DeFi hacks [history]

[zasad@]

https://www.halborn.com/blog/post/explained-the-pike-finance-hack-april-2024
In 30 April 2024, Pike Finance suffered a series of two hacks exploiting vulnerabilities related to the project’s smart contracts. The attackers stole $300,000 and about $1.6 million for a total of approximately $1.9 million.

https://www.coindesk.com/business/2024/05/15/bitcoin-defi-tool-alex-lab-loses-43m-in-hack-offers-10-bounty-for-stolen-funds
Bitcoin DeFi Tool Alex Lab Loses $4.3M in Hack, Offers 10% Bounty for Stolen Funds

https://www.halborn.com/blog/post/explained-the-sonne-finance-hack-may-2024
In 24 May 2024, Sonne Finance suffered a hack in which the attacker was able to drain an estimated $20 million from the protocol’s lending pools. The attacker took advantage of a known issue with forks of Compound Finance v2.

https://www.theblock.co/post/295520/gala-games-hacked-gala-token-plummets
Web3 gaming platform Gala Games loses over $200 million in potential exploit, GALA plummets 15%

https://beincrypto.com/velocore-decentralized-exchange-10-million-hack/
Decentralized Exchange Velocore Suffers $10 Million Hack: Reports

https://cointelegraph.com/news/uwu-lend-hack-20-million
UwU Lend hit by $20M crypto hack
The ongoing exploit has already netted the attacker nearly $20 million in digital assets.

https://www.theblock.co/post/299901/uwu-lend-second-hack-this-week
UwU Lend drained for $3.7 million in second exploit this week

https://cointelegraph.com/news/lifi-protocol-attack-8m-drained
Li​.Fi protocol attacked, $10M drained
The Li.Fi protocol experienced a security breach when hackers exploited a specific contract address, resulting in the loss of over $8 million in cryptocurrencies. The attack has since been mitigated.

https://cointelegraph.com/news/rho-markets-returns-online-after-8m-oracle-issue
Rho Markets returns online with no funds lost after $8M Oracle issue
The MEV bot responsible for profiting nearly $8 million in stablecoins returned the funds but wanted the Rho Markets team to admit it was not a hack or exploit.
coin refund
https://scrollscan.com/tx/0x15da6af0207d82d27ca20a542dae1b81580ca1cbfee7028c312229968e356446

https://www.theblock.co/post/308440/attacker-exploits-ibc-hooks-vulnerability-to-steal-tokens-on-terra-blockchain
Attacker exploits IBC hooks vulnerability to steal tokens on Terra blockchain
The perpetrator exploited this vulnerability to drain value from bridged assets, including USDC stablecoin and ASTRO tokens from Astroport Finance. Security firm Beosin estimated that over $4 million worth of tokens were impacted. Meanwhile, the price of ASTRO token has dropped 60% following the incident.

https://www.cryptotimes.io/2024/08/02/hacker-steals-210000-in-cvg-tokens-from-convergence/
Hacker Steals $210,000 in CVG Tokens from Convergence
On August 1, a hacker exploited CVG, converting it into 60 ETH and 15,900 FRAX, collapsing its value.

https://www.coindesk.com/tech/2024/08/06/ronin-bridge-paused-after-9m-drained-in-apparent-whitehat-hack
Ronin Bridge Paused, Restarted After $12M Drained in Whitehat Hack

https://www.coindesk.com/business/2024/08/07/blockchain-protocol-nexara-suffers-18m-exploit-nxra-tumbles-40
Blockchain Protocol Nexera Suffers $1.8M Exploit, NXRA Tumbles 40%

https://www.coindesk.com/tech/2024/09/03/defi-protocol-penpie-exploited-for-27m-of-crypto-assets-pnp-token-craters-40
DeFi Protocol Penpie Exploited for $27M of Crypto Assets; PNP Token Craters 40%

https://www.coindesk.com/markets/2024/09/16/crypto-broker-deltaprime-drained-of-over-6m-amid-apparent-private-key-leak
Crypto Broker DeltaPrime Drained of Over $6M Amid Apparent Private Key Leak

https://x.com/Bedrock_DeFi/status/1839479965685100780
Bedrock | Bitcoin Restaking
We want to reassure everyone that the underlying wrapped BTCs and BTCs in reserves are secure. The total estimated impact of the exploit is approximately $2 million (mostly in DEX LPs). The root cause has been identified and we are taking steps to address it. A comprehensive reimbursement plan is being finalized and will be shared shortly together with a post-mortem report.

https://www.halborn.com/blog/post/explained-the-onyx-protocol-hack-september-2024
In September 2024, the Onyx Protocol suffered a hack that demonstrated the importance of learning from past mistakes. The protocol was exploited for $3.8 million via the same vulnerability that caused $2.1 million in losses in October 2023.

https://www.coindesk.com/tech/2024/10/16/radiant-capital-loses-50m-to-blockchain-exploit
Radiant Capital Loses $50M to Second Blockchain Exploit This Year

https://x.com/CyversAlerts/status/1847246656061739184
It might be possible that
@tapioca_dao
's deployer address has been compromised and owner of the vesting contract has been changed!
New owner has withdrawn around more than 21M $TAP token using emergency rescue!

https://cointelegraph.com/news/online-casino-metawin-hacked-4-million-zack-xbt
Online Casino MetaWin hacked for $4 million — ZackXBT

https://x.com/ThalaLabs/status/1857703541089120541
Thala
On November 15th 2024, Thala suffered a security breach as a result of an isolated vulnerability in the latest update to v1 farming contracts, allowing the exploiter to withdraw liquidity pool tokens totaling $25.5m.

https://x.com/realScamSniffer/status/1859089504994554363
A user lost $129M after copying the wrong address from their transfer history. Fortunately, the scammer returned the funds within an hour!

https://x.com/Clipper_DEX/status/1863263893470003460
DEX Clipper
Statement on Clipper Security Incident Dec 1, 2024
This morning at 4am UTC Clipper’s pools on Optimism and Base were exploited for ~$450,000, roughly 6% of Clipper’s TVL. The attacker attempted to exploit other chains but was unable to do so. As a result, no other chains or pools were impacted. The exploit is no longer ongoing.

____
If you like this topic, support it with your posts!

[o48o]

https://www.halborn.com/blog/post/explained-the-pike-finance-hack-april-2024
In 30 April 2024, Pike Finance suffered a series of two hacks exploiting vulnerabilities related to the project’s smart contracts. The attackers stole $300,000 and about $1.6 million for a total of approximately $1.9 million.

https://www.coindesk.com/business/2024/05/15/bitcoin-defi-tool-alex-lab-loses-43m-in-hack-offers-10-bounty-for-stolen-funds
Bitcoin DeFi Tool Alex Lab Loses $4.3M in Hack, Offers 10% Bounty for Stolen Funds

https://www.halborn.com/blog/post/explained-the-sonne-finance-hack-may-2024
In 24 May 2024, Sonne Finance suffered a hack in which the attacker was able to drain an estimated $20 million from the protocol’s lending pools. The attacker took advantage of a known issue with forks of Compound Finance v2.

https://www.theblock.co/post/295520/gala-games-hacked-gala-token-plummets
Web3 gaming platform Gala Games loses over $200 million in potential exploit, GALA plummets 15%

https://beincrypto.com/velocore-decentralized-exchange-10-million-hack/
Decentralized Exchange Velocore Suffers $10 Million Hack: Reports

https://cointelegraph.com/news/uwu-lend-hack-20-million
UwU Lend hit by $20M crypto hack
The ongoing exploit has already netted the attacker nearly $20 million in digital assets.

https://www.theblock.co/post/299901/uwu-lend-second-hack-this-week
UwU Lend drained for $3.7 million in second exploit this week

https://cointelegraph.com/news/lifi-protocol-attack-8m-drained
Li​.Fi protocol attacked, $10M drained
The Li.Fi protocol experienced a security breach when hackers exploited a specific contract address, resulting in the loss of over $8 million in cryptocurrencies. The attack has since been mitigated.

https://cointelegraph.com/news/rho-markets-returns-online-after-8m-oracle-issue
Rho Markets returns online with no funds lost after $8M Oracle issue
The MEV bot responsible for profiting nearly $8 million in stablecoins returned the funds but wanted the Rho Markets team to admit it was not a hack or exploit.
coin refund
https://scrollscan.com/tx/0x15da6af0207d82d27ca20a542dae1b81580ca1cbfee7028c312229968e356446

https://www.theblock.co/post/308440/attacker-exploits-ibc-hooks-vulnerability-to-steal-tokens-on-terra-blockchain
Attacker exploits IBC hooks vulnerability to steal tokens on Terra blockchain
The perpetrator exploited this vulnerability to drain value from bridged assets, including USDC stablecoin and ASTRO tokens from Astroport Finance. Security firm Beosin estimated that over $4 million worth of tokens were impacted. Meanwhile, the price of ASTRO token has dropped 60% following the incident.

https://www.cryptotimes.io/2024/08/02/hacker-steals-210000-in-cvg-tokens-from-convergence/
Hacker Steals $210,000 in CVG Tokens from Convergence
On August 1, a hacker exploited CVG, converting it into 60 ETH and 15,900 FRAX, collapsing its value.

https://www.coindesk.com/tech/2024/08/06/ronin-bridge-paused-after-9m-drained-in-apparent-whitehat-hack
Ronin Bridge Paused, Restarted After $12M Drained in Whitehat Hack

https://www.coindesk.com/business/2024/08/07/blockchain-protocol-nexara-suffers-18m-exploit-nxra-tumbles-40
Blockchain Protocol Nexera Suffers $1.8M Exploit, NXRA Tumbles 40%

https://www.coindesk.com/tech/2024/09/03/defi-protocol-penpie-exploited-for-27m-of-crypto-assets-pnp-token-craters-40
DeFi Protocol Penpie Exploited for $27M of Crypto Assets; PNP Token Craters 40%

https://www.coindesk.com/markets/2024/09/16/crypto-broker-deltaprime-drained-of-over-6m-amid-apparent-private-key-leak
Crypto Broker DeltaPrime Drained of Over $6M Amid Apparent Private Key Leak

https://x.com/Bedrock_DeFi/status/1839479965685100780
Bedrock | Bitcoin Restaking
We want to reassure everyone that the underlying wrapped BTCs and BTCs in reserves are secure. The total estimated impact of the exploit is approximately $2 million (mostly in DEX LPs). The root cause has been identified and we are taking steps to address it. A comprehensive reimbursement plan is being finalized and will be shared shortly together with a post-mortem report.

https://www.halborn.com/blog/post/explained-the-onyx-protocol-hack-september-2024
In September 2024, the Onyx Protocol suffered a hack that demonstrated the importance of learning from past mistakes. The protocol was exploited for $3.8 million via the same vulnerability that caused $2.1 million in losses in October 2023.

https://www.coindesk.com/tech/2024/10/16/radiant-capital-loses-50m-to-blockchain-exploit
Radiant Capital Loses $50M to Second Blockchain Exploit This Year

https://x.com/CyversAlerts/status/1847246656061739184
It might be possible that
@tapioca_dao
's deployer address has been compromised and owner of the vesting contract has been changed!
New owner has withdrawn around more than 21M $TAP token using emergency rescue!

https://cointelegraph.com/news/online-casino-metawin-hacked-4-million-zack-xbt
Online Casino MetaWin hacked for $4 million — ZackXBT

https://x.com/ThalaLabs/status/1857703541089120541
Thala
On November 15th 2024, Thala suffered a security breach as a result of an isolated vulnerability in the latest update to v1 farming contracts, allowing the exploiter to withdraw liquidity pool tokens totaling $25.5m.

https://x.com/realScamSniffer/status/1859089504994554363
A user lost $129M after copying the wrong address from their transfer history. Fortunately, the scammer returned the funds within an hour!

https://x.com/Clipper_DEX/status/1863263893470003460
DEX Clipper
Statement on Clipper Security Incident Dec 1, 2024
This morning at 4am UTC Clipper’s pools on Optimism and Base were exploited for ~$450,000, roughly 6% of Clipper’s TVL. The attacker attempted to exploit other chains but was unable to do so. As a result, no other chains or pools were impacted. The exploit is no longer ongoing.

____
If you like this topic, support it with your posts!

The fact all these were from 2024, and i haven't even noticed most of these, although my news feeds cover cryptos is alarming.

I have heard how DEXes are changing the future of finances and number one job of any financial entity would be securing their own, and their customer's funds. Maybe they are the future at some point, but this would make it seem, like they would need even heavier regulatory oversight for that to happen, and ironically making whole thing centralized again.

[zasad@]

The fact all these were from 2024, and i haven't even noticed most of these, although my news feeds cover cryptos is alarming.

I have heard how DEXes are changing the future of finances and number one job of any financial entity would be securing their own, and their customer's funds. Maybe they are the future at some point, but this would make it seem, like they would need even heavier regulatory oversight for that to happen, and ironically making whole thing centralized again.

You're right that the DeFi sector will be regulated by law, and all the big players will be forced to comply.
I wrote about it in this thread
https://bitcointalk.org/index.php?topic=5524994.0

_____
Chainalysis analytics

https://x.com/chainalysis/status/1869730169147232422
"North Korean hackers stole more from crypto platforms than ever before: $1.34 billion, which represents 61% of the total amount stolen for the year."

[zasad@]

https://x.com/PeckShieldAlert/status/1877258501623525797
"PeckShieldAlert 2024 has witnessed a significant resurgence in crypto-related hacking activities. The total value of loss in 2024 has exceeded $3.01B, reflecting a ~15% increase over the $2.61B stolen in 2023.
This total includes $2.15B stolen from crypto hacks and $834.5M stolen from scams. Notably, ~$488.5M worth of stolen cryptos has been recovered."

[betswift]

^ No wonder.
The bigger the space and FOMO around it, the more newbies come, and the more the possibilities for the scammers to get a quick buck out of them.
And let's not forget the situations where even the big entities get robbed of their funds.

[safar1980]

Explained: The Ionic Money Hack (February 2025)

Mode-based Ionic Money — formerly Midas — was the victim of a $8.6 million hack in February 2025. The attackers used social engineering to set the stage for an exploit where they drained the project’s vaults.

Inside the Attack
The Ionic Money hack began as a social engineering attack in which the attackers masqueraded as members of the Lombard Finance team. Their goal was to trick Ionic Money into listing their fake LBTC token on its platform.

Once the counterfeit token was listed, the attackers minted 250 of their fake LBTC tokens and used them as collateral for loans on Ionic Money. This allowed them to borrow an estimated $8.6 million in real tokens from the project. Since the collateral they used was counterfeit tokens, they could abandon it, leaving Ionic Money and its users with nothing.

After the theft, the attackers used cross-chain bridges to transfer approximately $3.5 million of the stolen tokens to Ethereum. There, the tokens were laundered through Tornado Cash, making it infeasible to identify the stolen assets once the attackers withdrew them.

The MBTC and iBTC borrowed from Ionic Money were swapped to MBTC and used to borrow from Ironclad and Layerbank. Merlin announced that it would use a pre-exploit snapshot to minimize the effects of the incident on MBTC users. This harmed Layerbank and Ironclad since it left them holding worthless MBTC while the attacker kept what they had borrowed from the two protocols.

While this is Ionic’s first hack, the same isn’t true of the team behind the protocol. According to ZachXBT, Ionic is just a rebrand of the Midas Protocol. Midas was the victim of two hacks in 2023 both due to a failure to protect against known vulnerabilities with publicly-known workarounds.

[zasad@]

https://cointelegraph.com/news/zklend-starknet-hack-4-9m-bounty

zkLend loses $9.5M in exploit, offers bounty to hacker
ZkLend lost nearly $10 million in an exploit. The protocol offered the hacker a 10% bounty if the remaining funds were returned before Feb. 14.

"ZkLend was hacked for almost $10 million, marking a resurgence in crypto exploits after a January downturn.

Decentralized money lending protocol zkLend was exploited on the Starknet network for $9.5 million on Feb. 12, according to blockchain security firm Cyvers.

“zkLend has suffered a $9.5 million exploit on the Starknet network. Stolen funds were bridged to Ethereum and laundered via Railgun, but due to protocol policies, the funds were returned to the original address by Railgun!” Cyvers wrote."

[zasad@]

https://www.theblock.co/post/342911/stablecoin-neobank-infini-exploited-for-49-million-security-analysts

Stablecoin neobank Infini exploited for $49 million: security analysts

"Infini suffered a hack resulting in a loss of about $49 million, according to several security analysts.
Analysts noted that $49 million in USDC was drained from a smart contract.

Infini, a Hong Kong-based stablecoin neobank and payments platform, suffered an attack that resulted in a loss of about $49 million.

Security analysts at Cyvers and Blocksec confirmed to The Block that Infini was the impacted entity.

Based on on-chain data, analysts said that $49 million in USDC was siphoned from a smart contract that previously received funds from Infini. The stolen funds were sent to an address funded by Tornado Cash, a privacy tool often used to obscure crypto transactions. The attacker has swapped the stablecoin into ether.

Cyvers noted that the exploit occurred because an attacker abused compromised administrative privileges on the contract. The specific contract address (0x9A7) was created by the attacker (0xc49) and was allegedly developed as part of the Infini project.

"The attacker used this address (0xc49) to change the settings of the smart contract and drained the whole fund," security firm Blocksec told The Block."

[Defi_space]

Investing in DeFi continue to be very risky that is why it is necessary to be very careful and check everything before investing.
But it is very important to evaluate the potential of Defi.

[zasad@]

https://x.com/lookonchain/status/1899683925297181011

"Someone lost $1.82M due to phishing transaction signatures!

Always double-check before signing any transaction.

Regularly review and revoke token approvals.

Use secure wallets and avoid phishing websites.

Never trust unsolicited messages or unknown airdrops."

https://debank.com/profile/0xa4c11b4a73a43329d1f52c3142137acf6184683f/history?chain=eth&token=

Investing in DeFi continue to be very risky ..

right

Swap 220,806.389669 ($220,779.23) USDC For 5,272.998058 ($5,271.62) USDT On Uniswap V3

https://etherscan.io/tx/0xee9fcd2b9996e96b642cb4cda47fc140f98fdaf07ee02657743d4bfcc4670106

[zasad@]

https://www.theblock.co/post/342911/stablecoin-neobank-infini-exploited-for-49-million-security-analysts

Stablecoin neobank Infini exploited for $49 million: security analysts

"Infini suffered a hack resulting in a loss of about $49 million, according to several security analysts.
Analysts noted that $49 million in USDC was drained from a smart contract.

Infini, a Hong Kong-based stablecoin neobank and payments platform, suffered an attack that resulted in a loss of about $49 million.

Security analysts at Cyvers and Blocksec confirmed to The Block that Infini was the impacted entity.

Based on on-chain data, analysts said that $49 million in USDC was siphoned from a smart contract that previously received funds from Infini. The stolen funds were sent to an address funded by Tornado Cash, a privacy tool often used to obscure crypto transactions. The attacker has swapped the stablecoin into ether.

Cyvers noted that the exploit occurred because an attacker abused compromised administrative privileges on the contract. The specific contract address (0x9A7) was created by the attacker (0xc49) and was allegedly developed as part of the Infini project.

"The attacker used this address (0xc49) to change the settings of the smart contract and drained the whole fund," security firm Blocksec told The Block."

https://x.com/WuBlockchain/status/1902707199220306185
"Infini, a cryptocurrency credit card service provider that lost $50 million, accused its smart contract engineer of retaining the highest authority of "super admin" when the contract was launched on the mainnet due to gambling losses, but lied to other team members that the authority had been "transferred" or "removed", thus stealing the funds." https://etherscan.io/tx/0x3dab6a9d46f705b059ae28badb515e99feadb740ee4fc06fb86770e7c70f0746

[zasad@]

GMX smart contracts hacked for 6,260 ETH  $6,5M
https://www.msn.com/en-us/money/other/gmx-smart-contracts-hacked-for-6-260-eth/ar-AA1BD6yE

"Decentralized lending protocols on Magic Internet Money (MIM) have been hacked for 6,260 ETH. The exploit has not affected the GMX protocol or GM tokens used in those vaults, but only specific liquidity hubs for decentralized lending.

Contracts related to GMX and Magic Internet Money (MIM) Spell lending vaults have been exploited for 6,260 ETH, locked in related liquidity vaults.

The decentralized lending vaults on Arbitrum were exploited for WETH and ETH; then, the funds were bridged through Stargate to the Ethereum mainnet for laundering. The attacker moved MIM, USDC, USDC, ETH, and WETH, finally swapping all assets on Ethereum for further mixing.

Stargate Bridge helped the easy movement of funds, as it held $160M in available liquidity. Arbitrum is a rare choice for a hack, but still offers multiple options to move into Ethereum for more liquidity and swapping option.

Expand article logo  Continue reading

The stolen funds ended up in three ETH addresses, which are now monitored for further movements or mixing. Some of the addresses are not yet tagged as belonging to an exploit, while the initial address was labeled as Fake Phishing right after the attack."

[zasad@]

https://x.com/evilcos/status/1906876602228883914

"It seems that the 2,930 ETH stolen from @zkLend was deposited into Phishing website imitating TornadoCash and was immediately taken away by the phishing website’s operators.
H/T @TornadoCashBot" 

[safar1980]

Mistakes Were Made From a Wallet Frank DeGods Controls: Founder Wallet Drained as He Exits
Just days after DeGods founder Frank said he was departing as CEO, his Solana wallet was compromised and 16 NFTs were sold off.
A Solana wallet of DeGods founder Frank (aka Rohun Vora) was compromised, with 16 NFTs quickly sold off.
The popular crypto personality dismissed rumors he sold the NFTs after departing the project's CEO role this week.
The DeGods floor price was once more than $37,000 on Solana, but now sits just above $1,000.

[$crypto$]

Source: https://x.com/CetusProtocol/status/1925567348586815622

Cetus Protocol has confirmed that their smart contracts have been exploited with a loss of $223M and frozen funds of $162M for now they have also stopped the smart contracts to investigate the case, but do not yet know what the overall loss due to this hack is.

Tracking from Lookonchain: https://x.com/lookonchain/status/1925562102309327299

[cryptotact11]

Excellent thread. Why not consider putting the contents of the first post into a table? It will provide a better view and you will be able to put more information in. Further, you could tally a summary on the losses of all the DeFi hacks that are documented here.