Tag: Exploits

Crypto Hacks and Scams on the Rise

by Blockchain News

Crypto security and auditing company CertiK reported a total loss of $103.7 million due to vulnerabilities, frauds, and hacks in the month of April. Because of this, the overall loss for the year amounts to 429.7 million dollars. The month was particularly marked by major hacks, including the theft of $22 million from a hot wallet exploit at the Bitrue exchange, which resulted in a loss of $22 million; the hack of South Korea’s GDAC exchange, which resulted in a loss of $13 million; and the theft of $25.4 million due to an exploit of several MEV trading bots on April 3.

According to reports from CertiK, the overall losses incurred by crypto and DeFi exploits throughout the month amounted to $74.5 million. This is about half of the total $145 million that was exploited during the first four months of the year. assaults against flash loans were also common, resulting in losses of around $20 million. Yearn Finance was the primary victim of these assaults, which occurred when a hacker exploited an outdated smart contract on April 13.

In April, exit scams were another factor that contributed to the large amount of money lost, which was $9.4 million. The most successful exit scam for the month was perpetrated by Merlin DEX, which resulted in a loss of $2.7 million. Considering that the protocol had been audited by CertiK, which had previously warned about centralization problems, this was an especially worrying development. After the attack, Certik implemented a compensation plan, in which they demanded that the malicious developer pay back 80% of the stolen funds and offered a white hat bounty of 20% of the total amount.

In the month of April, the Rekt Database maintained by De.Fi documented over fifty crypto-related scams, hacks, and rug pulls. These Memecoin rug pulls made up a significant chunk of the total. The flash loan assault against the Polygon-based Ovix protocol, which occurred on April 28 and resulted in a loss of $2 million, was the most recent incident.

Hacks and frauds using cryptocurrencies are becoming more common, highlighting the need for stronger security measures inside the cryptocurrency ecosystem. Before putting money into any cryptocurrency project, it is essential for users and investors to do extensive research and due diligence on the project. Auditing companies such as CertiK play an essential part in determining the nature of any possible security threats that may exist and in elevating the level of industry-wide security.

Source

Tagged : / / / / /

DeFi Suffers $21M in Losses from Exploits

by Blockchain News

Decentralized finance (DeFi) platforms have suffered significant losses due to a series of exploits in February, with at least $21 million in crypto being drained from seven protocols, according to DeFi data analytics platform DefiLlama. Among the notable incidents were the flash loan reentrancy attack on Platypus Finance, which resulted in $8.5 million in losses, and the price oracle attack on BonqDAO, which saw an exploiter manipulating the price of AllianceBlock (ALBT) token, causing a loss of an estimated $120 million, although the attackers reportedly only managed to cash out $1 million due to a lack of liquidity on BonqDAO.

Other exploits included a reentrancy attack on Orion Protocol, resulting in a loss of roughly $3 million, and another on dForce network, leading to around $3.65 million in losses. However, in a surprising turn of events, all funds were returned to dForce when the attacker revealed themselves to be a white hat hacker. The attack on Platypus Finance was also notable because the team announced their intention to return 78% of the main pool funds by reminting frozen stablecoins.

Smart contract exploits were also prevalent, with the algorithmic stablecoin project Hope Finance losing roughly $2 million due to a smart contract exploit, and multichain exchange aggregator Dexible experiencing a loss of $2 million worth of cryptocurrency through an exploit that targeted the app’s selfSwap function.

Additionally, BNB Chain-based DeFi protocol LaunchZone suffered a loss of $700,000 worth of funds due to an attacker leveraging an unverified contract.

These incidents come after blockchain data firm Chainalysis revealed in its 2023 Crypto Crime Report that hackers had stolen $3.1 billion from DeFi protocols in 2022, accounting for more than 82% of the total amount stolen in the year.

Despite the losses, the DeFi space continues to grow, with the total value locked (TVL) in DeFi protocols reaching over $104 billion as of February 28, according to DefiLlama. The platform also noted that the number of users on DeFi platforms has steadily increased since 2020, with over 5.8 million unique addresses interacting with DeFi protocols in February 2023.

These incidents highlight the need for continued vigilance and improvement in DeFi security measures to prevent such exploits from occurring. While the DeFi space has seen significant growth and innovation in recent years, it is clear that security remains a crucial concern that must be addressed to ensure the continued success and sustainability of the ecosystem.

Source

Tagged : / / / / /

CipherTrace expands to cover Binance Smart Chain amid wave of exploits

by Cointelegraph

Cryptocurrency and blockchain intelligence company CipherTrace has announced analytics support for Binance Smart Chain (BSC) amid a rise in attacks and vulnerabilities on protocols running on the network.

In an announcement on May 27, the firm stated that it aims to identify higher-risk financial transactions taking place on BSC and its decentralized applications which now number more than 600. CipherTrace already tracks the activity of over a thousand digital assets. Dave Jevans, CEO of CipherTrace, stated that once support for a blockchain is added, the firm can add analytics for all applications built on that network.

The inclusion of CipherTrace’s analytics also allows Virtual Asset Service Providers (VASPs), such as exchanges, banks, OTC desks, hosted wallets, and other financial institutions, to flag transactions occurring on BSC that have a high probability of originating in illicit activity, including fraud.

Binance Chief Compliance Officer, Samuel Lim, noted that compliance with global anti-money laundering regulations is paramount and CipherTrace will help them achieve that.

“CipherTrace incorporating Binance Smart Chain data into its attribution system to support applications and exchanges is a move to combat illicit activities. In the long run, this will gain BSC more credibility and partnerships in the fiat and regulated space.”

BSC has been the epicenter of illicit activity and DeFi exploits over the past few months. The list of protocols losing money to malicious actors is growing, the largest of which is PancakeBunny which lost as much as $200 million in BNB and its native token in a massive flash loan attack on May 20.

Other DeFi protocols running on BSC that have been hacked or exploited recently include Cream Finance, bEarn, Bogged Finance, Uranium Finance, Meerkat Finance, SafeMoon, and Spartan Protocol.

Earlier this month, Marie Tatibouet, chief marketing officer of crypto exchange Gate.io told Cointelegraph that the lack of due diligence has exacerbated these exploits due to BSC’s centralized nature, adding that “they are greenlighting hundreds of projects every single week.”

Source

Tagged : / / / / / /

Alpha Homora defies market slump, bolsters TVL and token price on v2 relaunch

by Cointelegraph

After a rocky first quarter, decentralized finance (DeFi) platform Alpha Homora announced the relaunch of its v2 leveraged yield farming program today — and so far both traders and users are celebrating as both total value locked (TVL) and ALPHA token prices soar. 

The version 2 of the platform, which allows for leverage up to 7x on popular yield farming positions on protocols such as Sushi, Curve, and Balancer, notably had to shut down to new positions after a devastating hack in February. The protocol suffered $37 million in losses, which counts among the most devastating exploits in DeFi history.

However, the relaunch so far has gone swimmingly by multiple metrics. The ALPHA token — which underwent a revamped tokeneconomic design during the downtime — is up 11.1% to $2.28 on the day, and TVL has increased by nearly $100 million since the relaunch to a total of $675 million.

It now remains to be seen how long the protocol will remain stable. In addition to the February exploit, the platform was tied to Rari Capital’s $11 million loss earlier this week, though that particular exploit was due to no fault on Alpha Finance Lab’s part. 

The relaunched v2 also came with a new set of audits, but ultimately the greatest test of a DeFi protocol is time — the longer it’s survived scrutiny from would-be exploiters, the more users can trust its longevity.

Some observers are additionally off-put by Alpha’s unusual model, which has little precedent in Tradfi. However Leo Cheng of C.R.E.A.M. Finance, whose Iron Bank protocol-to-protocol lending platform enables v2’s leveraged yield farming, argued in an interview with Cointelegraph that if flash loans can be a key cog in DeFi’s capital efficiency, leveraged lending is a logical next step.

By nature, says Cheng, a smart contract “doesn’t quite care, and it doesn’t quite see the borders with the smart contract projects” with regards to where funds are coming from. As long as a transaction will end with the various protocols involved in the green, the transaction will go through.

Alpha Finance Labs did not respond to multiple requests for comment.