267124.msg56997287#msg56997287

May 20, 2021
Pancake Bunny  -200M
https://bitcointalk.org/index.php?topic=5267124.msg57050581#msg57050581

May 20, 2021
Venus Incident Report
https://bitcointalk.org/index.php?topic=5267124.msg57054439#msg57054439

May 27, 2021
Wild Credit $ 637K.  All funds were returned to the protocol.
https://bitcointalk.org/index.php?topic=5267124.msg57106288#msg57106288

May 28, 2021
DeFi project BurgerSwap - $ 7.2M
https://bitcointalk.org/index.php?topic=5267124.msg57106299#msg57106299

May 30, 2021
DeFi project Belt Finance - $ 6.2M
https://bitcointalk.org/index.php?topic=5267124.msg57120256#msg57120256

Jyne 21, 2021
DeFi project Impossible finance - $ 0.5M
https://bitcointalk.org/index.php?topic=5267124.msg57284357#msg57284357

Jyne 28, 2021
Safe Dollar - $ 0.25M
https://bitcointalk.org/index.php?topic=5267124.msg57340075#msg57340075

July 1, 2021
WhaleFarm- $ 2M
https://bitcointalk.org/index.php?topic=5267124.msg57367513#msg57367513

July 11, 2021
ChainSwap - $8M
https://bitcointalk.org/index.php?topic=5267124.msg57439162#msg57439162

July 15, 2021
Bondly Finance - Token Price Tanks
https://bitcointalk.org/index.php?topic=5267124.msg57473981#msg57473981

July 16, 2021
THORChain -2500 ETH
https://bitcointalk.org/index.php?topic=5267124.msg57471971#msg57471971

August 4, 2021
Popsicle Finance -25M
https://bitcointalk.org/index.php?topic=5267124.msg57613393#msg57613393

August 10, 2021
PolyNetwork -600M
https://bitcointalk.org/index.php?topic=5267124.msg57662150#msg57662150

August 12, 2021
Poly Network Hacker Returns $342 Million
https://bitcointalk.org/index.php?topic=5267124.msg57677686#msg57677686

August 13, 2021
Maze Protocol -4M
https://bitcointalk.org/index.php?topic=5267124.msg57691964#msg57691964

August 14, 2021
DAO Maker -7M
https://bitcointalk.org/index.php?topic=5267124.msg57677718#msg57677718

August 19, 2021
Ethereum DEX Avoids $350M DeFi Hack
https://bitcointalk.org/index.php?topic=5267124.msg57731551#msg57731551

August 29, 2021
xToken- 4,5M
https://bitcointalk.org/index.php?topic=5267124.msg57820934#msg57820934

August 30, 2021
Cream Finance-19M
https://bitcointalk.org/index.php?topic=5267124.msg57820934#msg57820934

August 31, 2021
Aurory Project-0,5M
https://bitcointalk.org/index.php?topic=5267124.msg57835544#msg57835544

September 4, 2021
DAO Maker-4M
https://bitcointalk.org/index.php?topic=5267124.msg57857298#msg57857298

September 10, 2021
AFKSystems -12M
https://bitcointalk.org/index.php?topic=5267124.msg57910886#msg57910886

September 12, 2021
Zabu Finance -3,2M
https://bitcointalk.org/index.php?topic=5267124.msg57923560#msg57923560     !

September 17, 2021
MISO IDO platform (Hack and return of coins) -865 ETH (3M)
https://bitcointalk.org/index.php?topic=5267124.msg57957934#msg57957934  

September 20, 2021
pNetwork Protocol -$12M
https://bitcointalk.org/index.php?topic=5267124.msg57980467#msg57980467  

September 21, 2021
Vee.Finance  -$35M
https://bitcointalk.org/index.php?topic=5267124.msg57995378#msg57995378

September 30, 2021
Compound bug  -$80M
https://bitcointalk.org/index.php?topic=5267124.msg58062585#msg58062585

October 15, 2021
Indexed Finance -$16M
https://bitcointalk.org/index.php?topic=5267124.msg58188360#msg58188360

October 20, 2021
PancakeHunny -$1,9M
https://bitcointalk.org/index.php?topic=5267124.msg58236768#msg58236768

October 27, 2021
Cream Finance -$130M
https://bitcointalk.org/index.php?topic=5267124.msg58283286#msg58283286

November 5, 2021
bZx -$55M
https://bitcointalk.org/index.php?topic=5267124.msg58355796#msg58355796

November 30, 2021
MonoXFinance $31 M
https://bitcointalk.org/index.php?topic=5267124.msg58586607#msg58586607

December 1, 2021
BadgerDAO $100 M
https://bitcointalk.org/index.php?topic=5267124.msg58599650#msg58599650

December 4, 2021
Polygon  801,601 MATIC tokens worth more than $2 million
https://bitcointalk.org/index.php?topic=5267124.msg58857717#msg58857717

December 8, 2021
8IGHT FINANCE- $1.75M
https://bitcointalk.org/index.php?topic=5267124.msg58790597#msg58790597

December 11, 2021
Gelato-$26M
https://bitcointalk.org/index.php?topic=5267124.msg58790597#msg58790597

December 13, 2021
Vulcan Forged-$140M
https://bitcointalk.org/index.php?topic=5267124.msg58790597#msg58790597

December 21, 2021
Grim Finance  $30M
https://bitcointalk.org/index.php?topic=5267124.msg58790597#msg58790597

December 22, 2021
Visor Finance -$8.8M
https://bitcointalk.org/index.php?topic=5267124.msg58808603#msg58808603

December 27, 2021
Metaswap Gas (MGAS) 1,100 BNB
https://bitcointalk.org/index.php?topic=5267124.msg58909773#msg58909773

December 27, 2021
METADAO 800 Ether
https://bitcointalk.org/index.php?topic=5267124.msg58909773#msg58909773

____
Reports  2021 Hack
https://bitcointalk.org/index.php?topic=5267124.msg59405892#msg59405892


2022

January 1,2022
Tinyman -  the amount of hacking is unknown
https://bitcointalk.org/index.php?topic=5267124.msg58909773#msg58909773

January 11,2022
Lympo NFT platform-  $18.7 million
https://bitcointalk.org/index.php?topic=5267124.msg58968153#msg58968153

January 28,2022
Qubit Finance,  X-Bridge  $80M
https://bitcointalk.org/index.php?topic=5267124.msg59097768#msg59097768

February 2,2022
Wormhole   $326 M
https://bitcointalk.org/index.php?topic=5267124.msg59144112#msg59144112

February 4,2022
KLAYswap   $1,83 M
https://bitcointalk.org/index.php?topic=5267124.msg59153910#msg59153910

February 8,2022
DeFi Meter   $4,3 M
https://bitcointalk.org/index.php?topic=5267124.msg59189702#msg59189702

February 8,2022
DeFi QiDao Protocol  $13 M
https://bitcointalk.org/index.php?topic=5267124.msg59191163#msg59191163

February 11,2022
Dego  damage is assessed
https://bitcointalk.org/index.php?topic=5267124.msg59218259#msg59218259

March 03,2022
Treasure DAO $1,44 M
https://bitcointalk.org/index.php?topic=5267124.msg59412238#msg59412238

March 10,2022
Fantasm Finance $2.6 M
https://bitcointalk.org/index.php?topic=5267124.msg59484103#msg59484103

March 16,2022
DeFi Agave и Hundred Finance $11 M
https://bitcointalk.org/index.php?topic=5267124.msg59484103#msg59484103

March 18,2022
Rare Bears $800K
https://bitcointalk.org/index.php?topic=5267124.msg59705205#msg59705205

March 21,2022
Li Finance $600K
https://bitcointalk.org/index.php?topic=5267124.msg59594924#msg59594924

March 22,2022
OneRing Finance $2M
https://bitcointalk.org/index.php?topic=5267124.msg59615100#msg59615100

March 23,2022
Ronin sidechain $622M
https://bitcointalk.org/index.php?topic=5267124.msg59705205#msg59705205

April 1,2022
Bored Ape Yacht Club $0,549M
https://bitcointalk.org/index.php?topic=5267124.msg59717956#msg59717956

April 2,2022
Inverse Finance $15,6M
https://bitcointalk.org/index.php?topic=5267124.msg59738961#msg59738961

April 7,2022
WonderHero $320 000
https://bitcointalk.org/index.php?topic=5267124.msg59811006#msg59811006

April 8,2022
Starstream $4M
https://bitcointalk.org/index.php?topic=5267124.msg59827200#msg59827200

April 12,2022
Elephant Money $22M
https://bitcointalk.org/index.php?topic=5267124.msg59849629#msg59849629

April 18,2022
Beanstalk $182M
https://bitcointalk.org/index.php?topic=5267124.msg59913835#msg59913835

April 20,2022
Deus Finance $13.4M
https://bitcointalk.org/index.php?topic=5267124.msg59992176#msg59992176

April 28,2022
DEFI Lender Rari Capital $80M
https://bitcointalk.org/index.php?topic=5267124.msg60014661#msg60014661

May 31,2022
Mirror Protocol   $2M
https://bitcointalk.org/index.php?topic=5267124.msg60269928#msg60269928

May 4,2022
Yacht Club (BAYC)   $0,36M
https://bitcointalk.org/index.php?topic=5267124.msg60292687#msg60292687

June 7,2022
Maiar DEX $1,65M
https://bitcointalk.org/index.php?topic=5267124.msg60309763#msg60309763

June 8 ,2022
Interlayer Snafu   $20M
https://bitcointalk.org/index.php?topic=5267124.msg60320761#msg60320761

June 16 ,2022
Inverse Finance   $1,2M
https://bitcointalk.org/index.php?topic=5267124.msg60377788#msg60377788

June 24 ,2022
Harmony   $100M
https://bitcointalk.org/index.php?topic=5267124.msg60431403#msg60431403

June 30 ,2022
NFT marketplace Quixotic $0,1M
https://bitcointalk.org/index.php?topic=5267124.msg60485134#msg60485134

July 3 ,2022
Crema Finance $6M
https://bitcointalk.org/index.php?topic=5267124.msg60500284#msg60500284
refund
https://bitcointalk.org/index.php?topic=5267124.msg60525793#msg60525793

July 3 ,2022
OMNI protocol 1300 ETH
https://bitcointalk.org/index.php?topic=5267124.msg60550807#msg60550807

July 12 ,2022
Ethereum in Massive Phishing Attack $8M
https://bitcointalk.org/index.php?topic=5267124.msg60559895#msg60559895

July 19 ,2022
PREMINT $0,4M
https://bitcointalk.org/index.php?topic=5267124.msg60597872#msg60597872

July  24 ,2022
Audius $1,1M
https://bitcointalk.org/index.php?topic=5267124.msg60639264#msg60639264

July 28 ,2022
Nirvana $3,5M
https://bitcointalk.org/index.php?topic=5267124.msg60647575#msg60647575

August 2 ,2022
Nomad Bridge $150M
https://bitcointalk.org/index.php?topic=5267124.msg60676431#msg60676431

Over $36 Million Bacк
https://bitcointalk.org/index.php?topic=5267124.msg60727075#msg60727075

August 9 ,2022
Protocol Curve $0,57M
https://bitcointalk.org/index.php?topic=5267124.msg60727075#msg60727075

August 30 ,2022
OptiFi $0,661M
https://bitcointalk.org/index.php?topic=5267124.msg60898572#msg60898572


September 1 ,2022
Kyber Network $0,265M
https://bitcointalk.org/index.php?topic=5267124.msg60859039#msg60859039

September 7 ,2022
Nereus Finance $0,37M
https://bitcointalk.org/index.php?topic=5267124.msg60898716#msg60898716

September 8 ,2022
New Free DAO $1,25M
https://bitcointalk.org/index.php?topic=5267124.msg60936613#msg60936613

September 20 ,2022
Wintermute $160M
https://bitcointalk.org/index.php?topic=5267124.msg60974088#msg60974088

September 27 ,2022
address exploit $0,95M
https://bitcointalk.org/index.php?topic=5267124.msg61024467#msg61024467

October 02 ,2022
Transit Swap $21M and return $18.9M
https://bitcointalk.org/index.php?topic=5267124.msg61066552#msg61066552

October 07 ,2022
BNB BRIDGE $80M
https://bitcointalk.org/index.php?topic=5267124.msg61079836#msg61079836

October 11 ,2022
DeFi Service Mango $100M
https://bitcointalk.org/index.php?topic=5267124.msg61107825#msg61107825
Mango exploiter (Avraham Eisenberg) arrested
https://bitcointalk.org/index.php?topic=5267124.msg61508069#msg61508069

October 12 ,2022
TempleDAO $2,3M
https://bitcointalk.org/index.php?topic=5267124.msg61107825#msg61107825

October 18 ,2022
Celo Protocol Moola Market $10M recovered over 93% funds
https://bitcointalk.org/index.php?topic=5267124.msg61148417#msg61148417

October 26 ,2022
Decentralized exchange QuickSwap exploited for $220K
https://bitcointalk.org/index.php?topic=5267124.msg61188392#msg61188392

October 28 ,2022
Team Finance DeFi protocol  $15.8 million
https://bitcointalk.org/index.php?topic=5267124.msg61199142#msg61199142

November 02 ,2022
decentralized Rubic exchange $1.2 million
https://bitcointalk.org/index.php?topic=5267124.msg61226574#msg61226574

November 02 ,2022
Deribit crypto exchange $28M
https://bitcointalk.org/index.php?topic=5267124.msg61226602#msg61226602

November 04 ,2022
DeFi Protocol Solend  $1.26M
https://bitcointalk.org/index.php?topic=5267124.msg61238487#msg61238487

November 15 ,2022
DFX Finance Hacked $4M
https://bitcointalk.org/index.php?topic=5267124.msg61301029#msg61301029

November 15 ,2022
DeFi project Flare on hacked. $17.9 million
https://bitcointalk.org/index.php?topic=5267124.msg61301029#msg61301029

December 02 ,2022
Ankr DeFi protocol  $15 million
https://bitcointalk.org/index.php?topic=5267124.msg61381777#msg61381777

December 11 ,2022
lodestar finance $7M
https://bitcointalk.org/index.php?topic=5267124.msg61426658#msg61426658

December 17 ,2022
Solana DeFi Exchange Raydium $2M
https://bitcointalk.org/index.php?topic=5267124.msg61457362#msg61457362

December 25 ,2022
Rubic DEX $1.4M
https://bitcointalk.org/index.php?topic=5267124.msg61510118#msg61510118

December 26 ,2022
Defrost Finance  hack & returned $12M
https://bitcointalk.org/index.php?topic=5267124.msg61510118#msg61510118

_______________________________________________________________

2023 DeFi hacks. Continuation
https://bitcointalk.org/index.php?topic=5267124.msg61709519#msg61709519

_______________________________________________________________

Report for 4 months 2022
https://bitcointalk.org/index.php?topic=5267124.msg60045276#msg60045276

https://cryptosec.info/defi-hacks/
https://rekt.news/
https://hacked.slowmist.io/

Funds Stolen from Crypto Platforms 2016-2023
https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2024/

Russian
https://bitcointalk.org/index.php?topic=5227888.0

This one happened just a couple days ago.
https://decrypt.co/37671/blatant-bug-led-to-370000-defi-hack-say-experts

Ive read before the issue on Uniswap when BZRX launches their IDO but as Ive read the article the author explained how the guy made 500k usd but not in the form of hack but incorporate a defi trading bot. As far as Ive known, using bots on trading is common its just happened that we can see now the cons of smart contract where it can be easily penetraded by the likes of this. Im not sure whether this included or considered as hack history. Actually the guy is smart. Does he violate any rule on dex? Not sure but this could be raise on authority as one of the example of threats on defi business.

In a short period, a lot of DeFi projects got hacked. I invested in BAL kinda at a peak and as soon as news about hack broke price fell sharply but, now thanks to binance listing and BTC price surge I was able to break even on my investment. Got lucky i guess.

Decentralized Finance in the event of a hack, you have no one to complain to, and this is probably the main reason why I do not use DEFI to the full.

Thanks! It is very important to give people real information. People think that decentralized finances do not have any risks! But it is absolutely vice versa. It is a new industry, new code, no one tested it for a long time, so be careful and invest only what you can afford.

Good thread, and it seems like this can make people who want to invest in DeFi to increase their knowledge so they don't regret after buying DeFi coin, in addition to hacking cases there are actually also frequent exit scams like this $100 DeFi coin which can drop to $9 less in one week.

If you look at the losses, this is a small amount compared to what was stolen from crypto exchanges.
I use defi for exchange, hedging, but I do not recommend newcomers to invest in pools. You can make a profit as well as incur a loss if someone makes a successful arbitration.

https://furucombo.app/
I will recommend an interesting project to get acquainted with defi. It allows almost any user to experience the defi ecosystem without having enough knowledge and coins.

@zasad this is a really impressive project before I had to go to different DeFi sites to complete an arbitrage trade but, here it's all simple and from one site. This will also save me from some price slippage if I am correct.
Bookmarked and thanks :)

It's amazing that in just 1 year there have been 9 attacks on decentralized finance. it is a challenge for developers to fix the system to cover the loopholes that could be harmful. also to realize a new and better security system.

too overhype DEFI even there are a lot of attack events that occur, the average attack is by manipulating smart contracts, and it's done repeatedly as if they understand the weaknesses that exist,
and it's been just a few terrible days 

The project is excellent, but finding an arbitration opportunity to earn money is a very difficult process.
In practice, I myself constantly face the problem of large commissions, when when exchanging tokens or stablecoins for 1000 dollars, I have to pay 30-50 dollars in commission. At such a cost, this system cannot compete with centralized exchanges.
And by the launch of the 2nd phase of ETH 2.0, it is possible that user-friendly interfaces for many projects will be made, and then a new milestone in the world of cryptocurrencies will come.

I think the pump in price of ethereum is also instrumental in the dump of other DEFI, if after any long sideway price move of ethereum we dont see some come back of the DEFI then I might probably have a rethink on them. Actually I dont expect a 100% success of every DEFI coin because the team and community defers in capacity of project development and financial strength. Some still believe it is a good way to pull back the market to start the bull run.

The amount is small because the amount of funds in DeFi is also small. If you want to compare the two, you should use percentages of total funds. In DeFi the losses are pretty big, like a half of the funds or all of the funds. With exchanges, they generally don't lose all their money if it's no an exit scam. Their how wallets is just a fraction of the coins that they hold.

And if you take this year, it's clear that there was more of the DeFi hacks than exchange hacks. So, thinks kinda look not good for DeFi, though it seem to have no effect on hype for now.

I also created a similar thread: List of Defi Hacks (https://bitcointalk.org/index.php?topic=5266973.0).

All these hacks are bound to happen with DEFI space just getting the attention recently hacker are bound to look for vulnerabilities in the system and exploit it but the main question is if the team would learn from mistakes and make the space better

There were 2 more Defi smart contracts that had bugs that were exploited again. Where did these developers come from? I reckon some of them might be the unqualified developers who were rejected or will be rejected by legitimate tech companies.

I am sorry. I do not want to call them bad, however, investors are losing money because of their incompetence.



DeFi meme coin YAM has succumbed to a bug within its rebase function, meaning the coin has lost control of its on-chain governance feature.

All of the roughly $750,000 Curve tokens stored in the project's treasury are lost as well, according to a Medium blog from the team.

Source https://www.coindesk.com/defi-meme-coin-yam-succumbs-to-fatal-rebase-bug



The CRV token officially, yet unexpectedly, launched at 6:25 PM EST today after an anonymous user, apparently unilaterally, deployed the open-source CRV token and CurveDAO contracts on the Ethereum mainnet earlier in the day.

Source https://decrypt.co/38708/anonymous-defi-user-deploys-curve-crv-token-early

Aside from the bugs and developer's incompetence. I dont think we should shift the blame on them alone. There is also some problem on the side of investors. They just keep jumping off any defi projects that they will saw without much any knowledge on the tech and its function. Im sure 2 of these defi projects have been bought by fomo squads. Definitely when they already on rekt mode, they will spat scam on these. Typical but thats how the cycle rolls and curve will likely be a hot token for being listed on Binance.

@cryptoaddictchie. I am not talking about the scams on the market and how we are manipulated to lose our investments. This thread is about hacks and exploits because of developer incompetence.

Is this really the future of finance? This is the comedy of the cryptospace.

Im aware dude. I just given emphasize on the quoted part. But thanks for sharing the info about the incident especially on yam's case. Though that incident doesnt really can be called hacked but like what you said lack of competence and failure to accomplish its goal.

Well in fairness some agree to that. But seriously,  in my opinion only few of them makes that comedy. Not all are shit but some have good ideals too.

@cryptoaddictchie. Many of them are comedies. Look at the list.

Also, I am not telling everyone that the concept of Defi is comedy. I am only telling everyone that the implementations of Defi are weak, buggy and exploitable. Is this the future of finance?

---

In any case, everyone should also remember that Defi needs a centralized organization to act as an oracle. This is the same type of trust that you are putting on financial institutions and companies and without the government to protect you and make the people behind the Defi project accountable.

This is a very bad situation for the user.

[moderator's note: consecutive posts merged]

Soft Yearn (SYFI)
https://cointelegraph.com/news/jackpot-user-turns-200-into-250k-thanks-to-a-buggy-defi-protocol
"An anonymous user managed to net a profit of $250k from a $200 outlay due to a flaw in a DeFi protocol clone’s rebase code.
An anonymous user has revealed how he made $250k in profits from a minor investment in a cloned version of Yearn.finance called Soft Yearn (SYFI)."
https://twitter.com/A_mplify/status/1302852245059330048

Defi hacks is gaining more popularity over time and it feels like the more we hear of hacks and dumps, the more Defi projects that are being established and pumped. I'm personally scared of investing in Defi projects however lucrative they may be, due to the fear of losses which may arise as Defi seems like a bubble
to me.

What about that Sushi DiFi hack, or I would say scam?

The hacks of Defi projects is the new normal. Most times we see Defi projects as a gold mine, but in real fact its a risk trap that has ensnared many. The prevalence of the hacks on Defi projects should be an indicator of the weakness of the projects and that should be taking into consideration when one making investment decisions.

Maybe you need to update it with the latest bZx hacked?

https://i.imgur.com/Z4U8jHO.png

https://twitter.com/MarcThalen/status/1305354469354303488

You can also read more about the incident here: https://bzx.network/blog/incident

The majority of hacks happen on the Ethereum platform. Is it the programmer's fault or the platform?
I am waiting for a hack on the Tronix platform.
Recently the hacks are related to the Rebased token bug. It happens on projects with anonymous teams.

Right, many people think it is risk free but it is also risky either from hackers or price dump. Price is not a factor but security is must concern here and from this useful post, it is clear that DeFi projects aren't free from risky. As it is new system, new codes should be developed regularly to be more secured otherwise it will be cause of damage to the investors.

https://www.theblockcrypto.com/post/77656/defi-protocol-bzx-attacked-lost-8-million-faulty-code
DeFi protocol bZx attacked once again, lost $8 million due to a faulty code

"Quick Take
DeFi lending protocol bZx was attacked once again last night and lost $8 million due to a faulty code.
bZx co-founder Kyle Kistner told The Block that “it’s difficult to say” how this “critical” bug went unidentified by the protocol’s two audit firms Peckshield and Certik."

iToken Duplication Incident Report
https://bzx.network/blog/incident

@zasad@. bZx was attacked 3 times according to an article from Cryptoslate cryptocoin news outlet. This forces you question the qualifications of the development teams behind those Defi projects. Did they get a coding degree from codecademy.com hehehe?

The thing is that it has been audited by a third party, but didn't capture the bugs itself. So obviously, the blame should be on both the developers and that independent 3rd party. Although my take is that it's really hard to do simulation or create all the test cases because this is fairly new 'technology'.

https://twitter.com/bZxHQ/status/1305496675474006017
"We are relieved to announce that the missing funds are now restored. More information will follow.

Stay tuned!"

The stolen funds have been returned.

According to rumors, the hacker was found because he sent money from his wallets to centralized exchanges. His identity has been established.

@zasad@. Someone should teach the hacker about cryptonote coins hehe.

In any case, this is not a Defi hack article, however, this is also very questionable. It promises that its token's price floor only rises because of the magic of their taxation event.

I reckon paycoin had also a similar promise. The scam did not end very well for them.


Price floor: The price floor increases with every taxation event. This is the lowest possible price the contract will exchange TRIB for mUSD. The mUSD is sent to mStable’s saving contract where it continuously generates interest. As more and more sellers and buyers transact with the protocol, the price floor perpetually moves up. As long as there is buying and selling to the contract, it is impossible for the price floor not to go up over time. While many tokens out there can (and probably will) go to zero, that will be impossible with TRIB — it will have interest bearing capital permanently locked into the protocol.

Source https://medium.com/@defisatoshi2.0/introducing-a-new-paradigm-in-defi-the-pooled-interest-savings-token-171e02691ab9

please add UNI leakage from metamask wallets , I don't think metamask is a right place to keep money, that is not the first time such a thing happens with metamask , I really don't like it , I would rather trust wallet .

See? There's a lot more coming on the list. It just indicates that DEFI hype projects were being targetted by the scammers. Thus, many investors were already been tricked with this hype. I'm not saying "all defi" but we can just count few of them that are really created for financial decentralized protocols for the enhancement of system and to sustain the sincere innovation.

I can definitely say that DEFI looks more scam than a good project. This is because behind some projects there aren't good teams, the team makes the 80% of the value of the coin, after there is the project. There are good projects with bad teams that will go only in one direction, down

https://decrypt.co/43203/hackers-drain-15-million-from-unreleased-yearn-finance-project
Hackers Drain $15 Million From ‘Unreleased’ Yearn Finance Project
"A smart contract vulnerability allowed hackers to mint unlimited tokens and sell those for millions of dollars—before returning half the funds to Yearn founder Andre Cronje.

In brief
Hackers targeted a smart contract vulnerability in an upcoming project by Yearn founder Andre Cronje.
They managed to steal over $15 million; but returned $8 million to a wallet owned by Cronje.
The "test in prod" approach proved costly, as Cronje alleged received threats after the hack. "

@zasad@. The skeptical me thinks that this is the beginning of the Defi exit scams. He tweeted about his not completed and unaudited smart contract and then suddenly from his deployer account, an attacker deposited $8 million?

I try to keep track of all defi hacks in this thread. Considering that this topic has become popular in 2020, we can conclude that the number of hacks is not so much,
the amount of stolen funds is much less than the centralized exchanges lose.

Fresh good news
$10 Million Ethereum Vulnerability Patched by Whitehat Hacker
https://fullycrypto.com/10-million-ethereum-vulnerability-patched-by-whitehat-hacker

can we say some of them are inside job? and i do agree most of these defis will one by one disappear in no time. as they collect their share from the market, the people behind the project are thinking of ways how to get away from their scheme.
 and ive seen that some hacks are due to the bug in their system. i believe a lot of these DeFis are not yet ready to deploy their network, however, owed to the ambitious goal of taking advantage of the hype, they situated themselves to vulnerability attack. guess, we will be seeing more projects in the list. or is there a list already for all the defi exit scams?

Hehe the skeptical me is thinking that the whitehat hacker might also be someone from their development team trying to make it appear a 3rd party has audited their code and make the project appear more trustworthy.

the possibility could happen because I don't think it's possible if they did the hack with a very high security system it would just make me think maybe someone in development was involved in this hack.

https://leofinance.io/hive-167922/@leofinance/wleo-was-hacked-on-ethereum-or-thank-you-everyone-for-the-amazing-support

"You've probably heard the news by now. The wLEO contract was exposed to a hack earlier today on Ethereum which led to a massive drain on the pool.

Fortunately, many users were quick to realize that these were false transactions and they removed liquidity from the pool as soon as they found out. This reduced the hackers ability to steal ETH from the pool.

Earlier today, we managed to shut down the contract and withdraw the remaining liquidity from the pool (about 114 ETH).

It will take us some time to snapshot the balances before the hack and figure out who had withdrawn liquidity vs. who was still in the pool at the time of the hack, but we will continually work on it and keep you posted on the distribution of this ETH back to LPs.

From what I keep hearing, this has happened to many other pools on Uniswap. The token issuing contract/address gets exposed and then someone takes advantage of it to mint infinite tokens and rug pull the Uniswap pool to steal the Ethereum."

Damage $ 42,000

Most of the hack in the list did have that uproar and discussion in most cryptocurrency social media platform. Is not that is not important, it is just that the market sentiment had changed. Most people that endured the bear market have not recovered from the long down trend in the market and dont trust the movement of the price in the market but the whales are more active and wont allow such bad news to spoil the market. they will sustain the traded volume for most of the defi though there could be time to take few profit.

Harvest Finance- 23 million US dollars


https://www.coindesk.com/defi-platform-harvest-finance-exploit

https://twitter.com/WuBlockchain/status/1320589547747512320

"Wu learned that the y pool on the curve was attacked by hackers, with a total loss of more than 23 million US dollars. The main victim is the Chinese project Harvest Finance, which said it is still investigating and security agencies are also participating."


https://twitter.com/harvest_finance/status/1320604294190608385
"We are working actively on the issue of mitigating the economic attack on the Stablecoin and BTC pools, and will update in this thread in realtime as soon as additional details are available"

@zasad@. Other mainstream news media outlets reported that the hacker returned some if the stolen coins. I reckon that this might be evidence that the hacker was their own developer.

Does everyone expect the hacker to return some of the stolen coins from the goodness of his heart hehehe?



Hacker returned $2.5 million while Harvest Finance authors put out a $100,000 reward for anyone who can return the rest of the funds.

Source https://www.zdnet.com/article/hacker-steals-24-million-from-cryptocurrency-service-harvest-finance/

---

This statement tweeted by Jesse Powell, Kraken's CEO.

It appears Kraken might become the hackers paradise for stolen Defi tokens and ETH hehe.

However, if the hackers were smart, they should convert their coins to Monero only through Bisq.



It asked eight major exchanges to blacklist Bitcoin addresses used by the hacker, which at least one exchange was reluctant to do. Subtweeting the protocol, Kraken founder Jesse Powell wrote: “Stop fucking up your bullshit DeFi scams and expecting exchanges to bail you out. I will not accept your attempt at externalizing the cost of your hasty, reckless rollout.”

Source https://decrypt.co/46679/harvest-finance-offers-1-million-get-stolen-34-million-back

[moderator's note: consecutive posts merged]

https://akropolis.substack.com/p/delphi-savings-pool-exploit

"At ~14:36 GMT we noticed a discrepancy in the APYs of our stablecoin pools and identified that ~2.0mn DAI had been drained out of the yCurve and sUSD pools.

These pools had been audited by two independent firms, however, the attack vectors used in the exploit were not identified in either audit. The essence of the exploit in question is a combination of a re-entrancy attack with dYdX flash loan origination.

The Akropolis team is currently working through a number of security procedures. The majority of funds on Akropolis are safe. Here is the current status:

Affected Pools:

YCurve and sUSD pools were drained of ~DAI 2.0mn

The stolen funds are currently held in this wallet: https://etherscan.io/address/0x9f26ae5cd245bfeeb5926d61497550f79d9c6c1c"


https://twitter.com/akropolisio/status/1326962438365966356

The development teams from these Defi projects might not know how to cashout from their creation without making it appear that they are dumping. It would not be surprising if the hacks and the thefts on their projects were done by themselves as a form of exit scam.

In any case, another one was hacked.



Origin Protocol co-founder Matthew Liu on Monday night confirmed an attack on the Origin Dollar (OUSD) vault.

"The team is all-hands on deck attempting to figure out what vulnerability was exploited and how the hacker was able to access users’ deposits," he wrote.

Though the exact exploit—some form of flash attack—isn't yet known, the Origin team estimated $7 million—a combination of ETH and DAI stablecoin—had been taken

Source https://decrypt.co/48478/ethereum-based-origin-dollar-hacked-for-estimated-7-million

https://decrypt.co/49149/pickle-finance-hack
"DeFi Protocol Pickle Finance Hacked For $20 MillionSomeone drained the DeFi protocol’s cDAI jar.

Pickle Finance, a DeFi protocol, was hacked to the tune of almost $20 million.
The hackers’ approach is still unknown, though some analysts are saying it doesn’t resemble a typical flash loan attack."


https://twitter.com/emilianobonassi/status/1330239233538318339

"The coffers of Pickle Finance, a decentralized finance (DeFi) protocol with a native token that looks suspiciously like Pickle Rick, of Rick and Morty fame, were drained today of $20 million in what appears to be a hack.

Pickle Finance shifts investors’ money around different DeFi protocols to maximise returns, a little like a traditional robo-advisor. "

I like that Dforce was returning the hacked money back to the investors because $25 Million is very big loss indeed.
However, as long as the hacking events exists in crypto, im afraid people will be more reluctant to spend their money on crypto.
That being said, some new real DeFi projects should be created so we can show them that cryptocurrency really brings profit for investors.

Most of these are mainly flash loan hack which is on price manipulation

Pickle got exploit today too
However it is not because of price manipulation but contract code exploit
Tbh Defi still had a long way to go because since everything is decentralized, it can't be reverse/pause, which is a heaven for hackers/exploiter
Because if they are capable, they can just take everything

Thus if you invested in similar project, kindly be careful with your funds

This is why I'm skeptical to DeFi projects even though not all DeFi projects are scam still a lot of them turns out to be a scam one. Until now I'm not sure which project I should invest and which one I should avoid.

The CEO of decentralized finance (DeFi) insurer Nexus Mutual has lost the equivalent to over $8 million in a targeted attack, the firm disclosed Monday.
https://www.coindesk.com/ceo-of-defi-insurer-nexus-mutual-hacked-for-8m-in-nxm-tokens

"A total of 370,000 of the project’s native NXM tokens were drained from Hugh Karp’s address to one owned by the attacker at 09:40 am UTC, according to data source etherscan.io. The transaction cost 0.00429472 ETH (ETH, -0.72%), or $2.49.

Some of the stolen funds have been transferred via decentralized exchange aggregator 1inch.exchange. “We welcome any assistance to stop the funds, which will likely move quickly,” Nexus said.
"

https://etherscan.io/tx/0x4ddcc21c6de13b3cf472c8d4cdafd80593e0fc286c67ea144a76dbeddb7f3629

How can we know if the developers of Defi are not the same group of people?

@zasad@. Another one for your list hehe. You should add all the losses from the Defi hacks and post how much the total losses are for 2020. We can compare 2020's total with next year's total.



Decentralized finance (DeFi) lending protocol Warp Finance has experienced a flash loan attack that resulted in a loss of $7.7 million worth of stablecoins.

Warp said the attack essentially allowed one user to borrow more funds than their collateral value, resulting in a loss for other users or lenders. Flash loans allow users to borrow funds without collateralization, provided the funds are repaid within a single blockchain transaction.

Source https://www.theblockcrypto.com/linked/88415/defi-warp-finance-attacked-lost-7-7-million-stablecoins

Just in one year and all these DeFi projects has been hacked, is this the future or revolution they promised? Is there a big flaw on Defi concept? Or it is right to say, some of these developers do not have the appropriate skills and experience to develop and manage a Defi project, meaning they just leveraged the hype to create their own projects and make money. To be frank, when I see or hear people saying they can't hold new tokens for a long term, I don't really blame them, because it is clear a very good number of new project's team are not ready for any kind of revolutionary development, but to make money.
On a more serious note, with the high number of DeFi hacks, which doesn't look like it is slowing down anytime soon, one need to be careful of the type of funds in invests in them; who even knows what will happen to most of them next year or as time goes on.

@Shallow. This might be either be the developers of Defi are incompetent fools or they are themselves the hackers of their own Defi projects. After what we have witnessed here in the cryptospace, it would not be shocking if hacking own project is the new for of exit scam.

The rate at which platforms are getting hacked in crypto is quite alarming, and this happens especially when there are types of products being released, if it’s not hack then it’s going to be scammers.

These are serious problems and will be discouraging a lot of people, although the market still seems to be growing despite everything, but that doesn’t mean that all these things that has been happening should be neglected. They shouldn’t be neglected at all, I think that the new devs should always learn a lesson from those that came before them and look into how they can create something more secure, but they never do, it seems like their interest is more on the money.

Thank you. I updated the first post.

the hacker returned 75% of the coins
https://twitter.com/warpfinance/status/1340484565090119683?

"On December 20th, 2020 at 0216 UTC we successfully recovered the loan collateral from the exploit, in the form of ETH/DAI-LP tokens. The value is approximately $5.85m, which is ~75% of the $7.76m lost funds."
I do not think that developers are hacking their projects

Well said, it's the perfect place for scammers to roam about without any fear of getting caught in the process, it's why I feel unreliable on any DeFi projects, I invested in few strong ones like ChainLink but most new DeFi projects are not safe

The very appearance of DEFI inspired people to really hope for development. But as it is now clear, there is a huge field of activity for scammers, you can create a site very quickly, where it is difficult to find the team composition and contacts. Because of this hype, many do not even pay attention to it and blindly give their money. It turns out that one working project immediately appears a bunch of scammers.

https://www.theblockcrypto.com/post/89368/defi-protocol-cover-exploited-attackers-minted-at-least-40-quintillion-tokens

there is another one, Cover smart contract is exploited for $40 quintillion tokens, and attacker already cashed-out $5 million from the protocol, Binance stopped deposit and price is down 76% at the moment
https://www.coingecko.com/en/coins/cover-protocol

Cover merged with YFI earlier, but Yearn.Finance does not seem under pressure due to exploit, it is flat at the moment
https://www.coingecko.com/en/coins/yearn-finance
https://medium.com/iearn/yearn-cover-merger-651142828c45

casperBGD, thanks, you got me on, the first post was updated. To be honest, I thought that the last hacked  Defi project in 2020 would be Warp Finance.
But I was wrong and we still have 3 days :)
I will keep an eye on the hacking of Defi projects next year, I hope there will be less bad news.

I think you made a typo, what do you mean 2020 ? :V

Considering the list on the OP, it is too much to know for the fact that the defi project is simply not safe from hacking cases. Of course it will be very detrimental and i also hope that next year the case can go down.

This really makes me decide if I'm going to invest to DeFi projects by just looking at the list you will really know how DeFi projects can scam participants.
Well this list really helps me a lot not to look more into DeFi projects.

thanks, I corrected the typo.

Dforce return $ 25 million back !!!
https://twitter.com/lawmaster/status/1252483198115774464?

Hack Prevention
https://decrypt.co/32720/a-cryptocurrency-bug-put-545000-of-defi-funds-at-risk

bZx protocol. Refund 8,000,000 $
https://twitter.com/bZxHQ/status/1305496675474006017

$ 10 Million Ethereum Vulnerability Patched by Whitehat Hacker
https://fullycrypto.com/10-million-ethereum-vulnerability-patched-by-whitehat-hacker

Warp Finance 75% refunded.
https://forklog.com/razrabotchiki-warp-finance-vernuli-75-iz-ukradennyh-7-7-mln/

The defi ecosystem is much better than the management system of centralized exchanges. Everything is clear and transparent here.

@zasad@. Another the first Defi hack of the year for you to tally for 2021 hehehe. You have to assume that the development teams have fixed all the bugs from their systems. However, no. The hackings continue.



Yearn developer banteg, one of the administrators of the DeFi project's website, followed with a few more details: "Yearn DAI v1 vault got exploited, the attacker got away with $2.8m, the vault lost $11m. Deposits into strategies disabled for v1 DAI, TUSD, USDC, USDT vaults while we investigate."

Source https://decrypt.co/56659/14-million-gone-in-yearn-finance-exploit

The hardest exploit
https://etherscan.io/tx/0xb094d168dd90fcd0946016b19494a966d3d2c348f57b890410c51425d89166e8
Transaction Fee:3.37117716 Ether and 1M profit (8 out of 9 million were lost in a transaction)

https://cointelegraph.com/news/after-yearn-exploit-attacker-funds-frozen-and-reimbursement-plans-developing
After Yearn exploit, attacker funds frozen and reimbursement plans developing
Seized funds bring the damage down to $9 million as multiple communities ponder the next step in reimbursing user funds

@zasad@. You should add the grand total of the hacked amount of coins in total no. of coins itself for 2020 and compare this with the grand total of hacked coins for 2021 during the end of this year hehe.

The future of Defi or any idea in the cryptospace will depend on security.

I am constantly monitoring updates.
There is a very good report on hacker attacks for 2020

https://decrypt.co/54128/hackers-stole-3-8-billion-in-cryptocurrency-hacks-in-2020
Hackers Stole $3.8 Billion in Cryptocurrency Hacks in 2020
"Cybercriminals stole nearly $3.8 billion worth of different cryptocurrencies in 122 attacks in 2020, but the overall number of attacks is on decline

Dapps, or decentralized apps, running on Ethereum had 47 attacks with a current value of $436.36 million, followed by cryptocurrency exchanges that had 28 attacks ($300.15 million in losses).

Crypto wallets had 27 attacks and were the most lucrative target for the hackers, with $3.03 billion in losses. They also had the biggest average value of stolen assets - 112 million per attack compared to approximately $10 million per attack on dapps or exchanges ($9.28 million and $10.72 million respectively).

There were 12 successful attacks on blockchains themselves last year, bringing the hackers $5.91 million or $492,517 per breach. The most well-known example is probably the series of 51% attacks on the Ethereum Classic network.

There were only a few attacks on dapps based on the Tron and EOS blockchains; each saw just three dapps getting breached. Still, those attacks amounted to $10 million, or around $3.33 million per hack, in case of Tron, and $2.85 million, or $949,416 on average, for an EOS-linked breach.

The values in the study are overinflated though, since monetary losses were calculated based on the January 12, 2021 conversation rates, with Bitcoin changing hands around $34,000 that day. This is compared to how much the cryptocurrencies were worth when they were stolen."

Statistics show that defi projects are not much inferior in security to centralized exchanges. But keep in mind that in 2020, many defi projects have just gained popularity, and centralized exchanges have been operating for many years.

@zasad@. I might be better to tally the hacked and stolen amounts in no. of coins instead in dollars. The value of those coins might be more than double than their value on the day of the hack or less than double 2 years after the hack.

In any case, what is your speculation for hacked Defi projects for 2021? Will 2021 be more than the hacked amount of 2020 or less hehe?

I think 2021 will be more fun!

The dark arts of DeFi are the most profitable.
~$37.5M stolen from @AlphaFinanceLabs in a tale of fake magic, confusion and accusation.
https://twitter.com/RektHQ/status/1360736931693404160
https://rekt.eth.link/alpha-finance-rekt/

The so called DeFis are such scams. I can't understand how people keep putting their money in such buggy smart contracts which most of them are copy/paste of other smart contracts without any audit and no insurance fund.

Almost all of these defi shitcoins created only for speculation. They won't solve any problem. Guys just avoid locking your saving there. These high APY returns don't worth the risk.

The 14th of February
Hacker withdrew $ 37.5 million tokens from Cream Finance's DeFi protocol
https://forklog.com/haker-vyvel-tokeny-na-37-5-mln-iz-defi-protokola-cream-finance/
https://twitter.com/CreamdotFinance/status/1360497502881865729?

https://twitter.com/FrankResearcher/status/1360513422689984512?
"IronBank ($CREAM) was exploited on $37.5M, let’s take a quick look at what happened.

1/ Attacker used Alpha Homora for borrowing sUSD from IronBank.
Each time they borrow twice as much as in the previous one."

The 28th of February

https://twitter.com/furucombo/status/1365743632460910593?
"Today at 4:47 PM UTC the Furucombo proxy was compromised by an attacker. We have deauthorized the relevant components and believe the vulnerability to be patched but we recommend users remove approvals out of an abundance of caution."

DeFi project Furucombo hacked for $ 14 million
https://forklog.com/defi-proekt-furucombo-vzlomali-na-14-mln/

"So what happened to Furucombo"
https://twitter.com/FrankResearcher/status/1365740713334493192

---

Meerkat Finance  (Binance Smart Chain)
Hackers withdrew from the Meerkat Finance protocol based on the Binance Smart Chain cryptoassets worth ~ $ 32 million (13.96 million BUSD and 73 635 BNB)
https://forklog.com/defi-proekt-meerkat-finance-na-baze-binance-smart-chain-zapodozrili-v-ekzit-skame/

https://twitter.com/WuBlockchain/status/1367410125443493891
"BSC project Meerkat Finance is suspected of being rug, taking away 13.96 million BUSD, and the other 73,635 BNB. MKAT claimed to be hacked and stole all resources. Currently the project website cannot be opened. This may be the largest fraud project on the binance smart chain."

---

PAID Network (PAID)
$ 3 million
https://www.coingecko.com/en/coins/paid-network

Network data shows that just over 2,000 ETH -- worth roughly $3 million at press time -- was obtained by the attacker after some of the 59.7 million minted PAID tokens were traded on the decentralized exchange service Uniswap. Roughly 2.5 million PAID tokens were sold over the course of 13 transactions, according to Etherscan data.
https://www.theblockcrypto.com/linked/97411/paid-network-token-minting-exploit-eth

PAID Network exploiter nets $3 million in infinite mint attack
https://cointelegraph.com/news/paid-network-exploiter-nets-3-million-in-infinite-mint-attack

[moderator's note: consecutive posts merged]

And I believe most of these hacking incidents are inside job. A gentle way to abandon the project along with the investors' money. Seems that the list is going to be longer than centralized crypto-exchanges hacking incidents.

Won't trust my savings to defi platform, unless, it is a very reputable one in the community. The high APY is usually the bait here, but you will never get that profit because they will be dead not even a year of existence.

And thanks for the OP for consolidating this list. Please keep this updated so people here will be reminded about these cases in DeFi and be more vigilant in this industry.

DODO DEX
$ 2 million

https://twitter.com/BreederDodo/status/1369098897008648192
"PSA Regarding Recent Exploit on DODO

On March 8, Several DODO V2 Crowdpools were attacked. WSZO, WCRES, ETHA, and FUSI pools were impacted, while AC pool funds have been fully recovered.

Funds in all other pools, including all V1 pools and all non-Crowdpool V2 pools, are safe."

https://twitter.com/BreederDodo/status/1369335145732268033
"UPDATE: $1.89 million has been recovered and our team is in the process of returning these funds to the affected parties.

~1,139,456.20 USDT and 411.05965 ETH have been recovered (see below for the txs)."

https://etherscan.io/tx/0x6e743db045f3738b24c6dedc90bae62c6429f2f7fe8a086394b05a68b8f5867a
https://etherscan.io/tx/0xa0c522f3122ce89f4d20c0c4592574284db841abeabdf3c28d87771fdfe87b91

---

https://twitter.com/PancakeSwap/status/1371471934999777281

PancakeSwap has DNS hacked
"This is now confirmed.

DO NOT go to the Pancakeswap site until we confirm it is all clear.

NEVER EVER input your seed phrase or private keys on a website.

We are working on recovery now.

Sorry for the trouble."

https://twitter.com/PancakeSwap/status/1371470368058183687

"There is a chance we have been DNS hijacked, the same as @CreamdotFinance.

Until we are able to confirm this is not the case, do not use the site.

We will confirm ASAP.

In the meantime, better safe than sorry.

Please retweet for visibility!

https://twitter.com/creamdotfinance/status/1371448627663491088?s=21"

---

https://twitter.com/PancakeSwap/status/1371492312681902080
"We have regained access to the DNS.

Some users might still be affected, depending on their DNS resolution as some propagation time may be needed.

Will send another update shortly.

Thanks for waiting."

https://twitter.com/artofyourmind/status/1371494055465472002
"Financial advise: Anyone who had written their seed phrase should create a new account in Trust Wallet and transfer current holdings to the new account (means new seed phrases). Also unstake and send those LPs out to the new account."

---

$170,000  Iron Finance

Iron Finance DeFi Exploit Explained in Post Mortem
https://beincrypto.com/iron-finance-defi-exploit-explained-post-mortem/
"The latest decentralized finance protocol to get exploited is Iron Finance. The platform lost $170,000 from its liquidity pools following erroneous actions by the team.

Iron Finance is a partially collateralized stablecoin platform based on the Binance Smart Chain (BSC).

It reported that on March 16, two Iron Finance vFarm pools were “subject to an incident”. This ordeal resulted in the loss of user deposits.

It claims that an attacker managed to exploit the system and drain the pools. The bad actor(s) made off with $170,000 worth of its native SIL tokens. These were then sold for BUSD (Binance’s stablecoin) on the markets."

---

TurtleDex 9000 BNB =2.4M $

Binance Smart Chain Hit By $2.4 Million TurtleDex Exit Scam
"And guess what? There’s no sign of TurtleDex anywhere.
In brief
TurtleDex have exited with 9000 BNB tokens raised from a presale days ago.
The project's online presence has gone dark.
Frequent vanishing acts indicate that the growing DeFi space is still risky business."

https://decrypt.co/62204/binance-smart-chain-hit-by-2-4-million-turtledex-exit-scam

---

EasyFi DeFi protocol - 6M $
"The founder of the EasyFi DeFi protocol, Ankitt Gaur, published a blog post on April 20 in which he talked about how hackers managed to get to the liquidity pools and withdraw $ 6 million from them."
https://beincrypto.ru/u-defi-protokola-easyfi-ukrali-6-mln-vot-kak-eto-vyshlo/

https://twitter.com/AnkittGaur/status/1384253351492087819
"On Monday, 19th April 2021 our team members reported the transfer of a large amount of EASY and protocol funds from designated contracts & wallets. initial investigation revealed the possibility of compromise of mnemonic phrase."

EasyFi Security Incident. Pre-Post Mortem
https://medium.com/easify-network/easyfi-security-incident-pre-post-mortem-33f2942016e9

---

Force DAO-$367 000
https://forklog.com/defi-proekt-force-dao-podvergsya-atake-posle-zapuska/
"Force DAO DeFi Project Attacked After Launch
On Sunday, April 4, Force DAO's DeFi Protocol reported a hacker attack a few hours after launch. The FORCE project token has depreciated by 90%.
According to the developers, attackers took advantage of a vulnerability in a smart contract. The team estimated the damage at 183 ETH (~ $ 367,000)."
https://twitter.com/force_dao/status/1378764435553198087?
https://twitter.com/FrankResearcher/status/1378633819599818754

---

Spartan Protocol -30M
https://twitter.com/SpartanProtocol/status/1388669192228929539
"Spartan Protocol
@SpartanProtocol
What we know so far -
*Attacker used $61m in BNB to overcome the pools via a as yet unknown economic exploit path to remove roughly $30m in funds from the pools.

Reach out if you can help identify and analyse the exploit."
https://bscscan.com/tx/0xb64ae25b0d836c25d115a9368319902c972a0215bd108ae17b1b9617dfb93af8

---

https://www.coindesk.com/defi-protocol-xtoken-suffers-24-5m-exploit

DeFi Protocol xToken Suffers $24.5M Exploit
The protocol said minting has been paused on all contracts while an investigation takes place.

Decentralized finance (DeFi) protocol xToken said it suffered an exploit Wednesday by an attacker who used flash loans to take $24.5 million.
https://twitter.com/xtokenmarket/status/1392490733588946948?

[moderator's note: consecutive posts merged]

The list you are providing here is quite shocking, also because I have never heard of many of the hacks. So many projects say they have some certificate from an audit company. It would be interesting to see how many of the DeFi projects listed here had such an audit certificate. Maybe I'll find the time and provide some info on that.

I have come across projects that have been audited by large audit companies and have been hacked. Don't waste your time on this.

https://decrypt.co/70690/defi-hacks-2021-ciphertrace-report
$156 Million Stolen in DeFi Hacks This Year: CipherTrace
"That’s more than was stolen from DeFi protocols in all of 2020.
In brief
$156 million was stolen from DeFi-related hacks between January and April, according to CipherTrace.
That number has risen along with the total amount of money locked up in DeFi."

---

Rari Capital Reports Exploit in ETH Pool; $15M Taken
https://www.coindesk.com/rari-capital-reports-exploit-in-eth-pool
According to Etherscan, $15 million worth of ether was taken.
https://etherscan.io/address/0xcb36b1ee0af68dce5578a487ff2da81282512233

https://nipunp.medium.com/5-8-21-rari-capital-exploit-timeline-analysis-8beda31cbc1a
Rari Exploiter address (same address as Value Defi exploiter on BSC): https://etherscan.io/address/0xcb36b1ee0af68dce5578a487ff2da81282512233
Exploiter net gain: ~2600 ETH (~$10M)

Rari Capital Plans to Refund Stolen $10.6M in Ethereum From Dev Fund
The attack exploited Rari Capital’s integration with Alpha Finance Labs’ ibETH token.
https://www.coindesk.com/rari-capital-loses-ethereum-to-theft


[moderator's note: consecutive posts merged]

Then what are those audit certificates worth? It could even be an insider of the audit services provider. Imagine you detect a loophole in the code, you'd be better off hacking that thing than fixing it. I thought I also heard that they provide insurance after they did their audit. Don't which company it was, but given the size of the security breach they'd be out of business with just a single breach anyway.

The simplest audit costs from 10 thousand dollars, but the prices for services can reach 100,000 dollars and more.

Pancake Bunny -200 M

https://coinfomania.com/pancake-bunny-1-billion-defi-hack/
"By Wilfred MichaelMAY 20, 2021BREAKING: BSC-based DeFi Project Pancake BUNNY Suffers $1 Billion ExploitDeFi Fulcrum ETH Hacked
Pancake Bunny, a DeFi yield optimizer project built on Binance Smart Chain, has supposedly suffered an exploit that resulted in roughly $1 billion being drained from its smart contracts. The token price has dropped more than 97% in the aftermath while the community awaits an update from the team."
https://twitter.com/PancakeBunnyFin/status/1395173093333680136?

It seems they encourage people to take big risk on the so called DeFi(Decentralized Finance). You can't build a project today without proper/thorough testing before allowing the public to invest what they likely can't afford to risk/lose.
I have previously suggested opening up the DeFi platform to the public so anyone can help review projects based on list of Rules/Standards/Principles that have to be followed before a project is allowed for serious usage. Hope they don't prefer the platform to be takeover and regulated by central authorities.
Bitcoin didn't start with founders requesting people to invest huge amount of money or stake to be part of the network, help secure and keep it decentralized ... it instead paid participants... so that they risk less during its early stage and people probably began to put in money above sensible limits over time as security improves

The problem is not really about the testing before going public, but how strong your developers are, a good development teams and site management is a very important factor to consider before embarking on a crypto journey, this should be taken care of thoroughly to avoid hacks and theft on their platform.

Weekly routine check or as the case may be is a good thing to constantly do on a regular to detect any technical fault by following the respective Standard Operating Procedure (SOP).

Explore this report
Hackers Stole $3.8 Billion in Cryptocurrency Hacks in 2020
https://decrypt.co/54128/hackers-stole-3-8-billion-in-cryptocurrency-hacks-in-2020
"Crypto wallets had 27 attacks and were the most lucrative target for the hackers, with $3.03 billion in losses."

__
With the market correcting, the volume of liquidations in Venus' Binance Smart Chain (BSC) -based Venus DeFi Landing Protocol reached $ 200 million.
https://forklog.com/v-protokole-venus-na-baze-binance-smart-chain-proizoshli-likvidatsii-na-200/

Venus Incident Report — XVS Liquidations
https://blog.venus.io/venus-incident-report-xvs-liquidations-451be68bb08f

https://twitter.com/FrankResearcher/status/1394900186435096578?

"Today we have witnessed the manipulation of XVS price —  the governance token of Venus Protocol on BSC.

This incident resulted in $200M+ DeFi liquidations and a $100M+ of protocol bad debt.

As usual, let’s analyze this situation below👇"

you will really know how DeFi projects can scam participants.

Since DeFi was booming last year, there have been a lot of DeFi cases being hacked. Why have so many DeFi projects been hacked? is it because of a weak security system? or clever hackers who attacked the DeFi project?

What about new project called HAPI? they want to solve this problem. I think currently only HAPI that have purpose to solve it. We should support this project to minimize the risk of crypto investment.

Analysts found serious bugs in the DeFi project SafeMoon
https://whattonews.ru/analitiki-nashli-sereznye-bagi-u-defi-proekta-safemoon/

"During the audit, HashEx specialists identified 12 vulnerabilities in the smart contracts of the DeFi project SafeMoon. The bugs found allow the withdrawal of assets worth $ 20 million and block transactions, analysts said."

https://twitter.com/stoolpresidente/status/1394379356487757834?
Dave Portnoy
My shitcoin announcement.   Invest at your own risk.    I have no idea how this works

https://twitter.com/TheCryptoLark/status/1384664238371704832?

Lark Davis
"Bitconnect was for a brief moment a top 10 #crypto, the people making money did not want to accept it was a ponzi, they made every excuse to justify it, and attacked anyone who stated the obvious.

Then it rug pulled and everyone lost big time.

#safemoon is no different."

---

The BNT - ETH pool of the Wild Credit protocol was devastated by an economic exploit.

$ 637K was withdrawn from the pool, but with the help of specialists from the analytical services vfat.tools and Nansen.ai, the funds were returned to the protocol.

https://twitter.com/WildCredit/status/1397848487593603072

All funds were returned to the protocol:
https://etherscan.io/tx/0xb4fffa0e824034a10af2807f1504ac247ae1dd6f2bcfed8085989bbfda434542

https://t.me/Defiscamcheck/1852

https://bitcointalk.org/index.php?topic=5227888.msg57100531#msg57100531

---

DeFi project BurgerSwap - $ 7.2M

https://twitter.com/burger_swap/status/1398088748563369988?

"BurgerSwap just experienced Flash Loan attack.

We have suspended Swap and BURGER generation to avoid further loss.

Our tech team is working on the issue and will publish the solution later.

More details will be published soon. Thanks for your patience."

https://twitter.com/burger_swap/status/1398163112335863811?

"What was stolen:
- 4.4k WBNB ($1.6M)
- 22k BUSD ($22k)
- 2.5 ETH ($6.8k)
- 1.4M USDT ($1.4M)
- 432k BURGER ($3.2M)
 -142k xBURGER ($1M)
- 95k ROCKS"

---

Belt Finance-  $6,2M

https://twitter.com/FrankResearcher/status/1398772580602060804?
"New weekend - a new attack on BSC DeFi protocol.

Today $6.2M in BUSD was stolen from Belt Finance in 8 transactions.

Below is what happened"

[moderator's note: consecutive posts merged]

Safemoon is not the first coin to use the word safe and trust and whatever, they're all the same. They have some kind of audit for smart contract but I still feel 99% of devs in defi aren't as smart as the hackers OR are a group of people themselves all behind the scenes of these rug pulls. The law will catch up one day hopefully.

Come to think of it, defi projects are the sweetest spot for scamming and hacking because there is no way the law will hunt this project down, I believe not a this hacks are real hack, since no one can complain if anything goes wrong even the team can hack themselves, who knows? 🤦

It also appears that the manipulation on Venus and the flash loan attack was an inside job according to this article.



In this article below I will provide evidence from the blockchain that the Venus/Swipe team are directly linked to the Cannon Ignition Sale incident and the blockchain wallet responsible for causing the recent XVS account liquidations.

Source https://medium.com/@venus.insider/venus-io-disclosure-an-inside-job-f8ef195fe78d



Also, all of the other attacks are targetted towards Binance smart chain only. The skeptical me thinks that someone might be playing dirty. Solana to top 3 in coinmarketcap.com might prove this hehehehe.

I really hope someone goes and collects all this evidence and then tries to pin down these guys. My personal belief is that they aren't hackers but all are inside job developers with malicious intent, possibly installing loopholes made known the attackers. And then rugpulling at will. Binance Smart Chain only makes me think this for sure. Crime pays in crypto because enforcement doesn't come and catch them.

@slaman29. All 8 flashloan attacks? I disagree. These are not rugpulls. It appears to be a well organized group exploiting weaknesses in copy/paste projects deployed in Binance smartchain.

Also, I was wrong in my assumption that Binance smartchain would be the Ethereum killer hehe. However, Solana might be the Binance smartchain killer hehehehe.

Ah sorry, I always assumed all kinds of attacks are called rug pulls in Defi. Just read it up now and rugpulls are when the project owners take out all the liquidty from the pool so yes, different mode of attack but in my book, still the same scummy people and like you said, probably all the same groups of people in the end.

Solana BSC killer? SOL starter looks almost sold out:)

Iron Finance announced on Twitter, addressing users about the need to withdraw all liquidity from all pools, the details promise to report later, apparently the Poligon network was subjected to a ddos attack, as a result of which the price of the Titan token fell from $60 to 0. https://twitter.com/IronFinance/status/1405320650202419202

@Daltonik. I am skeptical that ddos was the cause. How can a ddos attack cause a token to pump to $60 then dump to $0? I reckon that it might be some mechanism in these dollar pegged stablecoins that when whales dump IRON, it also triggers to mint TITAN and removes liquidity to keep the peg of IRON to $1.00.

Yes, you are right, of course, everything can happen here, while there is no data on this case, what it was specifically, I think after some time there will be an analysis, it also happens that initially smart contracts of projects involve fraud schemes, such as the recent case with Beetsfarm Finance.  https://twitter.com/RugDocIO/status/1405673057381978113

Impossible finance-  $500 000

https://decrypt.co/74105/binance-smart-chain-defi-project-impossible-finance-hacked
Binance Smart Chain DeFi Project Impossible Finance Hacked
Yet another DeFi project on the Binance Smart Chain has been exploited. This time, attackers nabbed $500,000 from Impossible Finance in a flash loan attack.

https://twitter.com/Mudit__Gupta/status/1406878176509194246?
Impossible finance got exploited today for $500k.

Impossible Finance exploit root cause analysis
https://watchpug.medium.com/impossible-finance-exploit-root-cause-analysis-ba0ed7c151e4

Why Defi hack is so easy to do compared to others. I think there is something wrong with the Defi platform security system. We need to be careful with new and untested platforms. Hackers are always trying to attack new platforms, and they often succeed. As happened in BSC recently.

https://decrypt.co/54128/hackers-stole-3-8-billion-in-cryptocurrency-hacks-in-2020
Hackers Stole $3.8 Billion in Cryptocurrency Hacks in 2020
Check out the statistics. Hackers hack anything they can hack: exchanges, wallets, projects. Defi projects are not on the 1st place in this list.
You need to be careful everywhere

___

Safe Dollar - $250 000

https://t.me/safedollarannouncements/42
SafeDollar has been under attack. We have paused activities on SafeDollar and investigating the matter.

https://twitter.com/RugDocIO/status/1409365551630090243?

SafeDollar may have been exploited for $250k in USDC and USDT‼️
Here is the exploiting contract :
https://polygonscan.com/address/0xc44e71debf89d414a262edadc44797eba093c6b0#tokentxns

---

ChainSwap-  - $8M

https://cryptobriefing.com/8-million-lost-major-chainswap-exploit/

$8 Million Lost in Major ChainSwap Exploit
Chris Williams(C)

"Several tokens have plummeted after ChainSwap suffered its second exploit in eight days. The losses amount to roughly $8 million.

Key Takeaways
ChainSwap suffered an exploit last night, resulting in $8 million worth of losses.
The attacker sold several tokens available on the protocol through decentralized exchanges, meaning they tanked in value.
ChainSwap has paused its Ethereum to Binance Smart Chain bridge and pledged to airdrop new ASAP tokens to holders."

[moderator's note: consecutive posts merged]

THORChain lost, according to preliminary estimates 4,000 ETH about $8 million as a result of a hacker attack. Originally reported loss of 13,000 ETH. https://www.runebase.org/news/thorchain-suffers-exploit

They promise to inform the affected users about the details and compensation in the near future. https://twitter.com/THORChain/status/1415813696857591813

UPD: Official update from the THORChain team in the telegram channel https://t.me/thorchain_org

Bondly Finance Suffers Latest DeFi Attack, Token Price Tanks
https://beincrypto.com/bondly-finance-suffers-latest-defi-attack/
“Unfortunately we have been compromised by an unknown party. We would like to take this time to advise you to STOP TRADING BONDLY. Rest assure we have already taken action and will be operating as usual ASAP,”

Around an hour or so before the warning, DeFi Prime posted details of the address involved in the reported exploit.

unfortunately i have some Bondly in my gate.io account , personally i am not hear this news because i am prepare and accept the risk if someday it will be scam or anything else happen. But if i  see the update from developers team  , they have good response to issue policy so investors not worry and even thingking they will run. hopefully new token released soon and everything back to normal again.

Yes, exactly it happened and was officially announced from their team. Their big response.
This is unfortunate because not only does it cause loss to investors and the project's confidence, but it also covers this negativity on the entire market, which is already in a bad state.
I still haven't forgotten the crazy moment with Titan, even though they later announced their mistake but it did a lot of damage. I've given up on polygons for now.

A new hacker attack, already the second in a week, on THORChain today led to a loss of $8 million, as the developers explained, the hacker said that he could have spent more( ETH,BTC,LYC, BNB and other BEP20s tokens), but eventually requested a reward of 10% of the amount of assets under potential threat in exchange for a critical error message.

Popsicle Finance- 25M

https://decrypt.co/77620/defi-protocol-popsicle-finance-hacked-25-million
A bug in Popsicle Finance allowed hackers to drain one of the DeFi protocol’s key products for roughly $25 million.
"Popsicle Finance, a multi-chain yield-generating crypto project, has melted under the heat of a new exploit.

The $25 million heist was revealed by security researcher Mudit Gupta, who said “the hack was complex but the bug was simple.” In a Twitter thread, Gupta also explained how he reported a similar bug in another protocol, adding that the error “has been exploited in like a dozen other protocols already.”"

https://twitter.com/Mudit__Gupta/status/1422797923037814786

During the last few weeks I was wrapping my head around finding all the DeFi hacks happened but google wasn't really helping. I said to myself, jeez why don't I go to the forum  and search there.
Thanks a lot zasad@ this is what I was looking for!
I'll contribute to this thread in case I'll find some more news.  ;)

The Popsicle Finance team offered the hacker who carried out the attack a reward, or rather a ransom for the return of the stolen funds in the amount of $1,000,000 in any currency at his request, I don't know how much this can help.

I hadn't heard of this project before but it seems that yield optimizers are a big target for attackers. PancakeBunny suffered one of the biggest losses earlier this year through a flash loan attack and then a few months later they were attacked again on the Polygon version of PancakeBunny. The benefit of using these optimizers is in the extra rewards they give you by going through their platform but the complexity of their contracts makes them more susceptible to exploits.

So far there have been no hacks or exit scams on NEAR protocol, it's a trustworthy community.

It's really unfortunate when projects which struggled hard to reach a certain point got hacked and loose all there  worked for, they are not the only ones affected, investors which believed in such project also loose as well because definitely when a project is hacked the next thing which take place is a rug pull which makes price of the coin dip so badly, well this is more reason projects should choose a blockchain which it's security can't be bridged, e.g polkadot, solana, and the most recommended is Near protocol.

This kind of stuff is sad, people put their trust and hard earned money into projects and hackers take advantage by hacking these projects. Although it’s the fault of the person putting money into non secure projects, it’s still sad. It’s sad that we let these shitty projects have so much power and don’t just shut them down as a whole. Projects like BSC, NEAR, DOT are secure and you won’t get all of your money stolen if you invest in them. There are many others that are secure but there are also many that aren’t so as an investor you have to be careful where you put your money because sadly this is part of the game.

Personally I was a victim of one defi hack. I lost about 100$. It was a farm on Polygon called Polyyeld. I invested in a pool USDC-YELD and at first everything was ok and I wish I had taken my money away when I was in profit. But then I lost and decided to hodl. And some time later they launched a layer 2, as a result a vulnerability appeared there. Then it was a hack and somebody made up a huge amount of native tokens.

https://decrypt.co/78163/polynetwork-suffers-record-breaking-600-3m-hack
PolyNetwork Suffers Record-Breaking $600.3 Million Hack
"PolyNetwork has suffered an exploit today. The attacker has made off with at least $600.3 million in stolen funds.

Multi-chain interoperability protocol Poly Network fell victim to an exploit today, resulting in the loss of roughly $600 million worth of various cryptocurrencies, the platform's developers revealed."
https://twitter.com/PolyNetwork2/status/1425073987164381196?

I read it is one of the largest hack, if not the largest so far.
People should be careful how they invest in  projects. In Crypto space, only put your funds in well decentralized, well tested and secured projects. It's a space that depends on the security of decentralization in place of traditional governments... You should demand true decentralization or don't invest atall.

Invest but don't gamble. 
  Will continue to emphasize on the importance of sticking to crypto ideals when you are in Crypto space, so we don't have too many regrets

Yes, keeping funds in the pools of Defi projects using them for passive income becomes quite dangerous, the hacker left a message that he could withdraw much more, but did not do it and saved the project https://etherscan.io/tx/0x552bc0322d78c5648c5efa21d2daa2d0f14901ad4b15531f1ab5bbe5674de34f , another message from him that he was ready to return the stolen. https://etherscan.io/tx/0x7b6009ea08c868d7c5c336bf1bc30c33b87a0eedd59dac8c26e6a8551b20b68a

https://i.ibb.co/HYydTSy/2021-08-11-134129.jpg (https://ibb.co/MpH6kvH)  https://i.ibb.co/9ZrjjMX/2021-08-11-133437.jpg (https://ibb.co/FHDttPv)

https://decrypt.co/78270/poly-network-hacker-repays-2-1-million-says-ready-return-fund

Poly Network Hacker Repays Millions, Says ‘Ready to Return the Fund’
"The unknown Poly Network hacker has begun returning funds stolen from yesterday’s record-breaking exploit.

The attacker responsible for yesterday’s $600 million hack of decentralized finance (DeFi) interoperability protocol Poly Network sent nearly $5 million worth of crypto back to the project."

I just remembered some of these stupid hacks but kucoin was the one that hurts me the most As this mostly happens smart contracts have to be completely changed and team really super it the most and then sometimes or even all the time coins dumps like hell and investors take serious hit...I really hope there is a way for addressing refund or locking user account

I heard about these comments about the hackers returning the coins, but is it really true that they will be refunding all the coins that they hacked. I really doubt that, if the hackers wanted to help the network they would have done that and asked for a bounty to save the network for good and now the reputation of Poly Network is down the drains and what is the point of all this other than showing off if they really return all the funds.

hopefully they will did it , but with hundred millions someone will tempted with money. since the beginning hacker goals want to take money from network vulnerability that exposed and they have communication with developerst team. this is will make doubt they will send money back. actually with this skills , these hacker could earn  money from several project. they just need to exploit and report it so will get money legall.

It was mentioned that the hacker's IP address and other information had been uncovered and maybe this is what scared them into returning those funds. Every centralized exchange will be monitoring their addresses and it would be difficult for them to cash out into fiat.

The hack probably destroys any confidence in Poly Network but at least investors have a chance to recover what they lost.

And the $3 million was frozen by Tether already.

Yeah, I do agree that it destroys Poloy Network face value because of this attack, so it might be hard for their platform to bounce back.

Anyhow, let's hope that the hackers will send back more, if there IP address is exposed, then sooner or later they can be track and identified and arrested.

https://decrypt.co/78355/poly-network-hacker-returns-million

Poly Network Hacker Returns $342 Million
The largest crypto hack in history might have a happy ending after all as Poly Network sees more than half of the stolen funds returned.

https://decrypt.co/78364/poly-network-hacker-says-exploit-was-just-for-fun
Poly Network Hacker Says Exploit Was Just ‘For Fun’
The Poly Network hacker denies evil intent and says they wanted to teach the project a lesson.

---

New hack, new post!

DAO Maker Statement — Thursday, 12th of August
https://medium.com/daomaker/dao-maker-statement-thursday-12th-of-august-2c3bb0d1bb69

"The cybercriminal, after tentatively testing this exploit and managing to steal 10,000 USDC, then proceeded to quietly make 15 more transactions.
In this manner, the hacker was able to siphon approximately $7M, until our security team was able to trace, contain and stop the drain of funds. A total of 5251 users were affected, losing $1250 USD on average per user."

[moderator's note: consecutive posts merged]

I guess they are already rich or they are not really criminals because they cannot pull out this kind of deed, it saves the market from dipping, this kind of news is what makes the market dip and what makes the market grow, I hope criminals will learn from this one, that the whole community will go after them and make them pay if they continue these activities.

The issue of defi hack is becoming one too many,  people are likely going to desist from participating in defi investment.  But another angle to all these issues is the lessons that must be learned through all these events.  I expect the defi space to be stronger and better as we experiment this laudable idea of decentralized finance!

Maze Protocol -  4 million US dollars

"The BSC project Maze Protocol was attacked by hackers, and more than 4 million US dollars were suspected to be stolen. Certik also audited and issued a report."

https://twitter.com/WuBlockchain/status/1425970290660544515

"Maze Protocol：The hacker exploited a leak that allowed borrowing assets based on users’ collateral and sending funds directly to the attacker’s address.
The asset pools have been frozen to prevent more attacks. The remaining funds are safe. The website is temporarily shut down."
https://twitter.com/WuBlockchain/status/1425970973900083204

---

https://medium.com/daomaker/dao-maker-compensation-plan-b7a76a312c30
DAO Maker Compensation Plan

"
Phase 1: The SHO Must Go On
500 USDC will be airdropped to all affected users’ wallets without delay.

Phase 2: Remaining 65% Refund & Liquid IOU Tokens
Given that the net exploited amount was $7M, the amount due (after the $2.5M deposit to users’ escrow) equals $4.5M. This $4.5M will be provided to users in exactly one year’s time in the form of DAO tokens at the future market price.
"

---

https://decrypt.co/78802/ethereum-dex-avoids-350m-defi-hack-thanks-white-hat-heroics
Ethereum DEX Avoids $350M DeFi Hack Thanks to White Hat Heroics: Report

"In brief
SushiSwap’s MISO token sale platform had an exploit that could have been used to steal $350 million worth of Ethereum.
A crypto researcher from VC firm Paradigm says he discovered the exploit yesterday and worked with SushiSwap to neutralize the threat."

---

https://decrypt.co/79307/polynetwork-make-affected-users-whole-resume-functionality

PolyNetwork to Make Affected Users Whole, Resume Functionality
"Following the record-breaking hack, the crypto project platform is now returning lost funds to affected users."

https://twitter.com/PolyNetwork2/status/1429738587046563841

"Today’s announcement from PolyNetwork appears to close the chapter on the historic heist. Least until the next hack."

[moderator's note: consecutive posts merged]

The hacker managed to withdraw almost $25 million during the latest flash credit exploit of the Cream Finance protocol using the error of re-entering the AMP token contract. https://cointelegraph.com/news/cream-finance-defi-platform-loses-19m-in-a-flash-loan-hack

Cream Finance-19M
Cream Finance DeFi platform loses $19M in a flash loan hack
https://cointelegraph.com/news/cream-finance-defi-platform-loses-19m-in-a-flash-loan-hack

https://twitter.com/CreamdotFinance/status/1432249771750686721?
"PeckShield specified that the hacker exploited the Amp token by reborrowing assets during its transfer before updating the first to borrow in 17 separate transactions. Providing an example transaction, the security firm stated, “The hacker makes a flashloan of 500 ETH and deposit the funds as collateral. Then the hacker borrows 19M $AMP and makes use of the reentrancy bug to re-borrow 355 ETH inside $AMP token transfer. Then the hacker self-liquidates the borrow.”"


xToken- 4,5M
"On 29 August at 04:43 UTC, a vulnerability in our xSNX contract was exploited. We estimate the loss to holders at $4.5 million. We are incredibly disappointed in ourselves and deeply sorry to our community."
https://medium.com/xtoken/xsnx-post-mortem-666d35071f38

---

https://twitter.com/CreamdotFinance/status/1432909465104240641
"At approximately 12pm on 31st August (UTC +8), C.R.E.A.M. Finance was exploited for 462,079,976 in AMP tokens and 2,804.96 ETH tokens.

Stolen tokens will be replaced. We will commit to allocating 20% of all protocol fees toward repayment until this debt is fully paid."

C.R.E.A.M. Finance Post Mortem: AMP Exploit
https://medium.com/cream-finance/c-r-e-a-m-finance-post-mortem-amp-exploit-6ceb20a630c5

[moderator's note: consecutive posts merged]

How convenient to hack platforms for fun, they must not have noticed this is a question of public funds safely and the integrity and trustworthiness of the project in question, it is better they look for other ways of having fun than to mess around with people's investment, I don't see what's funny here especially when the reverse is the case.

A phishing attack on the issue of tokens of the NFT-project Aurory Project on the Solana blockchain allowed the attacker to withdraw from the wallets of the victims of cryptocurrency and NFT, according to various estimates, from $500,000 to $1.1 million. https://cryptonews.net/en/1635083/

DAO Maker -4M
https://twitter.com/TheDaoMaker/status/1433994186446020609

This is the second hack in a month.

https://etherscan.io/address/0x2708cace7b42302af26f1ab896111d87faeff92f#tokentxns

What is wrong with the contract? there must be a solution to avoid such lost. Moreover, it has happened for many times before. I guess they just want to collect investors money without having any responsibility to protect and reserve the funds. Such a disaster. 

So far, the most unfortunate incidents seem to be Rune and Poly, although after Poly, Tether confirmed the refund but defi seems to have been taught a lesson in security to improve  than.  And I suspect cross-chain bridges are a research point for hackers.

As reported on twitter PeckShield Inc. the hacker behind the attack on Cream Finance returned the funds stolen as a result of the recent attack in the amount of 5152.6 ETH.

AFKSystems   12M $
https://twitter.com/RugDocIO/status/1436440660517793798?s=20
"AFKSystems rug update: stolen funds were eventually sent to"
https://etherscan.io/address/0x56eb4a5f64fa21e13548b95109f42fa08a644628

https://twitter.com/ObeliskOrg/status/1436493898180931588?s=20
:1/18 AFK System Hard Rug Postmortem thread :"

---

Zabu Finance $3.2M

https://slowmist.medium.com/?p=44243919ea29
"Brief analysis of Zabu Finance being hacked
According to the intelligence of the SlowMist Zone, on September 12, 2021, the Zabu Finance project on Avalanche suffered flashloan attack."

https://twitter.com/zabufinance/status/1436844923483869184

[moderator's note: consecutive posts merged]

The hacker withdrew 864.8 ETH something more than $3 million from the NFT auction)on the MISO IDO platform of the SushiSwap protocol by introducing malicious code into the external interface of MISO and spoofing the auction address. Chief technical officer SushiSwap Joseph Delong reports on Twitter. Hacker's transaction ID: https://etherscan.io/address/0x3ddd8b6d092df917473680d6c41f80f708c45395#internaltx

https://twitter.com/josephdelong/status/1438839165873967107
"100 ETH has been returned to the Sushi multisig. Hoping the attacker sends the rest
https://etherscan.io/tx/0x4bfd68aaaaad03d0dd2d5b9e862e3bc4c7ee90cb85507eb85262e932c8748521"

https://twitter.com/AppletonDave/status/1438854505332764672
https://etherscan.io/tx/0x904e5bcb5ef9cfb19f19afd04849f3b12d17dc347d3e525072fcd139cc08cbdb

https://twitter.com/josephdelong/status/1438861783599652868
"All funds returned"

https://twitter.com/skymoon_gt/status/1438847456377192450
"I think the biggest hackers are the ones taking positions of short in exchanges right at the moment of the incident or right before. Once all funds are returned, check these individuals/groups as well. Probably they make more money that way!"


https://decrypt.co/81120/sushiswaps-token-launchpad-hacked-over-3m-ethereum
SushiSwap’s Token Launchpad Hacked for Over $3M in Ethereum

pNetwork - a cross-chain DeFi platform was attacked on Binance Smart Chain, losing 277 bitcoin (over USD 12 million).


Right after the attack, pNetwork offered a clean bounty of USD 1.5 million if the hacker returned the funds.

Uniswap when BZRX launched their IDO but when reading the article the author explained how the guy earned 500k usd but not by hacking but combining defi trading bot. It is very important to give real information people. People think that decentralized finance doesn't have any risks! But it's quite the opposite. It is a new industry, new code, no one has tested for long so be careful. Thank you very much for sharing the important information needed.

pNetwork Protocol -$12M
https://decrypt.co/81301/defi-bridging-protocol-pnetwork-suffers-12-million-hack
DeFi Bridging Protocol pNetwork Suffers $12 Million Hack
An unknown hacker has exploited a bug in pNetwork’s codebase to steal 277 Bitcoin from the protocol's bridge on Binance Smart Chain.

after this incident, there will be all kinds of security instruments that are carried out, there will even be a mission to report bugs, we will give gifts(reward). as far as made same OP from 2020-2021, it is not impossible before that year will also happen.

There is only one defect among them that hurt me, the defi was pancakebunny. I was getting my Yield revenues with bunny, after the hack, the price went down and it hurt me. Defi, I knew that there were too many hacks, there are projects in this list that I have not heard before, a good list has been prepared.

The Vee.Finance landing platform was attacked by an unknown hacker, as a result, the attacker withdrew 8804.7 ETH and 213.93 BTC worth approximately $35 million. https://veefi.medium.com/vee-finance-accident-announcement-5e75ff197da6

https://i.ibb.co/BZ5DvZR/2021-09-21-233737.jpg (https://veefi.medium.com/vee-finance-accident-announcement-5e75ff197da6)

All services were suspended. We are investigating the cause, please follow our official accounts for the latest updates reported on the project's twitter.

Didn’t makerdao get hacked at some point?

Combining link information in 1 post
VEE FINANCE 8804.7 ETH and 213.93 BTC ( $35M)
21 Sep 2021

https://www.rekt.news/veefinance-rekt/
Exploiter ETH Address: 0xeeee458c3a5eaafcfd68681d405fb55ef80595ba

Exploiter AVAX Address: 0xeeeE458C3a5eaAfcFd68681D405FB55Ef80595BA
"The exploiter’s Ethereum address was funded via TornadoCash in three lots of 10 ETH: ONE, TWO, THREE.

The funds were then bridged to Avalanche, where the attacker swapped 26.999006274904347875 WETH.e for 1,369.708 AVAX via Pangolin."

It seems that most altcoin project devs are only after making money through projects rather than the safety of investors and the project security cause just in a short span the number of DeFi that was hacked is huge.
If this continues DeFi may lose the trust of crypto market finance enthusiasts.

Compound bug leaves $80 million in COMP at risk of being misrewarded
https://www.theblockcrypto.com/linked/119086/compound-bug-comp-risk-misreward
"But a new bug contained in the upgraded Comptroller Contract has mistakenly allowed some users to claim as much as about 168,000 COMP tokens already, worth around $50 million.

Robert Leshner, founder of Compound Labs, said in follow-up tweets that the Comptroller contract address "contains a limited quantity of COMP" while the majority of the reward sits in a different Reservoir contract address.

Hence "the impact is bounded, at worst, 280,000 COMP tokens," Leshner said. That is worth about $80 million as of press time.

The Comptroller contract address now has 112,000 COMP tokens left."

Cream Finance reports that the project managed to recover 5152.6 ETH stolen on August 31, they managed to identify the hacker with the help of the community, the hacker received 10% of the stolen funds.

Something tells me this list is gonna be more populated before the year runs out. The truth is, the way DeFi is run, it is always easy draining funds from it and nobody can stop those malicious actors. The only way it can be curbed is by regulations, and regulations alone. And crypto as a whole is long overdue for that

Indexed Finance -$16 M
https://ndxfi.medium.com/indexed-attack-post-mortem-b006094f0bdc

"Today Indexed suffered its first hack since its deployment in December, and it was a pretty devastating one. About $16m worth of assets were stolen from the indices DEFI5 and CC10 by 0xba5ed1488be60ba2facc6b66c6d6f0befba22ebe."

---

Indexed Finance continuation of a story
https://decrypt.co/83681/defi-protocol-indexed-finance-hacked-for-16-million-team-finds-hacker
The project’s members identified the hacker on Friday because he didn't cover his tracks off-chain well enough, Day said. They then gave him an ultimatum: return the funds by midnight on Saturday or else they would contact law enforcement.

https://twitter.com/ndxfi/status/1449373158583279622
"The 10% offer has expired. The attacker has until EOD to return 100% of the stolen funds or his information will be published and law enforcement notified."

https://twitter.com/ndxfi/status/1449594187213680643
"The ultimatum has not been met.
In the minutes before the deadline elapsed,
@ZetaZeroes
made changes to his accounts that have made us realise at the last minute that the attacker is significantly younger than we thought."

https://twitter.com/ZetaZeroes


This address is reported to be involved in a Indexed Finance exploit.
https://etherscan.io/address/0xba5ed1488be60ba2facc6b66c6d6f0befba22ebe

[moderator's note: consecutive posts merged]

It's good that sometimes hackers are too arrogant to stay in the shadows, although the team says that he is quite young, that's why he made these statements, but the bad thing is that project teams do not pay due attention to security in order to avoid situations that harm both the image of the team and damage the community and people simply lose their funds as a result.

---

PancakeHunny on BSC on October 20 was attacked using a flash loan by a hacker, about $1.9 million was stolen, this is already happening for the second time, the first case of using a flash loan was in the month of June. In a preliminary report, the team assured users that their funds are safe.  https://medium.com/pancakehunny/pancakehunny-incident-report-b5b74557b0ad


[moderator's note: consecutive posts merged]

PancakeHunny- $1.9M

"What happened?
On 20 October 2021, at 0920 UTC. A smart contract was created to exploit the Hunny TUSD vault. The Contract was subsequently executed 26 times. This is the sequence of events.
Obtained a 53.25 BTC Flashloan from Cream Finance.
Used 53.25 BTC to get a 2,717,107 TUSD Loan from Venus.
Manipulated the price of BNB/TUSD Pool on PancakeSwap.
Used 50 different Wallet Addresses to Deposit 38,250 TUSD into HUNNY TUSD Vault.
Redeemed 2842.16TUSD and Minted 12,020.40 Hunny.
Sold Minted Hunny for 7.78 WBNB.
Steps Repeated for 50 wallets 26 times."
https://medium.com/pancakehunny/pancakehunny-incident-report-b5b74557b0ad
https://twitter.com/peckshield/status/1450801612901937152?

---

Cream Finance - $130M
https://decrypt.co/84590/cream-finance-suffers-third-hack-losing-over-130-million
Cream Finance Suffers Third Hack, Loses Over $130 Million
Cream Finance, a DeFi lending protocol, has been hacked for over $130 million—marking the third hack suffered by the protocol.

[moderator's note: consecutive posts merged]

There have been a lot of hacks on Defi coins in the last few months, but I see where the weakness lies in the swap platform. They try to hack in various ways, including resembling core tokens. Some even tried to create fake swap platforms. When we give permission to access the wallet, of course they already have control over our wallet. The most dangerous are the platforms with the import private key system.

https://twitter.com/nomorebear/status/1453413216172740609
"Quick explanation of
@CreamdotFinance(C)
 >$100M exploit:

1. Flash mint ~500m DAI to mint curve y Pool to mint ~500m yUSD
2. Use account A to deposit yUSD to CREAM
3. Flash loan ~500k (worth $2B) ETH from AAVE
4. Use account B to deposit ETH to borrow all yUSD and send to A
5. Use account A to deposit yUSD to CREAM
6. Repeat 4, then 5, then 4 again. Now account A has ~1.5B cyYUSD and ~500m yUSD
7. Redeem yUSD
8. Inflate price of yUSD by factor of 2. Now, account B is deeply underwater (bad debt) but account A has double collateral value***
9. Use account A to borrow ETH to return the flash loan.
10. Use the rest collateral power in A to borrow and drain CREAM.
11. Use redeemed yUSD (plus some small amount of DAI from money from 10) to repay DAI flash mint"

---

Information disclosure and analysis of major hacks in the DeFe ecosystem
https://github.com/yearn/yearn-security/tree/master/disclosures

Very good analysis of the latest CREAM Finance hack.
Incident Disclosure 2021-10-27
https://github.com/yearn/yearn-security/blob/master/disclosures/2021-10-27.md

---

Crypto Wallets MetaMask, Phantom Targeted in $500K Phishing Attack: Report
Check Point Research has discovered a “massive” phishing campaign that has seen funds stolen from MetaMask and Phantom users.
https://decrypt.co/85253/crypto-wallets-metamask-phantom-targeted-500k-phishing-attack-report
"Check Point Research has discovered a crypto phishing scam that has stolen at least half a million dollars.
Metamask and Pancake websites have both been mimicked in the scam."

---

bZx -$55M
Ethereum DeFi Project bZx Hacked Again—For a Reported $55 Million
The project says Ethereum contracts and treasury funds are unaffected.
https://decrypt.co/85360/ethereum-defi-project-bzx-hacked-again-reported-55-million
"bZx is a DeFi lending protocol.
It's investigating an exploit of a private key linked to its Binance Smart Chain and Polygon deployments."

---

Moving Forward: Post Exploit Next Steps for C.R.E.A.M. Finance
https://creamdotfinance.medium.com/moving-forward-post-exploit-next-steps-for-c-r-e-a-m-finance-1ad05e2066d5
"The Path Forward
We will distribute 1,453,415 CREAM tokens to impacted users. We are utilizing remaining CREAM tokens within the treasury, and removing the project team’s remaining CREAM token allocation. There will be no further CREAM allocations to the team."

[moderator's note: consecutive posts merged]

Elliptic analytical company.released a study according to which users have suffered losses in excess of $12 billion since 2020 due to fraud and theft on DeFi platforms, of which $10.5 billion falls in 2021.
 $721 million of the $12 billion was subsequently reimbursed. The most frequent targets of cybercriminals were the Ethereum and BSC blockchains.
The main reasons for attacks on decentralized projects in Elliptic are called errors in the code and architectural flaws.
https://www.elliptic.co/resources/defi-risk-regulation-and-the-rise-of-decrime

https://i.ibb.co/68mSfLk/2021-11-19-205424.jpg (https://imgbb.com/)

DeFi exploits total $680 million so far in 2021
https://www.theblockcrypto.com/post/123030/defi-exploits-total-680-million-so-far-in-2021
"Quick Take
There have been 70 DeFi attacks this year across four blockchain platforms.
Around $1.4 billion was initially stolen but $760 million has been returned."

Those that are known anyway. I bet you on BSC and Tron there are loads of small tiny rug pulls that don't make the news or are even talked about but I see a new IDO every few hours, and most of them gonna end up scams. People also who got scammed mostly won't say it (the small losers whine but the big ones keep quiet) and then all this doesn't go reported.

The Polygon based MonoX DeFi platform was hacked, the hacker managed to withdraw crypto assets worth $31 million, the following assets were withdrawn:
 -5.7M MATIC ($10.5M)
- 3.9k WETH ($18.2M)
- 36.1 WBTC ($2M)
- 1.2k LINK ($31k)
- 3.1k GHST ($9.1k)
- 5.1M DUCK ($257k)
- 4.1k MIM ($4.1k)
- 274 IMX ($2k)


The developers of MonoX confirmed the fact of hacking and apologized to investors, but the developers also said that the incident is being investigated and measures are being taken to refund funds.
As it turned out during the investigation, the hacking mechanism looked like this: the attacker managed to raise the price of the MONO token to the skies with the help of a swap contract, and then purchase all the other assets in the pool for it.

MonoXFinance $31 M


for a link to 1 post.
MonoX Finance Drained of $31M in Latest DeFi Hack
https://cryptobriefing.com/monox-finance-drained-of-31m-in-latest-defi-hack/

"Key Takeaways
A hacker has exploited MonoX Finance's smart contracts, draining $31 million worth of assets.
The MonoX team are attempting to contact the hacker to ask for the funds to be returned.
Despite receiving two independent audits, the vulnerabilities in MonoX's smart contracts were not found."

Amazing list! It worries me that DEFI can be so easily hacked and that it happens so very very often... The thing that bothers me most is the disgusting bounty haggling from Fullcrum. They saved their 2.5 Million dollars and don't even get paid for their efforts. What kind of move is that? Fullcrum? More like Fullscum. I would keep away from doing business with them.

That being said, thanks for this list. Im sure it will be very helpful for future Defi.

That's really a lot of hacks and very big money involved but we shouldn't forget the small ones and if we sum that up I think they are much more expensive than those on the list. What I mean is something like the rug pull I think the one that happened in Binance before and other rug pulls of different developers that consist of million of $.

BadgerDAO reported unauthorized withdrawal of user funds, engineers BadgerDAO are investigating this issue, the protocol's smart contracts have been temporarily suspended.


One of the victims lost 896 BTC https://etherscan.io/tx/0x951babdddbfbbba81bbbb7991a959d9815e80cc5d9418d10e692f41541029869 , in total about $ 100 million was withdrawn from the project.


But whether it was an attack or the funds were simply burned as a result of using a bug in contracts is not yet clear.
https://twitter.com/DefiWhiskey/status/1466271476416454656

https://i.ibb.co/nMbP9rg/2021-12-02-131625.jpg (https://imgbb.com/)

BadgerDAO $100 M


for a link to 1 post.
https://cryptobriefing.com/120m-lost-badgerdao-defi-hack/
$120M Lost in BadgerDAO DeFi Hack
"Key Takeaways
BadgerDAO has suffered a major frontend attack.
The hacker reportedly compromised Badger's user interface by inserting a malicious script that prompted users to give the hacker permission to spend their funds.
Smart contract auditing firm Peckshield has estimated the value of the stolen funds to around $120 million."

BadgerDAO reveals the details of the hacker attack that allowed the theft of $120 million, everything boils down, in their opinion, to the unauthorized use of API keys of the Cloudflare Workers service.
The full technical analysis from the BadgerDAO team is here: https://badger.com/technical-post-mortem


Personally, one bad experience was enough for me using API keys to access an account on the yobit garbage exchange four years ago, after which I lost 0.5 BTC, but it was my funds, and here such a number of users and such vulnerability suffered, IMHO here is completely the fault of the developers. :)

---

The next victim of hackers in the DeFi segment was the Grim Finance platform, losses are estimated at more than $30 million, developers have suspended deposits and recommend users to withdraw their funds urgently.

https://twitter.com/financegrim/status/1472357770846519312
https://i.ibb.co/92VD9CN/2021-12-21-1627445.jpg (https://imgbb.com/)

With a name like the platform, investors needed to be more circumspect

[moderator's note: consecutive posts merged]

for a link to 1 post.

Grim Finance Hacked for $30 Million in Fantom Tokens
Grim Finance is the latest DeFi protocol to be hit by an exploit.
https://decrypt.co/88727/grim-finance-hacked-30-million-fantom-tokens
https://cryptobriefing.com/fantom-defi-project-grim-finance-suffers-30m-hack/


Vulcan Forged-$140M
https://twitter.com/VulcanForged/status/1470365117774770180
https://www.theblockcrypto.com/post/127270/96-private-keys-stolen-from-vulcan-forged-in-140-million-theft


Gelato-$26M
https://twitter.com/gelatonetwork/status/1470289886406004736


8IGHT FINANCE- $1.75M
https://rekt.news/8ight-finance-rekt/

There are also reports that the Visor protocol (Visorfinance) was attacked using a re-entry exploit and lost over 8.8 million VISR tokens, which as of this event was estimated at about $8.8 million, after that the price fell from $1 to $0.02, after which the project team announced the migration of user funds to a new contract to restore them
https://twitter.com/peckshield/status/1473315405498576901
https://visorfinance.medium.com/?p=7920e1dee55a

Visor Finance -$8.8M
Visor Finance Suffers DeFi Hack: Lost 8.8 million VISR tokens
https://blog.coincodecap.com/visor-finance-suffers-defi-hack
VISOR Finance Suffers DeFi Hack $8.2M Lost | Bitcoin News
https://medium.com/coinmonks/visor-finance-suffers-defi-hack-8-2m-lost-bitcoin-news-4a80e99199f0

$8.8M is not big but not small.

I wonder that will the Visor Finance team will do compensation for their users. If they seriously compensate for their users, they will have to sacrifice their income in many months and in the same time, they will have to pay cost for staffs, developments, operations, maintenance and other things to keep their DeFi platform up and run.

It is not a good thing and it's bad to see it happened around Christmas which should be a peaceful period for all.

Polygon developers revealed a case of theft committed by a hacker on December 4 of 801,601 MATIC tokens worth more than $2 million, which was made possible thanks to an exploit in the smart contract Polygon, which was reported on December 3 by @leonspacewalker (https://twitter.com/leonspacewalker), which later received with another user, whose name is not called, a reward of $3.46 million for reporting a bug.
source: https://blog.polygon.technology/all-you-need-to-know-about-the-recent-network-upgrade/?utm_source=Twitter-Main&utm_medium=Tweet&utm_campaign=Tier-1-Announcement

Some results of 2021

The Biggest DeFi Hacks of 2021 until May 2021
https://www.cybavo.com/blog/defi-hacks-2021/

DeFi Has Accounted for Over 75% of Crypto Hacks in 2021
https://finance.yahoo.com/news/defi-accounted-over-75-crypto-140000154.html

Biggest Defi Hack in 2021
Poly Network Suffers Record-Breaking $600.3 Million Hack
https://decrypt.co/78163/polynetwork-suffers-record-breaking-600-3m-hack

---

#RugPull PeckShield has detected that Metaswap Gas (MGAS) soft-rugged, the stolen funds (1,100 BNB) are transfered to TornadoCash
https://twitter.com/peckshield/status/1475331156459790336?

#RugPull PeckShield has detected that  METADAO rugged, the stolen funds (800 Ether) are transferred to @TornadoCash
(#Ethereum). DO NOT STAKE in this contract and if you've approved it, REVOKE
https://twitter.com/PeckShieldAlert/status/1475434691939520523?

Tinyman -  the amount of hacking is unknown
Official Announcement About the Incidents of 01.01.2022
https://tinymanorg.medium.com/official-announcement-about-the-incidents-of-01-01-2022-56abb19d8b19
"When the attack began, total liquidity in Tinyman was around 43 million USD, only to be reduced to around 20 million even hours after the attack. Following our advice, projects and users have begun removing their liquidities, which brought the total number down to 5 million USD. It is crucial to realize that the difference between the 43 million USD and the current number is not a lost amount, a huge portion of this amount was reclaimed by the users and is totally safe in their wallets."





[moderator's note: consecutive posts merged]

Every day, a new hack now, on January 10, hackers managed to withdraw 165.2 million LMT tokens worth approximately $18.2 million from the hot wallets of the sports NFT platform Lympo (daughter of Animoca Brand), according to the developers , the following wallets were compromised:

https://etherscan.io/address/0x5D32b87A43a2bd1f7df209d2F475b165d2c09E24
https://etherscan.io/address/0x526232F70b97938E19394e57BC5eE1d5d929074e
https://etherscan.io/address/0xB0a60eBA24f6CF18CFDED0672c5C7a7529DcC342
https://etherscan.io/address/0x934dd62782BFe4a8E3f096E014266e5F5adc1b2a
https://etherscan.io/address/0x877eECC3Ae4Bb28f048c16CD65A44cDE025345a1
https://etherscan.io/address/0x36d97147cF8E1B75254748Cf0A102316fCc61697
https://etherscan.io/address/0xA432C0081307733e801Ea7877e725F4E0adfbBfF
https://etherscan.io/address/0x4b936321b0E3E2d919412502B6aDA09E9b7d484b
https://etherscan.io/address/0x75912Da145cA00092AF317F8c3A84073A5665256
https://etherscan.io/address/0x4C801611cdaB559861d4dB24155927F903DEa02A

source: https://twitter.com/Lympo_io/status/1480582931794083842
            https://medium.com/lympo-official/lympo-statement-to-the-community-914d6b453b1f

Because of developer incompetence, many DeFi projects get hacked.

Animoca Brands’ Lympo NFT platform hacked for $18.7 million
https://cointelegraph.com/news/animoca-brands-lympo-nft-platform-hacked-for-18-7-million
"The sports NFT minting platform suffered a hot wallet security breach across several project wallets, losing $18 million worth of LMT.
Sports nonfungible token (NFT) minting platform and Animoca Brands subsidiary Lympo suffered a hot wallet security breach and lost 165.2 million LMT tokens worth $18.7 million at the time of the hack."

Qubit Finance,  X-Bridge $80M
Binance Smart Chain, Ethereum Crypto Bridge Hacked for $80 Million
https://decrypt.co/91447/binance-smart-chain-ethereum-crypto-bridge-hacked-80-million
"An exploit in decentralized finance (DeFi) protocol Qubit Finance enabled one hacker to walk away with $80 million in stolen crypto yesterday.
The specific smart contract flaw that enabled the attack was located in X-Bridge, a cross-chain bridge that facilitates easy token swaps between Ethereum and Binance Smart Chain. "

It looks like cross-blockchain bridge Wormhole was hacked as a result of the exploit and, according to preliminary estimates, lost more than $326 million. dev's Wormhole itself confirmed a total loss of 120,000 ETH and announced that funds would be added to the bridge to stop the wrapped ETH on Solana. This is one of the biggest hacks in the history of DeFi. :(
https://www.coindesk.com/tech/2022/02/02/blockchain-bridge-wormhole-suffers-possible-exploit-worth-over-250m/



UPD: The venture capital company Jump Crypto, which owns Certus One, which is the developer of the Wormhole cross-chain bridge, announced that it has invested 120,000 ETH in the Solana-Ethereum bridge.  All funds have been restored, Wormhole has been restored. The ETH contract is filled and all wETH are secured 1:1.

DeFi the KLAYswap project announced a hacking incident, as a result of which the project lost about 2.2 billion KRW, or about $1.83 million, the hacker managed to create a third-party js link on the KLAYswap external interface, as a result of which the user was sent to a fake KLAYswap page.

Details are here: https://medium.com/klayswap/klayswap-incident-report-feb-03-2022-f20ba2d8e4dd

The DeFi Meter project lost about $4.3 million as a result of a hacker attack, 1391 ETH and 2.74 BTC were withdrawn from the project, as the developers said, the hacker used the vulnerability of the automatic unpacking of gas tokens in the protocol, such as ETH and BNB.

Here is another message about the attack, it seems that the DeFi QiDao Protocol project lost tokens for a total of $13 million, thanks to the exploit, hackers managed to withdraw tokens QI, WETH, USDC, SDT, MOCA, STACK, sdam3CRV and MATIC. Although the project team itself recognizes the fact of the exploit, but claims that users' funds are safe, but analysts see a different picture. :(

The DeFi team of the Dego protocol reports the hacking of its address providing liquidity on UniSwap and PancakeSwap and the liquidity for Dego pairs has been withdrawn, the team reports that the incident is being investigated and the amount of losses is being determined.

Over 4,000 ‘Criminal Whales’ Hold $25 Billion Worth of Crypto: Report
Criminal crypto balances surged from $3 billion to $11 billion, mostly due to the crypto market's rise in 2021 but also an increase in hacks.
https://decrypt.co/92995/over-4000-criminal-whales-hold-25-billion-worth-crypto-report
"New Chainalysis data has found that 4,068 “criminal whales” hold $25 billion worth of cryptocurrency. The firm defines criminal crypto whales as any private wallet that holds $1 million or more of cryptocurrency and has received 10% or more of those funds through illicit addresses. (In other words, not all of that $25 billion is illicit.)"

Crypto-Related Crime Hit Record $14B in 2021—But Shrank by Volume: Chainalysis
Crypto scammers bagged a whopping $14 billion last year. Still, crime is becoming a much smaller part of the industry.
Andrew Asmakov(C)
https://decrypt.co/89854/crypto-related-crime-hit-record-high-14b-2021-chainalysis
"As Chainalysis reported last month, revenues from crypto scams in 2021 were up 81% on the previous year (corrected to 82% in today’s report) to $7.8 billion.

Of this total, so-called rug pulls—a malicious practice where developers build a seemingly legitimate crypto project only to get away with investors' money—accounted for 37% of all crypto scam revenue, or more than $2.8 billion.

“Many investors could likely have avoided losing funds to rug pulls if they’d stuck to DeFi projects that have undergone a code audit—or if [decentralized exchanges] required code audits before listing tokens,” Chainalysis said.

Cryptocurrency theft grew even more, according to the report, with about $3.2 billion worth of crypto stolen in 2021—a staggering 516% increase compared to 2020."


Crypto Crime Trends for 2022: Illicit Transaction Activity Reaches All-Time High in Value, All-Time Low in Share of All Cryptocurrency Activity
https://blog.chainalysis.com/reports/2022-crypto-crime-report-introduction/


Crypto Scam Revenue Up 81% in 2021, Hits $7.7 Billion: Chainalysis
DeFi rug pulls accounted for 37% of all crypto scam revenue in 2021, up from 1% in 2020, according to the blockchain data platform.
https://decrypt.co/88453/crypto-scam-revenue-hit-7-7-billion-2021-chainalysis

This really makes me decide if I'm going to invest to DeFi projects by just looking at the list you will really know how DeFi projects can scam participants.
Well this list really helps me a lot not to look more into DeFi projects.

The list of hacks is quite impressive, although everyone says that decentralized exchanges are safe, and statistics say the opposite, there are hackers who withdraw huge amounts, so there is no 100% confidence anywhere in the crypto world.

The hacker exploited the Treasure DAO vulnerability and managed to steal more than 100 NFT, worth 426,511 MAGIC about $1.44 million, the bug allowed buying NFT for zero MAGIC tokens used on the Treasure platform.

I use decentralized exchanges 1 inch and uniswap and they have proven to be safe. And I don’t often see news about decentralized exchange hacks. So far, most of the news tells us about hacks of decentralized projects, but 2022 has just begun, and the results will need to be analyzed in December of this year.

The Fantasy Finance project was subjected to an exploit, as a result of which $ 2.6 million was withdrawn, hackers used a protocol error that allowed XFTM to be minted using a small number of FSM Fantasm tokens, instead of using both of these tokens. The hackers started with 50 FTM, gradually using more and more amounts to exchange so they managed to take over a total of more than 2,800,000 XFTM.

The stolen funds were later exchanged for more than 1,007 ETH of about $2.6 million at current prices using the Tornado Cash privacy protocol.
The developers of Fantasm stated that not the entire pool was emptied and there are still 1,820,012 FTM in it, and also that they are developing a compensation plan for affected users.

Fantasm Finance Team report on the incident: https://medium.com/@fantasmfinance/fantasm-finance-post-mortem-exploit-09-march-2022-daf48ead016f

---

It is reported that the DeFi protocol Deus Finance DAO was subjected to an exploit due to which. the hacker was able to withdraw about $3 million, including 200,000 DAI and 1101.8 ETH.


The developers reported that they are aware of exploits that relate to a loan contract worth $10 million.
And as they themselves stated that the contract was closed, both $DEUS and $DEI are not affected and they are working on a brief description of the hack that will be published after a full assessment of what happened.

---

It seems that after a slight lull, a band of hacking of Defi projects began, it is reported that hackers managed to withdraw $11 million from the DeFi protocols Agave and Hundred Finance, for the attack, the attackers used an exploit on the Gnosis Chain network that allowed them to use re-entry and instant loans.

Sorce: https://www.theblockcrypto.com/post/137932/defi-protocols-agave-and-hundred-finance-exploited-on-gnosis-chain-for-11-million

[moderator's note: consecutive posts merged]

The Rare Bears project team reported that on March 16, a hacker using a phishing attack on users of the Rare Bears Discord channel was able to seize 179 NFT Bears tokens, thus emptying the project on 286 ETH.

Li Finance protocol loses $600,000 in latest DeFi exploit
https://cointelegraph.com/news/li-finance-protocol-loses-600-000-in-latest-defi-exploit

The Li Finance swap aggregator has experienced a smart contract exploit leading to the loss of around $600,000 from 29 users’ wallets.
https://twitter.com/lifiprotocol/status/1505738407938387971?

The OneRing Finance DeFi protocol was subjected to a hacker attack, as a result of which the attacker managed to seize funds worth about $2 million. The hacker used a script to execute an instant loan, which had a self-destruct mechanism and, as the developers stated, this makes it very difficult to find the vulnerabilities used. To perform the exploit, the attacker placed a special smart contract on the Fantom platform.

Source: https://medium.com/oneringfinance/onering-finance-exploit-post-mortem-after-oshare-hack-602a529db99b

Rare Bears Discord phishing attack nabs $800K in NFTs
https://cointelegraph.com/news/rare-bears-discord-phishing-attack-nabs-800k-in-nfts

https://twitter.com/BearsRare/status/1504293859467350019?
"Discord has unfortunately been compromised. Please DO NOT click any links, connect your wallet and block all incoming DMs in our discord. Our team are working on the situation as we speak 🙏🏼"

_____________
$622M Ronin sidechain hack

Axie Infinity Tokens AXS, SLP Reeling After $622M Ronin Hack
https://decrypt.co/96433/axie-infinity-tokens-axs-slp-reeling-622m-ronin-hack
A day after Sky Mavis disclosed that a hacker stole 173,600 ETH worth $622 million from the Ronin sidechain, the Axie Infinity Shards (AXS) and Smooth Love Potion (SLP) tokens are still reeling.

Community Alert: Ronin Validators Compromised
https://roninblockchain.substack.com/p/community-alert-ronin-validators?s=r

The huge compromise because of very low validators on a very centralized network like Ronin is undirectly convincing me that Ethereum is bigger and better than Binance Smart Chain.

People should know how big Ethereum network is in their total hashrate and how many validators on Ethereum network. Let's compare it to total validators on Binance Smart Chain. I am sure they will see how Ethereum is much safer and more healthy than Binance Smart Chain.

About Axie Infinity, I don't know why their team naively or carelessly to set up too low number of validators to approve transactions on Ronin chain.

Bored Ape Yacht Club (BAYC) Discord Hacked, NFT Stolen
https://coingape.com/bored-ape-bayc-discord-hacked-nft-stolen/
Separately, Taiwanese singer Jay Chou said his tokens were stolen in a phishing attack. The stolen goods included a BAYC, a Mutant Ape Yacht Club, two Doodles, and 169 ETH ($549,000), according to data from Etherscan (https://etherscan.io/address/0xe34F004BDef6F069b92dc299587D6c8A731072Da)

Inverse Finance  $15.6 million
https://www.coindesk.com/tech/2022/04/02/defi-lender-inverse-finance-exploited-for-156-million/
DeFi Lender Inverse Finance Exploited for $15.6M
It is the third multimillion-dollar crypto attack to make headlines in recent days.

https://twitter.com/bertcmiller/status/1510284763332071427?s=21
"The attack is a little more nuanced than I / others thought. Brief thread."

This is how scammers steal NFT tokens

Don't click on stealth mints, and especially don't approve "SET APPROVAL FOR ALL" transactions. They have a script that gets your most valuable NFTs and requests token approval access for them, then transfers it to the scammer's wallet.

https://twitter.com/serpentau/status/1509785117577064448?

https://blog.openzeppelin.com/15-billion-rugpull-vulnerability-in-convex-finance-protocol-uncovered-and-resolved/
 :o$15 Billion Rugpull Vulnerability in Convex Finance protocol Uncovered and Resolved
APRIL 4, 2022

"TLDR: In late 2021, as part of a security audit for a client, OpenZeppelin conducted a security review of the Convex Finance protocol. As part of the audit, the Security Research Team uncovered a vulnerability that, if exploited by two of three anonymous multi-signature wallet (multisig) signers, would have given the Convex multisig direct control over Convex’s locked value—then approximately $15 billion. Convex documentation specifically stated such control was not possible. This vulnerability has since been patched by the Convex Team."

Crypto 2022: Hackers have nabbed $1.22 billion already

Hackers so far are focusing on decentralized finance (DeFi) projects to steal crypto this year, a new report found, a reversal from 2021 when they used scams and online fraud for most of their exploits.
So far, investors have lost over $1.22 billion to hackers in the first three months of the year, nearly eight times more than the $154 million lost in the first quarter of 2021, according to crypto security firm Immunefi. Ninety-nine percent of those losses were from software exploits, the report found, specifically the hacks against Wormhole and Ronin.
https://i.ibb.co/4fHFfyn/image.jpg (https://ibb.co/9v7pvXk)
source
https://finance.yahoo.com/news/crypto-hackers-stolen-173940395.html

New scam SberCoin.Finance
https://coinmarketcap.com/currencies/sber/
Trading in the SBER token has been launched under the guise of the official stablecoin of Sberbank.

Account suspended
https://twitter.com/SberCoinBsc
https://forklog.com/neizvestnye-zapustili-fejkovyj-sberkoin-na-birzhe-pancakeswap/

WonderHero game disabled after hackers steal $320,000 in cryptocurrency
The operators of cryptocurrency play-to-earn game WonderHero have disabled the service after hackers stole about $320,000 worth of Binance Coin (BNB).
The attack caused the price of WonderHero’s own coin, WND, to plummet more than 90%.

https://therecord.media/wonderhero-game-disabled-after-hackers-steal-320000-in-cryptocurrency/

Starstream Finance $4M
Starstream Finance Hacked, Around $4M Stolen
Starstream Finance had their treasury drained in an exploit and has advised anyone holding funds in AgoraDefi to withdraw them. The Team has announced this incident on their official Discord.

did not find this topic earlier, there is so many DeFi hacks

it is good to see that there are white hackers as well, that find breaches and share with projects, for bounties, projects find it hard to deploy on-chain, without audit, to be fast and grab the market, and that leads to code that is not polished, which leads to hacks
hopefully, numbers will go down in the future, but with more people in the industry, it does seem as inevitable to see more hacks

The Defi team of the Elephant Money project reports that it suffered from an exploit as a result of which hackers managed to withdraw 27,416 BNB and 30 billion Elephant tokens worth ~ $22 million from the project.

https://twitter.com/ElephantStatus/status/1514007291116199936
https://medium.com/elephant-money/reserve-exploit-52fd36ccc7e8

As a result of the exploit, Beanstalk Farms lost about $182 million from the Defi project, in total, the hacker managed to withdraw funds for about $80 million using the Tornado Cash mixer.

https://twitter.com/PeckShieldAlert/status/1515715931963801603
https://twitter.com/PeckShieldAlert/status/1515715931963801603

https://www.theverge.com/2022/4/18/23030754/beanstalk-cryptocurrency-hack-182-million-dao-voting
Beanstalk cryptocurrency project robbed after hacker votes to send themself $182 million

https://decrypt.co/98118/ethereum-defi-protocol-beanstalk-hacked-182-million-what-you-need-know
Ethereum DeFi Protocol Beanstalk Hacked for $182 Million—What You Need to Know
Beanstalk got jacked by a giant flash attack.

https://etherscan.io/tx/0xcd314668aaa9bbfebaf1a0bd2b6553d01dd58899c508d4729fa7311dc5d33ad7

The Chinese company SlowMist, specializing in blockchain security, reported that in the period from April 12 to April 21, Terra network users lost their funds by clicking on phishing links placed in Google ads. Thus, the attacker withdrew funds for $4.31 million, in total assets were withdrawn from 52 addresses.

https://twitter.com/SlowMist_Team/status/1516961951032692736

https://i.ibb.co/9t0jwHK/2022-04-22-213940.jpg (https://twitter.com/SlowMist_Team/status/1516961951032692736)

https://www.businessinsider.in/cryptocurrency/news/a-defi-hacker-compromised-a-lesser-known-protocol-but-forgot-to-take-their-winnings/articleshow/91003503.cms
"A DeFi hacker compromised a lesser-known protocol but forgot to take their winnings
The hacker compromised a protocol called Zeed for over $1 million.
DeFi hacks have become a serious concern for the crypto industry over the past year.
Almost 97% of all cryptocurrency stolen in 2022 came from DeFi protocols."

Deus Finance $13.4M
https://www.coindesk.com/tech/2022/04/28/how-deus-finance-was-exploited-for-134m-on-fantom/
https://twitter.com/peckshield/status/1519530463337250817?
How Deus Finance Was Exploited for $13.4M on Fantom
The attack, which used a flash loan, was the second in two months.

DEFI Lender Rari Capital $80M+
https://finance.yahoo.com/news/defi-lender-rari-capital-fei-164816180.html
https://twitter.com/BlockSecTeam/status/1520350965274386433
https://i.imgur.com/yZCvTnq.png
The hacker exploited a reentrancy vulnerability in Rari's Fuse lending protocol, according to a tweet by smart contract analysis firm Block Sec.[1]

---

[1] https://finance.yahoo.com/news/defi-lender-rari-capital-fei-164816180.html

https://cointelegraph.com/news/more-than-1-6-billion-exploited-from-defi-so-far-in-2022
More than $1.6 billion exploited from DeFi so far in 2022
The amount exploited this year so far surpasses the total amount stolen in all of 2020 and 2021 combined, with the month of March alone beating 2020 by over $200 million.

https://twitter.com/CertiKTech/status/1521195341982412809?
"We have seen $1.6B lost in the #crypto/#web3 world so far this year.
In just the first 4 months on 2022 we have passed the total amount lost in 2021 ($1.3B) and in 2020 ($516MM)."

https://bitcointalk.org/index.php?topic=5397109.msg60034017#msg60034017

^^ Not surprised with the numbers though, I mean with so much money flowing on Defi right now, the hackers are going to fill their pockets with this money and will still be aggressive this year.

And as we go along this 2022, there could be another big hacks, don't want to sound doom and gloom, but the developers will have to step their game as well so that they won't fall victims from this hacking groups.

https://decrypt.co/93874/biggest-defi-hacks-heists
13 Biggest DeFi Hacks and Heists
There's a lot of money flowing into DeFi. And thanks to hacks and exploits, there's sometimes a lot of money flowing out, too. :) :'(
1.Poly Network: $611 Million
2.Ronin: $552 Million
3.Wormhole: $326 Million
..

The benefit of using DeFi on new chains like CNDL and HBAR is that these chains are using EVM contracts that are tried and tested. DApps are just porting their code over to the new chains. It's when you get experimental DeFi stuff where things get hacked most of the time, or they are pretend hacks and real exit scams by the devs.

Mirror Protocol Being Attacked as $2 Million Already Drained by Hacker
https://u.today/mirror-protocol-being-attacked-as-2-million-already-drained-by-hacker
"Because of an incorrect calculation, with only $1,000 worth of Luna, hackers can easily get $1.3 million in collateral, while its real value is significantly lower. Despite a low collateral price, traders can still easily borrow real funds and withdraw them without worrying about their cheap collateral."

On May 4, hackers hacked the Discord servers of the Bored Ape Yacht Club (BAYC) project and with the help of phishing links placed in the channels, they stole 200ETH or ~$360,000. The exploit, according to the developers, was of a short-term nature and was quickly neutralized by the BAYC team.

https://www.coindesk.com/business/2022/06/04/yuga-labs-confirms-discord-server-hack-200-eth-worth-of-nfts-stolen/

The hacker using the exploit managed to withdraw 1.65 million EGLD or about $113 million from Maiar DEX after discovering the fact of suspicious actions, the exchange was taken offline to investigate and eliminate the vulnerability. https://twitter.com/beniaminmincu/status/1533598583001337863
https://cointelegraph.com/news/maiar-decentralized-crypto-exchange-goes-offline-after-bug-discovery

https://decrypt.co/102377/ethereum-layer-2-solution-optimism-loses-20-million-tokens-in-interlayer-snafu
Ethereum Layer-2 Solution Optimism Loses 20 Million Tokens in Interlayer Snafu
"The anonymous thief has sold off one million of the tokens as launch partner Wintermute tries to coax the hacker into cooperating.
In brief
The Layer 2 scaling solution provider failed to sync its Optimism address to an Ethereum address before a large transfer.
The stolen OP tokens were valued at $35 million at the time of the hack, with 19 million tokens still missing."

https://cointelegraph.com/news/optimism-loses-20m-tokens-after-l1-and-l2-confusion-exploited


____
Last Updated Jun 10, 2022 @ 11:31
https://cryptopotato.com/optimism-hacker-promises-to-return-18m-op-tokens-sends-another-1m-to-buterin/
Optimism Hacker Promises to Return 18M OP Tokens, Sends Another 1M to Buterin

Well, at least the story with a happy ending really still knows how VB can benefit in non-obvious cases, because what happened is also part of his fault as a developer, because sending a hacker 1 M VB can be regarded as a sign of gratitude, in any case, the hacker still owns 1 million OP https://optimistic.etherscan.io/address/0x60b28637879b5a09d21b68040020ffbf7dba5107

Inverse Finance Loses $1.2M to Hackers
https://coinfomania.com/defi-protocol-inverse-finance-hacked-again-for-1-2m/
"PeckShield said the attack was initiated with a flash loan worth 27,000 Wrapped Bitcoin (WBTC). The large deposit received from the loan was then used to manipulate the price of the protocol’s pool of funds. In the process, assets such as Tether USD (USDT), DOLA, Wrapped Bitcoin (WBTC), and Curve DAO token (CRV) were used."

https://twitter.com/peckshield/status/1537382891230883841

The Harmony team notifies about the loss of assets worth ~ $ 100 million (85,867 ETH) as a result of a successful hacker attack on the Horizon cross-chain bridge, the developers have contacted law enforcement agencies and an investigation of the incident has been launched.
hacker's address: https://etherscan.io/address/0x0d043128146654c7683fbf30ac98d7b2285ded00

https://twitter.com/harmonyprotocol/status/1540110924400324608

https://decrypt.co/104138/north-korean-attackers-behind-100m-harmony-hack-report
North Korean Attackers Behind $100M Harmony Hack: Report
"Analysis suggests the hack is the work of the Lazarus Group, the Pyongyang-backed group behind a similar $622 million hack of Axie Infinity.

According to a report released today by blockchain analytics firm Elliptic, the manner in which the funds were stolen and subsequently laundered points to the involvement of The Lazarus Group, a notorious North Korea-affiliated cybercriminal organization."

Optimism NFT marketplace Quixotic as a result of an exploit caused by an unsuccessful contract update, which was used by a hacker, lost $100,000 (https://twitter.com/apetimism/status/1542746813748219905) in ERC - 20 tokens< the Quixotic team informs that all tokens will be returned to the owners, and their NFTs are safe.

https://twitter.com/quixotic_io/status/1542790067130978307

Hackers have emptied the $6 million Crema Finance liquidity pool, according to blockchain auditor OtterSec hackers used flash loans on the Solend landing platform. Crema Finance was forced to suspend the operation of its application.

https://twitter.com/osec_io/status/1543469811287465984
https://twitter.com/Crema_Finance/status/1543416225622941696

The hacker returns 6,064 ETH and 23,967.9 SOL stolen by him from the Crema Finance protocol, as a reward, the hacker left 45,455 SOL for himself. According to the Crema Finance team, they managed to reach such an agreement thanks to lengthy negotiations with the attacker.

https://twitter.com/Crema_Finance/status/1544792330674135040

Evmos Name Service hack

https://twitter.com/EvmosNS/status/1543500126186278912
"New Smart Contract Deployed 0xD3D001724aB1C76809b9f7c2C5a2eBfc625Ee1a4
https://app.evmosnameservice.com
Old Smart contract domains not displayed in dApp
We will share a recovery plan for old contract registered domain users.
Hacked contract 0xEcF5cB1250c2e73a70636a24746aB269d40D01bA"

https://twitter.com/EvmosNS/status/1543500572917366784
"Everyone can able to register domains in the new smart contract http://app.evmosnameservice.com
We will share a recovery plan for hacked contract registered domain holders."

The OMNI protocol suffered from the actions of a hacker who managed to withdraw more than 1300 ETH, the developers themselves say that they lost only the funds used for the beta version test and the users' funds are not affected.

https://twitter.com/peckshield/status/1546096506159058947

https://twitter.com/OMNI_xyz/status/1546143829375459332

https://beincrypto.com/uniswap-8m-ethereum-massive-phishing-attack/
Uniswap Users Lose Over $8M Worth of Ethereum in Massive Phishing Attack
"Some individuals using Uniswap V3 have suffered a phishing attack. The attacker has stolen over 7,500 ETH, worth about $8.1 million.

Several users have lost ETH after experiencing a phishing attack using the Uniswap V3 protocol. Numerous sources are reporting that over 7,500 ETH was stolen. The incident has nothing to do with the Uniswap protocol itself, rather than the victims approved malicious transactions."

https://twitter.com/PREMINT_NFT/status/1548578432920850432
PREMINT hack $400000

https://decrypt.co/105385/300-nfts-stolen-400k-in-ethereum-taken-in-premint-hack
300+ NFTs Stolen, $400K in Ethereum Taken In Premint Hack
Hackers infiltrated the popular NFT registration platform and used a fake pop-up to coerce users into giving up their wallet information.

$1.1 million music streaming protocol Audius

https://www.theblock.co/post/159308/hacker-pockets-1-1-million-after-stealing-from-music-streaming-protocol-audius?
Hacker pockets $1.1 million after stealing from music streaming protocol Audius

"Audius was hacked using a malicious governance vote.
The hacker transferred 18 million AUDIO tokens and sold them for $1.1 million."

28 July 2022
Nirvana - $3.5 million flash loan exploit

https://www.theblock.co/post/159975/solana-stablecoin-nirvana-sinks-90-amid-3-5-million-flash-loan-exploit

https://nitter.net/PeckShieldAlert/status/1552589510986215425

https://nitter.net/AndyBTC_/status/1552546781929639937


Flash loan exploit, again, and yet again :-\

Nomad Bridge lost more than $150 million as a result of an exploit that was active for some time, the greatest damage was caused to the networks of EVMOS, Moonbeam, as it turned out, the main reason was a fatal error in the Replica contract, which is responsible for issuing funds.

https://twitter.com/samczsun/status/1554252024723546112

Issues in the Solana Ecosystem

https://twitter.com/SolanaStatus/status/1554695981781901312
"An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected.

The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension."

It seems to me that Solana had constant failures in the mainnet, there is only one question who can be behind the emptying of users' wallets, perhaps the Solana protocol has a number of vulnerabilities that the developers are silent about or do not know about.

https://twitter.com/SolanaStatus/status/1554921396408647680?
"After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2"

Read this thread on twitter. Looks like one of the wallets has a problem.

https://crypto-academy.org/36-million-back-to-nomad-bridge-recovery-account/
Over $36 Million Back to Nomad Bridge’s Recovery Account
"The wallet, identified by Etherscan as the “official Nomad funds recovery address,” has received ETH 2,179.5 (equal to about $3.9 million), USDC 9.77 million, USDT 5 million, WBTC 196 ($4.7 million), DAI 3.7 million, as well as various sums of other ERC-20 tokens."


https://www.coindesk.com/business/2022/08/09/defi-protocol-curvefinance-hacked-570k-stolen/
DeFi Protocol Curve.Finance Gets Hacked and $570K Is Stolen
The source of the hack has been “found and reverted,” according to the protocol.

https://twitter.com/AcalaNetwork/status/1558642849649856512
Acala Network suffered from an exploit that modified the configuration of the Honzon protocol, with which hackers managed to print 1.2 billion AUSD in Acala Network, as a result of which the price of the AUSD stablecoin dropped to $0.05.

https://twitter.com/WatcherGuru/status/1558735108672065538

A lot of DeFi DApps get hacked because they have very complicated contracts and this is a new technology. Staking on audited platforms like HEX and MAXX finance are much safer however. HEX has been live for a couple years now without issue and the contracts behind these projects are well proven and safer because they involve staking and not complicated bridges or swaps etc. In fact, it's often more profitable to stake on platforms like MAXX finance or Alchemix than it is to lend or use farms.

Celer Network
https://twitter.com/CelerNetwork/status/1560022871564775424
"📢📢📢We are seeing reports that reflects potential DNS hijacking of cbridge frontend. We are investigating at the moment and please do not use the frontend for bridging at the moment."

https://twitter.com/CelerNetwork/status/1560046913436946432
"📢📢📢If you recently used cBridge, please make sure to check and revoke any token approval for the following contracts:
Ethereum: 0x2A2aA50450811Ae589847D670cB913dF763318E8
BSC: 0x5895da888Cbf3656D8f51E5Df9FD26E8E131e7CF
(cont' in next thread)"

____
Ronin $625M
https://cointelegraph.com/news/ronin-hackers-transferred-stolen-funds-from-eth-to-btc-and-used-sanctioned-mixers
Ronin hackers transferred stolen funds from ETH to BTC and used sanctioned mixers
"The hackers continue to spread out the stolen funds using Bitcoin privacy tools as a means to remain anonymous, despite the identity of the hackers believed to be a North Korean cybercrime group."

DeFi project OptiFi lost $661,000
https://thetimeshub.in/defi-project-optifi-lost-661000-in-failed-update/34737/
https://decrypt.co/108585/solana-defi-exchange-optifi-bricks-itself-loses-661k

"OptiFi, a Solana-based decentralized exchange, said on Monday that it accidentally shut down its program and that all funds are now inaccessible.
Some $661,000 worth of USDC is now permanently locked within the program. OptiFi said that it will fully refund affected users."

Kyber Network hack  $265 000
https://twitter.com/kybernetwork/status/1565421305410686976
"1/ ❗️Notice of Exploit of KyberSwap Frontend:

We identified and neutralized an exploit on the KyberSwap frontend. Affected users will be compensated. We have summarized the details in this thread⬇️"

https://getblock.net/en/news/kyber-network-team-recovers-265-000-stolen-in-hack
Kyber Network team recovers $265 000 stolen in hack
According to the platform’s representatives, the attack vector on DEX KyberSwap was successfully identified and removed

Certik Skynet reports that the smart contact blockchain network Avalanche suffered a recent flash lending attack, according to information from Certik the attackers managed to steal $370k USDC and involve several other DEFI projects.

Resource: https://mobile.twitter.com/CertiKAlert/status/1567314528357990401?s=20&t=H0Sq29gTMSLHgPJHZYaMWw

New Free DAO (NFD)- $1.25M
New Free DAO (NFD) Dumps 99% After $1.2M FlashLoan Attack
Another day, another DeFi hack. Decentralised finance (DeFi) protocol New Free DAO has lost $1.25 million in flashloan attacks that caused its native token NFD to crash 99%.
https://medium.com/@CryptoSavingExpert/new-free-dao-nfd-dumps-99-after-1-2m-flashloan-attack-3f54ed604d61

As a result of the hacker attack, the Wintermute marketmaker lost assets worth $160 million, as it is assumed his wallet was created using profanity, the CEO confirmed the hack.

https://twitter.com/SlowMist_Team/status/1572180126707896320
https://twitter.com/EvgenyGaevoy/status/1572134271011225601

https://blog.chainalysis.com/reports/axie-infinity-ronin-bridge-dprk-hack-seizure/
$30 Million Seized: How the Cryptocurrency Community Is Making It Difficult for North Korean Hackers To Profit
"But today I had the privilege of joining the Axie Infinity team on stage at AxieCon to deliver some good news: With the help of law enforcement and leading organizations in the cryptocurrency industry, more than $30 million worth of cryptocurrency stolen by North Korean-linked hackers has been seized. This marks the first time ever that cryptocurrency stolen by a North Korean hacking group has been seized, and we’re confident it won’t be the last.

These are the results thus far of our investigation following the March 2022 theft of more than $600 million from Ronin Network, a sidechain built for the play-to-earn game Axie Infinity."

can i add in the list wintermute hack lost $160m source : https://rekt.news/wintermute-rekt-2/

also this website is reliable telling me about current hack in defi

The news is not related to DeFi, but it still concerns the vulnerability of addresses to hacking if you have ever used the Profanity address generator, hackers managed to steal ~732 ETH ($950,000) from the Ethereum address created with it using the well-known vulnerability of this generator (https://twitter.com/k06a/status/1570292102726324226).

https://twitter.com/PeckShieldAlert/status/1574286302501306368

Hacker steals $950,000 from crypto vanity address as exploits continue
https://www.theblock.co/post/172773/hacker-steals-950000-from-crypto-vanity-address-as-exploits-continue
"Hackers are continuing to steal cryptocurrency through an exploit linked to vanity addresses created by a tool called Profanity.
The latest hack comes after Wintermute lost $160 million as a result of this issue."

Transit Swap loses over $21M

https://cointelegraph.com/news/transit-swap-loses-over-21m-due-to-internal-bug-hack-issues-apology
Transit Swap loses over $21M due to code bug exploit, issues apology


https://www.coindesk.com/business/2022/10/03/transit-swap-exploiter-returns-large-chunk-of-289m-hack/

Transit Swap Exploiter Returns Large Chunk of $28.9M Hack
Security firms help locate the hacker's IP address following the $28.9 million exploit.

In a blog post published on Monday, Transit Swap said that $18.9 million has been returned after a slew of security firms helped triangulate the hacker's IP address.
https://medium.com/@TransitSwap/updates-about-transitfinance-4731c38d6910

Lately the target for hacks have been bridges because that is where the most money is. Audited DeFi platforms like MAXX finance and HEX are secure and well tested.

BNB BRIDGE - REKT  $80M
https://rekt.news/bnb-bridge-rekt/
"2M BNB stolen in a hack as complex as Binance’s naming system.

BSC Token Hub, the BNB bridge between the old Binance Beacon Chain and BSC, now BNB Chain… was exploited into minting two lots of 1M BNB directly to the hacker’s address."

BNB Chain Resumes Activity After 2 Million Token Exploit
https://decrypt.co/111448/bnb-chain-resumes-activity-2-million-token-exploit

After the incident with the hacking of the BSC Token Hub bridge, the BSC development team proposed holding a vote on chain management on the following issues:
1. Should hacked funds be frozen or not?
2. Do I need to use automatic BNB burning to cover the remaining hacked funds or not?
3. Conducting a Whitehat program for future detected errors, $1 million for each significant error detected.
4. Announcement of a reward for the capture of hackers, up to 10% of the funds returned.
The BSC validator voting feature for general opinion will be enabled in the next few days as a result of the BNB Beacon Chain update.

Source: https://www.bnbchain.org/en/blog/bnb-chain-ecosystem-update/

this is the latest, I'm really shocked about BNBChain getting hacked when Binance is also very massive working on the project,
and of course this is like a blow to CZ, because it's a very large number, reportedly the BNBChain network will be paused for the next few hours,
is it when is this back to normal again?.

CZ has already tweeted that user funds are safe. I'm more concerned that validators will get the right to run a decentralized blockchain, even though smart chain binance was not considered decentralized. But the developers want to implement the same thing in Ethereum with the new ERC-20R/721R token standard.

Little by little, funds are being refunded to dex Transit Swap users affected by the hacker, who returned 6,500 BNB and promises to return another 3,500 BNB later for a reward of 2,500 BNB. Such an agreement was reached by the Transit Swap team as a result of negotiations with the hacker, who previously returned most of the stolen.

https://medium.com/@TransitSwap/updates-about-transitfinance-317f4fe67931

https://www.bloomberg.com/news/articles/2022-10-12/crypto-platform-mango-hit-by-latest-hack-in-digital-asset-sector#
Crypto Attack Swipes $100 Million From DeFi Service Mango
"Incident comes just days after $100 million Binance Coin hack
Mango says attackers indicated a willingness to communicate

An attacker spirited away about $100 million from decentralized finance provider Mango by manipulating the price of its token in an exploit that wiped out depositors on the crypto platform.

The heist began with two accounts funded with the stablecoin USD Coin, the platform said Wednesday on Twitter. The accounts took large positions in Mango perpetual futures, causing the price of the Mango token to spike."
____

https://www.theblock.co/post/176299/hacker-steals-2-3-million-from-templedao
Hacker steals $2.3 million from TempleDAO

Chainalysis collected statistics on hacking this year, so for example, October 2022 has not ended yet, but it has already become the largest month in the history of hacking activity for the entire year. So far this month, $718 million has been stolen from the DeFi protocols using 11 different hacks.

https://i.imgur.com/5Lu73t2.jpg

Cross-chain bridges are the main target for hackers: in October, 3 bridges were hacked and almost $600 million was stolen, this is 82% of losses this month and 64% of losses for the whole year.

https://i.imgur.com/PbzM1Oc.jpg

During this year, hackers earned more than $3 billion for 125 hacks.

https://i.imgur.com/5U9GWFT.jpg

Analysis of hacks shows that if cex was previously the target of hackers , then starting from 2021 their main goal is Defi protocols.

https://i.imgur.com/BXVqycW.jpg

Source: https://twitter.com/chainalysis/status/1580312153269374980

Mango Markets is due to complete the voting on October 15, according to the approval of the payment to the hacker in the amount of $47 million, already more than 98% of voting tokens approve the transaction.
By the way, under the terms of the deal with the hacker, it is stipulated that Mango Markets will not bring him to criminal responsibility.
This will be one of the largest payments to a hacker, if we consider that he spent $10 million on carrying out the attack, then his catch will be $37 million.

Source: https://cointelegraph.com/news/mango-market-s-dao-forum-set-to-approve-47m-settlement-with-hacker

Celo Protocol Moola Market Loses Over $10M in Market Manipulation Attack
https://www.coindesk.com/markets/2022/10/19/celo-protocol-moola-market-loses-over-10m-in-market-manipulation-attack/

"Celo-based lending and borrowing protocol Moola Market had over $10 million worth of tokens stolen, and later returned, Wednesday morning after a market manipulation attack.
The exploit was the second of its kind in the last few weeks, with the attackers manipulating the prices of Moola’s native MOO tokens to borrow collateral against their positions – effectively draining the protocol."

Defi projects are the most hacked in a very short period of time.So many coins have been hacked in such a short period of time which is really sad.But I invested in two Defi platforms and now they are worthless. In fact, such projects come and leave people in a very confused state and people are completely out of the hands of various investments Destroys trust. People are afraid to invest only because of these reasons

The latest data analytically indicate a loss of approximately $8.4 million in assets of several tokens 8.8M CELO ($6.5M), 765k cEUR ($0.7M), 1.8M MOO ($0.6M) and 644k cUSD https://twitter.com/FrankResearcher/status/1582448720985014273 , but this of course does not affect anything another vulnerability of the Defi protocol was used

Some stats from quarter 3, 2022 for the generations to come 😊
Elliptic says that DeFi continues to be the key target for exploits as compared to CeFi. DeFi represents 98.8% of the total losses, while CeFi represents 1.2% of the total losses.

Decentralized exchange QuickSwap exploited for $220K, plans to close lending markets
https://www.theblock.co/post/179333/decentralized-exchange-quickswap-exploited-for-220k-plans-to-close-lending-markets

"QuickSwap DEX was exploited for $200,000.
The exploit used flash loans to attack a vulnerability with the Curve Oracle.
QuickSwap, a decentralized exchange on Polygon, was exploited for $220,000, according to the exchange."

The Team Finance DeFi protocol project lost ~ $15.8 million in assets due to a vulnerability in the token migration function, which the hacker managed to detect and use to carry out the attack, he needed only 1.76 ETH.
https://twitter.com/peckshield/status/1585587858978623491

Hacker Transactions:
https://etherscan.io/tx/0xb2e3ea72d353da43a2ac9a8f1670fd16463ab370e563b9b5b26119b2601277ce

Dear the major hack or scams in defi are due to some reasons as let me explain one of the major reason. As you all know that in DeFi protocols and Apps the source codes are open source many of the scammer just copy code and make a few changes to create a new platform similar to previous one this happened with Dexs in early 2021 and 2022. It cause major scams and people gets trapped.

The decentralized Rubic exchange lost more than $1.2 million (34 million RBC and BRBC tokens) after a hacker managed to compromise the wallet of the exchange administrator by obtaining private keys from him, the wallet managed the RBC/BRBC bridge and the rewards for staking.

https://twitter.com/CryptoRubic/status/1587704548688367619

https://cointelegraph.com/news/deribit-crypto-exchange-halts-withdrawals-amid-28m-hot-wallet-hack@
"Deribit crypto exchange halts withdrawals amid $28M hot wallet hack
Crypto exchange Deribit halted withdrawals following a hot wallet hack where hackers got away with $28 million in stolen funds.

The exchange emphasized that client funds are safe as losses are covered by Deribit’s reserves, stating:
“Client assets, Fireblocks or any of the cold storage addresses are not affected. It's company procedure to keep 99% of our user funds in cold storage to limit the impact of these type of events.”
"

Gala Games lost ~ 26% in price amid fears of hacking or fraud after one address through DEX PancakeSwap issued ~56 billion pGALA, which is the equivalent of $2.2 billion.
https://twitter.com/lookonchain/status/1588352050642837505

However, hackers managed to implement tokens for ~13,000 BNB, Huobi announced the temporary delisting of the GALA token (https://www.huobi.com/support/en-us/detail/84921856563770), Binance temporarily suspended the input and output of the GALA token (https://twitter.com/binance/status/1588434639643111425).
https://twitter.com/peckshield/status/1588273496819634176

Everything happened as assumed due to an incorrect configuration of the bridge used by Gala Games to interact with the BNB Smart Chain.
https://twitter.com/pNetworkDeFi/status/1588266897061031936

DeFi Protocol Solend Struck by $1.26M Oracle Exploit
Solana-based decentralized finance (DeFi) protocol Solend has suffered an exploit in relation to pricing oracles, resulting in $1.26 million in bad debt.
The exploit was centered around the hubble stablecoin (USDH) and affected the Stable, Coin98, and Kamino lending pools, according to a tweet by Solend.
A pricing oracle is a source of data that provides asset values for blockchains. Hacks and exploits related to decentralized finance, which is a form of lending that takes place without intermediaries, have surged over the past month. Security firm Chainalysis reported that $718 million had been stolen in the first two weeks of October.

https://www.coindesk.com/business/2022/11/02/defi-protocol-solend-struck-by-126m-oracle-exploit/

https://cointelegraph.com/news/deribit-hackers-move-stolen-ether-to-tornado-cash-crypto-mixer
Deribit hackers move stolen Ether to Tornado Cash crypto mixer
"The Deribit hot wallet hacker has transferred 1,610 ETH (over $2.5 million) to Tornado Cash, according to data from the Ethereum block explorer Etherscan.
In the aftermath of the $28 million Deribit hack, the unknown exploiter is moving stolen funds using the decentralized cryptocurrency mixer, Tornado Cash."

https://beincrypto.com/dfx-finance-hacked-exploiter-drains-4m-funnels-funds-tornado-cash/
DFX Finance Hacked, Exploiter Drains $4M And Funnels Funds to Tornado Cash
DeFi protocol DFX Finance has been hacked with the attacker stealing about $4 million.
The team has paused all contracts and will issue a post-mortem soon.
DeFi hacks have been common in 2022 and account for the majority of security incidents.
____


DeFi project Flare on hacked. $17.9 million
https://forklog.com/news/defi-proekt-flare-na-bnb-chain-vzlomali-na-17-9-mln

https://twitter.com/peckshield/status/1591831184526516226?


https://twitter.com/peckshield/status/1591833722621689856?
"The stolen funds/loss is about ~$17M and 4,000 BNB of them are being washed via
@TornadoCash
https://bscscan.com/address/0xe55d77f74ea9335d3a83a673f83f38527a68eb20  "

https://twitter.com/peckshield/status/1591837070926151680?
"It should be rugged with the 3.9B $Flare by calling withdrawProfit() of an unverified contract:  https://bscscan.com/tx/0xa09135020bb1271ff684db407783a52163c31c7255955cec1e83fc68a751c027"

https://twitter.com/boshen1011/status/1595265219898789888?

"@boshen1011
A total of 42M worth of crypto assets, including 38M in USDC were stolen from my personal wallet ending in 894 in the early morning of November 10 EST.

The stolen assets are personal funds and do not affect on Fenbushi related entities."

Bo Shen is the founder of Fenbushi Capital

The Ankr DeFi protocol was hacked, as a result, a huge number of aBNBc tokens were issued by the attackers, after which its price fell to zero, losses are estimated at about $15 million.
https://twitter.com/PeckShieldAlert/status/1598527823224111104
https://twitter.com/ankr/status/1598503332477280256

The project team confirms the hack and declares that the users' funds are safe, and will be reimbursed by the reissue of aBNBc based on a snapshot of users' wallets.
https://twitter.com/ankr/status/1598570449390260226

https://cointelegraph.com/news/ankr-confirms-exploit-asks-for-immediate-trading-halt
"BNB Chain-based decentralized finance (DeFi) protocol Ankr has confirmed it has been hit by a multi-million dollar exploit on Dec. 1.

The attack appeared to be first discovered by on-chain security analyst PeckShield at approximately 12:35 am UTC on Dec. 2. "

7 000 000$ lodestar finance
https://twitter.com/LodestarFinance/status/1601687317604839424

https://tokeninsight.com/en/news/arbitrum-ecosystem-defi-protocol-lodestar-finance-exploited
"Arbitrum ecosystem DeFi protocol Lodestar Finance tweeted that it was exploited and deposits have been drained. The protocol has set all interest rates to 0.

An attacker manipulated the exchange rate of the plvGLP contract to 1.83 GLP per plvGLP. They supplied plvGLP collateral to lodestar and borrowed all available liquidity. After the hack several plvGLP holders also took advantage of the opportunity and also cashed out at 1.83 glp per plvGLP. The hacker burned a little over 3 million in GLP, their profit on this exploit was the stolen funds on Lodestar - minus the GLP they burned.

Lodestar Finance said that 2.8 million of the GLP (about $2.4 million) was recoverable. The team is going to reach out to the hacker and see if they can negotiate a bug bounty to recover more funds."

Wow, what a long list!
DeFi is known to be coded badly but I wouldn't expect such a long list...
Devs really need to set up a better code, review it better and do more education on how to code properly.
We can't afford much more DeFi hacks, DeFi is already known to be famous for hacks.

And all hacker funds are laundered in mixers, it's a shame.
I hope, all hackers will be caught, funds seized and hackers put into prison!

Just like in a children's fairy tale: good will triumph over evil!
______
https://www.coinbase.com/blog/transparency-report-2022
Key Takeaways:

"There were a total of 12,320 requests during the reporting period, a ~66% increase over last year’s report.

The ~57% of requests from outside of the United States was a ~6% increase over our previous report. In addition, 21 Countries sent requests for the first time in 2022, including 11 that sent more than one: Andorra (2), Argentina (2), Brazil (5), Bulgaria (3), China (12), Croatia (3), Czech Republic (104), Liechtenstein (4), Serbia (5), Slovakia (6), Taiwan (6).

~80% of law enforcement requests were from the U.S., U.K., Germany, and Spain."

It's a long way to stop scammers. Like Brad Garlingcrook, he's still praising his shitcoin.

The hacks seem to involve using buggy smart contracts or protocols. It is really a shame and harmful for the early reputation DeFi of as a whole. Maybe it is better to find DeFi projects to investment with that don't even use smart contracts or any protocols at all?

Solana DeFi Exchange Raydium Hacked for Over $2 Million
The attacker appears to have used the protocol’s own private keys to drain liquidity pools. It’s unclear how they got them.
https://decrypt.co/117455/solana-raydium-hacked-2-million

The wallet draining LP Pools from Raydium liquidity pools has received over $2.2M now, including $1.6M $SOL
https://twitter.com/nansenportfolio/status/1603762024667746305?

The 2022 Rug Pull Report
https://www.soliduslabs.com/reports/rug-pull-report

https://www.coingecko.com/research/publications/how-many-cryptocurrencies-faile
"3,322 cryptocurrencies that were listed on CoinGecko in 2021, have failed (categorised as a dead coin).
The last bull market run that started in November 2020 saw a spike in cryptocurrencies listed, with more than 8000 cryptocurrencies listed in 2021. As of today, nearly 40% have been deactivated and delisted from CoinGecko."
https://i.ibb.co/DQ6Rzp1/content-Dead-Cryptocurrencies-JN-28-Nov-2.png (https://ibb.co/vkrjVYc)

https://markets.businessinsider.com/news/currencies/global-drug-cartel-binance-launder-millions-crypto-exchange-dea-investigation-2022-12
"This is actually an example of where the transparency of blockchain transactions works against criminal actors," Matthew Price, the senior director of investigations at Binance, told Forbes. "The bad guys are leaving a permanent record of what they're doing."

I also write a lot about refunds. Every year it will become more and more difficult to hide the stolen funds.

Hackers managed to re-attack the Rubic cross-chain swap aggregator project, they compromised one of the smart contracts, the damage amounted to ~$1.41 million. The Rubic team reported that 49 users were affected, and promised to compensate for their losses.

https://twitter.com/peckshield/status/1606937055761952770
https://twitter.com/CryptoRubic/status/1607076270663208960

Bitkeep has been the next hack, according to hacking sources Bitkeep involved 4 chains of ETH, BSC, POLYGON and TRX, and now $31m has come out as its transaction volume.

It is likely that their losses will increase given that there is currently no response from BitKeep.

Source from OKlink: https://twitter.com/OKLink/status/1607356529929506817

Top Five DeFi Crime Trends of 2022
Decentralized finance (DeFi) has had a challenging year – losing 75% of its total value locked over the last 11 months.  However, while the crypto crash might have hit investors, it did not deter criminals. Bug exploits, logic faults, private key compromises and social engineering attacks broke records in 2022, stealing a record $2.7 billion from DeFi protocols. That is more than half of the $5.1 billion stolen overall from DeFi since 2020. Furthermore, four of 2022’s worst DeFi hacks secured their place on the list of top ten biggest crypto heists of all time.
https://hub.elliptic.co/analysis/top-five-defi-crime-trends-of-2022/

That's like modern day bank robbery but more effective and profitable. And while whose seem a lot, i think that centralized exchange hacks combined with exit scams are far worse.

As in comparison bitfinex lost $623 million in one hack, coincheck $560 million, and FTX just got hacked for $600 million. And if we start to count exit scams, remember that plustoken team got $2.9 Billion and ran. Not to mention all the leaked user data with all the cexes.

Update: Mango exploiter (Avraham Eisenberg) arrested https://www.coindesk.com/policy/2022/12/27/mango-markets-exploiter-eisenberg-arrested-in-puerto-rico/

Rubic DEX aggregator hack leads to $1.4m of user funds stolen
https://crypto.news/rubic-dex-aggregator-hack-leads-to-1-4m-of-user-funds-stolen/
Cross-chain decentralized finance (DeFi) protocol Rubic was compromised, resulting in funds stored in its user’s addresses being siphoned out and transferred to the hackers.


Defrost Finance hack & Returned $12M
https://www.coindesk.com/business/2022/12/26/defrost-finance-says-hacked-funds-have-been-returned/
Defrost Finance Says Hacked Funds Have Been Returned
The hack, which some observers had characterized as a rug pull, was estimated to have netted $12 million.



___
add to OP

Hackers have been able to steal NFTs like magic with a little-known OpenSea feature. It's the newest hack, and multiple millions in Apes have been lost to it already.
https://twitter.com/harpieio/status/1606034727491624961?

The OpenSea contract allows for "gasless sales," where users can sell NFTs by signing an unreadable message like the one above.
Here's the catch: you can also set up ⚠️private auctions with custom prices⚠️ with these unreadable signatures.
https://twitter.com/harpieio/status/1606034729102217216

Nikhil Gopalani- COO / Ops & BD - Nike / RTFKT
https://www.crunchbase.com/person/nikhil-gopalani

Nikhil Gopalani(C)
https://twitter.com/Nikgopalani/status/1610120899570663425
"Hey Clone X community - I was hacked by a clever Phisher (same phone # as apple ID) & sold all my clone x / some other nfts... Obviously pretty upset and hurt by this and I havent really been able to move all day. Hope people who bought my clones love them (being positive)"


https://twitter.com/ImmuneBytes/status/1610683109904912384
"RTFKT COO @Nikgopalani
 became the victim of a #phishing attack. On Jan 2, he allegedly lost $173,000 worth of #NFTs to the exploit.
The list of stolen NFTs includes 19 CloneX NFTs, 18 RTKFT Space Pods, 17 Loot Pods, 11 CryptoKicks, 19 RTFKT Animus Eggs, and more. Source:
@opensea"

SlowMist 2022 Security Report (https://www.slowmist.com/report/2022-Blockchain-Security-and-AML-Analysis-Annual-Report(EN).pdf): Hacking incidents caused losses of $3.777b, a decrease of about 61% compared to $9.795b in 2021. In 2022, there were 10 security incidents with a loss of hundreds of millions, cross-chain bridges accounted for 4 of them.
https://twitter.com/WuBlockchain/status/1612448354591727616?

Famous NFT influencer NFT God suffered a hacking scheme.
https://chainwitcher.com/nft-god-hacked/

Last night my entire digital livelihood was violated.
Every account connected to me both personally and professionally was hacked and used to hurt others.
Less importantly, I lost a life changing amount of my net worth
https://twitter.com/NFT_GOD/status/1614442000958324739

What conceit do you need to have to call yourself God?

https://techcrunch.com/2023/01/24/north-korea-fbi-harmony-horizon-crypto/
FBI accuses North Korean government hackers of stealing $100M in Harmony bridge theft
"The FBI accused two groups of North Korean government hackers of carrying out last year’s heist of $100 million in crypto stolen from a company that allows users to transfer cryptocurrency from one blockchain to another.

On Monday, the FBI announced that the Lazarus Group and APT38 — two groups linked to the North Korean government by both cybersecurity companies and government agencies — were responsible for the hack against the Horizon bridge, created by the U.S. company Harmony, in June 2022."

https://cointelegraph.com/news/hackers-takeover-azuki-s-twitter-account-steal-over-750k-in-less-than-30-minutes
Hackers breach Azuki’s Twitter account, stealing $758K in 30 minutes
Most of the funds stolen were from a single wallet, with $751,321.80 in USDC drained from the malicious link.

https://twitter.com/emilyrosemcg/status/1619046380533854209?
"AZUKI OFFICIAL TWITTER ACCOUNT IS HACKED.
DO NOT CLICK LINKS FROM OUR ACCOUNT.
PLEASE RETWEET."

The BonqDAO protocol lost $120 million as a result of a hacker attack, where the hacker used the method of manipulating the price of the ALBT token, so he informed the protocol that the cost of the ALBT token is equal to 5 billion MATIC, which the protocol actually agreed with, despite the fact that the BonqDAO protocol has an oracle from Chainlink.

Source: https://cointelegraph.com/news/bonqdao-protocol-suffers-120m-loss-after-oracle-hack
             https://twitter.com/BonqDAO/status/1620908233761378304
             https://twitter.com/peckshield/status/1620926816868499458

https://twitter.com/peckshieldalert/status/1620452597105676291?
"#PeckShieldAlert ~24 exploits grabbed $8.8M in January 2023.
As of January 31st, 2023, ~$2.6M worth of stolen funds (~2,668 $BNB & 1,200 $ETH) were transferred into Mixers (TornadoCash, Fixedfloat, and sideshift[.]ai)."
https://i.ibb.co/8YbqVT4/Fnyy-H4a-AAMdt-Y2.jpg (https://ibb.co/LNrmfbh)



https://crypto.news/lendhub-loses-6m-to-hackers/
LendHub loses $6m to hackers
According to a report issued by the team on Friday, DeFi digital asset lending firm LendHub has lost $6 million in digital assets on its network.

Orion Protocol Hacked, $3 Million Lost: Here's How  (https://u.today/orion-protocol-hacked-3-million-lost-heres-how)
PeckShield, a reputable cryptocurrency security research team, unveils the design of alleged attacks against Orion Protocol. Meanwhile, its team says only internal funds were at risk. Orion Protocol hacked for $3 million thanks to well-known bug: PeckShield According to the statement shared by PeckShield representatives on Twitter, Orion Protocol, a popular liquidity machine for CEXes and DEXes, suffered a hacker attack today, Feb. 3, 2023.

2023 DeFi hacks. Continuation
1 post  (https://bitcointalk.org/index.php?topic=5267124.msg54946420#msg54946420) has exhausted the limit of information, the continuation will be in this post

January 4, 2023
RTFKT COO Nikgopalani $0,173M
https://bitcointalk.org/index.php?topic=5267124.msg61547671#msg61547671

January 12, 2023
LendHub loses $6M
https://bitcointalk.org/index.php?topic=5267124.msg61703100#msg61703100

February 1,2023
BonqDAO protocol suffers $120M
https://bitcointalk.org/index.php?topic=5267124.msg61691280#msg61691280

February 3,2023
Orion Protocol  $3M
https://bitcointalk.org/index.php?topic=5267124.msg61709050#msg61709050

February 9,2023
CoW Swapl  $0,182M
https://bitcointalk.org/index.php?topic=5267124.msg61740866#msg61740866

February 10,2023
DeFi Protocol dForce $3,65M
https://bitcointalk.org/index.php?topic=5267124.msg61746599#msg61746599

February 16,2023
DeFi Protocol Platypus  $8,5M
https://bitcointalk.org/index.php?topic=5267124.msg61802035#msg61802035

February 27,2023
DeFi Protocol  LaunchZone  $0,7M
https://bitcointalk.org/index.php?topic=5267124.msg61837040#msg61837040

March 13,2023
Euler Finance  $196M
https://bitcointalk.org/index.php?topic=5267124.msg61904478#msg61904478

March 13,2023
PeopleDAO  $0,12M
https://bitcointalk.org/index.php?topic=5267124.msg61916813#msg61916813

March 26,2023
Kokomo Finance $4M
https://bitcointalk.org/index.php?topic=5267124.msg61998945#msg61998945

March 29,2023
DEFISafeMoon $8,9M
https://bitcointalk.org/index.php?topic=5267124.msg62004227#msg62004227

April 4, 2023
Exploiter Front Runs $25M
https://bitcointalk.org/index.php?topic=5267124.msg62037817#msg62037817

April 10, 2023
SushiSwap $3,3M
https://bitcointalk.org/index.php?topic=5267124.msg62067347#msg62067347

April 13, 2023
Yearn Finance $11M
https://bitcointalk.org/index.php?topic=5267124.msg62115758#msg62115758

April 16, 2023
Hundred Finance Protocol $7.4M
https://bitcointalk.org/index.php?topic=5267124.msg62151334#msg62151334

April 25, 2023
zkSync DEX Merlin $1.82M
https://bitcointalk.org/index.php?topic=5267124.msg62152558#msg62152558

May 1, 2023
Level Finance $1M
https://bitcointalk.org/index.php?topic=5267124.msg62189833#msg62189833

May 10, 2023
Deus Finance $6M
https://bitcointalk.org/index.php?topic=5267124.msg62225011#msg62225011

May 20, 2023
Swaprum $3M
https://bitcointalk.org/index.php?topic=5267124.msg62333807#msg62333807

May 25, 2023
ZachXBT: $31.6M
https://bitcointalk.org/index.php?topic=5267124.msg62299944#msg62299944

May 30, 2023
Jimbos Protocol: $7.5M
https://bitcointalk.org/index.php?topic=5267124.msg62334136#msg62334136

June 12, 2023
Sturdy Finance: $0.8M
https://bitcointalk.org/index.php?topic=5267124.msg62406071#msg62406071

June 14, 2023
Hashflow: $0.6M
https://bitcointalk.org/index.php?topic=5267124.msg62409187#msg62409187

June 27, 2023
Chibi Finance: $1M
https://bitcointalk.org/index.php?topic=5267124.msg62475146#msg62475146

July 04, 2023
Poly Network: $5M
https://bitcointalk.org/index.php?topic=5267124.msg62503144#msg62503144

July 07, 2023
Multichain Fantom Bridge: $126M
https://bitcointalk.org/index.php?topic=5267124.msg62515049#msg62515049

July 12, 2023
Arcadia Finance: $0.455M
https://bitcointalk.org/index.php?topic=5267124.msg62539307#msg62539307

July 17, 2023
Rodeo Finance: $0.888M
https://bitcointalk.org/index.php?topic=5267124.msg62572884#msg62572884

July 21, 2023
Conic Finance: $3.2M
https://bitcointalk.org/index.php?topic=5267124.msg62582178#msg62582178

July 26, 2023
Era Lend: $3.4M
https://bitcointalk.org/index.php?topic=5267124.msg62604116#msg62604116

August 1, 2023
Curve Finance: $52M
https://bitcointalk.org/index.php?topic=5267124.msg62631337#msg62631337

August 2, 2023
Kannagi Finance: $3.4 M
https://bitcointalk.org/index.php?topic=5267124.msg62636636#msg62636636

August 8, 2023
decentralized exchange Cypher: $1 M
https://bitcointalk.org/index.php?topic=5267124.msg62669792#msg62669792

August 14, 2023
Steadefi: $1.1 M
https://bitcointalk.org/index.php?topic=5267124.msg62704762#msg62704762

August 14, 2023
Aave’s Earning Farm: $0.287 M
https://bitcointalk.org/index.php?topic=5267124.msg62704762#msg62704762

August 14, 2023
Uwerx: $0.327 M
https://bitcointalk.org/index.php?topic=5267124.msg62704762#msg62704762

August 14, 2023
Zunami Protocol: $2.1 M
https://bitcointalk.org/index.php?topic=5267124.msg62704762#msg62704762

August 30, 2023
Exactly Protoco: $7.3 M
https://bitcointalk.org/index.php?topic=5267124.msg62769424#msg62769424

August 30, 2023
Magnate Finance: $6.4 M
https://bitcointalk.org/index.php?topic=5267124.msg62769424#msg62769424

September 05, 2023
Stake.com: $41 M
https://bitcointalk.org/index.php?topic=5267124.msg62804160#msg62804160

September 20, 2023
Harbour: $0,25 M
https://bitcointalk.org/index.php?topic=5267124.msg62875589#msg62875589

September 20, 2023
MBL Computer: $0,8 M
https://bitcointalk.org/index.php?topic=5267124.msg62875589#msg62875589

September 27, 2023
Mixin Network: $200 M
https://bitcointalk.org/index.php?topic=5267124.msg62908895#msg62908895

October 08, 2023
Galxe platform: $0,15 M
https://bitcointalk.org/index.php?topic=5267124.msg62980429#msg62980429

October 11, 2023
Star arena: $0,274 M
https://bitcointalk.org/index.php?topic=5267124.msg62980886#msg62980886

October 12, 2023
Platypus Finance: $2 M
https://bitcointalk.org/index.php?topic=5267124.msg62983709#msg62983709

November 01, 2023
Onyx Protocol: $2.1 M
https://bitcointalk.org/index.php?topic=5267124.msg63089287#msg63089287

November 08, 2023
AstridFinance: $0.245 M
https://bitcointalk.org/index.php?topic=5267124.msg63123860#msg63123860

November 15, 2023
Raft: $3.3 M
https://bitcointalk.org/index.php?topic=5267124.msg63163154#msg63163154

November 23, 2023
KyberSwap: $48 M
https://bitcointalk.org/index.php?topic=5267124.msg63206715#msg63206715

December 06, 2023
Florence Finance: $1.45 M
https://bitcointalk.org/index.php?topic=5267124.msg63278918#msg63278918

December 14, 2023
OKX Dex: $0.37 M
https://bitcointalk.org/index.php?topic=5267124.msg63320564#msg63320564

December 28, 2023
Across Protocol: $0.88 M
https://bitcointalk.org/index.php?topic=5267124.msg63401295#msg63401295

December 31, 2023
Orbit Chain's bridge: $81.5 M
https://bitcointalk.org/index.php?topic=5267124.msg63433078#msg63433078

December 31, 2023
Levana Protocol$1M
https://bitcointalk.org/index.php?topic=5267124.msg63434618#msg63434618

2024 DeFi hacks. Continuation

January 3, 2024
Radiant Capital $4.4M
https://bitcointalk.org/index.php?topic=5267124.msg63438775#msg63438775

January 17, 2024
Socket $3.3M
https://bitcointalk.org/index.php?topic=5267124.msg63512194#msg63512194

January 24, 2024
Concentric.fi $1.6M
https://bitcointalk.org/index.php?topic=5267124.msg63549538#msg63549538

January 25, 2024
Gamee $7M
https://bitcointalk.org/index.php?topic=5267124.msg63555379#msg63555379

February 23,2024
Sky Mavis Co-Founder Jeffrey Zirlin’s $9.7M
https://bitcointalk.org/index.php?topic=5267124.msg63709404#msg63709404

February 28,2024
MicroStrategy’s X account hacked $0.42M
https://bitcointalk.org/index.php?topic=5267124.msg63730629#msg63730629

March 02,2024
SenecaUSD $6.5M
https://bitcointalk.org/index.php?topic=5267124.msg63748555#msg63748555

March 06,2024
OrdiZK Team $1.4M
https://bitcointalk.org/index.php?topic=5267124.msg63765847#msg63765847

March 06,2024
WOOFi $8M
https://bitcointalk.org/index.php?topic=5267124.msg63767952#msg63767952

April 03,2024
Web3 gaming platform Munchables $62.5M
https://bitcointalk.org/index.php?topic=5267124.msg63895187#msg63895187

April 10,2024
Prisma Finance $11M
https://bitcointalk.org/index.php?topic=5267124.msg63927999#msg63927999



to be continued..

__
hacked DeFi bridges
https://gist.github.com/cwhinfrey/9fd1bbc31bbcff08fca242b90c7f875d

reserve

CoW Swap hacker milks over 550 BNB using ‘solver’ exploit
Security firm PeckShield reported that the hacker successfully drained roughly 551 BNB off CoW Swap into Tornado Cash, which was worth around $181,600 at the time of writing.

https://cointelegraph.com/news/cow-swap-hacker-milks-over-550-bnb-using-solver-exploit

https://thenewscrypto.com/defi-protocol-dforce-exploited-of-3-65-million-by-hacker/
DeFi Protocol dForce Exploited of $3.65 Million by Hacker
"Initial funding of 0.99ETH was transmitted from the DeFi system RAILGUN Project.
dForce said the assault, which affected just its wstETH/ETH-Curve vault, had been stopped.
To the tune of $3.6 million in cryptocurrency, an assault on the reentrancy vulnerability of the decentralized finance (DeFi) protocol dForce has resulted in the theft of funds. Curve Finance is an automated market maker (AMM) platform. That uses the Arbitrum and Optimism blockchains, and its vault was the target of the hack."

Norwegian Authorities Seize $5.9M From Crypto Game Axie Infinity Hack
The economic crime unit said it is the biggest crypto seizure ever made by Norwegian police.
https://www.coindesk.com/policy/2023/02/16/norwegian-authorities-seize-59m-from-crypto-game-axie-infinity-hack/

https://www.coindesk.com/markets/2023/02/16/usp-stablecoin-loses-dollar-peg-as-defi-protocol-platypus-suffers-85m-attack/
USP Stablecoin Loses Dollar Peg as DeFi Protocol Platypus Suffers $8.5M Attack
"The flash loan attack caused Platypus Finance’s native stablecoin to fall to 48 cents from $1. The potential loss is $8.5 million, according to blockchain security firm CertiK.
Decentralized finance (DeFi) protocol Platypus Finance suffered a flash-loan attack on Thursday, blockchain security firm CertiK tweeted. The potential loss in the exploit is $8.5 million.
Platypus USD (USP), the protocol’s stablecoin, lost its price peg to the dollar as a result of the exploit, falling to 48 cents from its $1 anchor, according to CoinGecko.
"For now all operations are paused until we get more clarity," a Platypus team member posted in the protocol's Discord server."

Suspects in $9M DeFi platform Platypus attack arrested in France

French police have arrested suspects alleged to have stolen over $8 million from the decentralized finance (DeFi) platform Platypus Finance.
https://coingeek.com/suspects-in-9m-defi-platform-platypus-attack-arrested-in-france/

https://cointelegraph.com/news/700-000-drained-from-bnb-chain-based-defi-protocol-launchzone
$700,000 drained from BNB Chain-based DeFi protocol LaunchZone
BNB Chain-based DeFi protocol LaunchZone claims an exploit led to $700,000 of funds being drained from its liquidity pool, with its native token plunging in value.
"$700,000 worth of funds has been drained from BNB Chain-based decentralized finance (DeFi) protocol LaunchZone, with the project alleging an attacker carried out an exploit.

Details remain scarce after more than 80% of funds in the LaunchZone liquidity pool were drained on Feb. 27. A message on the project’s official Telegram group warned users not to buy tokens until more information has been gathered:"

Arbitrum DEX ArbiSwap Rug Pulls Users for Over $100K
ArbiSwap’s native ARBI tokens fell from $1.5 to a fraction of a cent in the past 24 hours.
https://www.coindesk.com/tech/2023/03/02/arbitrum-dex-arbiswap-rug-pulls-users-for-over-100k/

The next month of 2023 has ended, during which 7 Defi projects were attacked by hackers: BonqDAO, Orion, dForce Network, Platypus Finance, Hope Finance, Flexible, LaunchZone.
According to Defi Llama for the month of February 2023, Defi projects lost a total of $21.41 million in assets.

The benefit of using DeFi on new chains like CNDL and HBAR is that these chains are using EVM contracts that are tried and tested. DApps are just porting their code over to the new chains. It's when you get experimental DeFi stuff where things get hacked most of the time, or they are pretend hacks and real exit scams by the devs.