DeFi
Analysis of recent DeFi hacks and security breaches
The past week has seen a series of high-profile cyberattacks against giant players in the cryptocurrency industry, with a particular focus on DeFi platforms, crypto hedge funds and other blockchain-based services.
Join us in this week’s Crypto Hacking Report, focusing on the types of attacks, their implementation methods, and the evaluation of response actions before and after the lifecycle of these attacks.
1. Sonne Finance Million Flashlash Loan Attack
Sonne Finance, a typical lending/borrowing platform, was built on Compound and deployed on Optimism, a layer 2 chain. However, there came a time flash loan attack which affected their protocol.
The attackers took advantage of protocol bugs and bypassed the flash loan feature to drain over $20 million in seconds. Through these loans, the hackers managed to manipulate the protocol’s liquidity pools and thus created massive financial damage that could only be stopped after being detected.
Sonne Finance, in cooperation with its White Hat hacker community and Blockchain security experts, is close to tracking down the stolen funds and fixing the errors that were exploited.
2. BlockTower Capital: partial funding leak
Blocktower Capital, a leading player in crypto financial investment, managing assets worth approximately $1.7 billion, has fallen victim to a massive violation in their security system.
A major setback was losing half of his main hedge fund to the actions of fraudsters. The exact amount of scam funds is hidden, nevertheless, the fraud has surely forced the company to consider hiring Blockchain forensic analysts for further investigation.
3. ALEX Lab: $4.3 million loss due to private key storage weaknesses
ALEX Lab, a Bitcoin DeFi application, lost $4.3 million of tokens. The attack specifically attacked BTC’s bridge service and consumed $300,000,000 worth of Bitcoin, $3.3 million worth of stablecoins, and $75,000 worth of Sugar Kingdom tokens (SKO).
After the detected breach, ALEX Lab cooperates with experts to carry out its implementations and modifications of its key management systems.
4. Perdy Finance: $464,000 Contract Vulnerability Exploit
Perdy Finance, the DEX on the Aribtrum chain, has been attack due to a contract default – resulting in a $464,000 breach of their loan pool.
Hackers discovered a vulnerability in Perdy Finance smart contracts allowing them to steal considerable values, leaving the system and authorities to face this problem. They only knew what to do when the problem was detected and by then the assets were already exhausted.
Perdy Finance had shut down operations to identify and resolve contractual issues and losses caused by these security breaches. To identify and fix smart contract flaws, they coordinated with blockchain security auditors and collaborated for a successful smart contract.
5. Pump. fun: embezzlement of $2 million from a former employee
There was a huge compromise of the SOL token in Pump.fun when a former employee of the platform stole over 2 million dollars value of digital assets. The employee had benefited from the leadership role which granted him unrestricted access to guarding the safe.
This exploit used flash loans on the Solana lending protocol to borrow SOL, swap them for different coins so that their values on the bond curves reached 100%, then sell the coins to get the liquidity they use to repay flash loans.
Pump. cheap has resumed fee-free trading for the immediate next seven days in an effort to restore user confidence. The site outlined its commitment to loading seed liquidity pools on Raydium for affected coins and providing consumers with assets in return.
Indeed, the events that have unfolded over the past seven days have once again brought to the forefront the multifaceted and dynamic nature of cyber risks leading to the crypto sphere.
The range of illustrious exploits from flash loans to intrusion threats and contract vulnerabilities has revealed the importance of constantly improving security practices, active monitoring and critical audit actions for the ultimate purpose of asset protection.
Also discover: Crypto Hack Report Q1 2024: Trends, Losses and Recovery Efforts