Table of Contents
On Aug 2, 2022, the yield aggregator @Reaper_Farm on the Fantom chain was exploited for ~$1.7M.The reason for the hack was a vulnerability in smart contract of its multi-strategy vault.
Post-hack, the #exploiter moved stolen funds to the Tornado Cash.
On Aug 3, 2021, @PopsicleFinance was exploited for ~$25m due to a #smartcontract vulnerability.
There was a bug in the protocol’s reward debt mechanism that allowed users to claim rewards which they should’ve never got.
On August 4, 2021 @Wault_Finance, a DeFi protocol, suffered an attack involving lightning loans and lost ~$880K.
There was a smart contract vulnerability, which was exploited for this attack.
On Aug 8, 2021, Zerogoki protocol was exploited for ~$670K by using price oracle manipulation. The attacker could do this manipulation with the help of a compromised private key, which allowed him to swap 300 REI for 700,000 zUSD.
On Aug 9, 2022, @CurveFinance suffered a DNS hijacking that made its users to approve a malicious contract and lose ~$575k. The stolen funds were sent to CEXs and Tornado Cash.
On Aug 10, 2021, @PolyNetwork2 was exploited for ~$600M due to smart contract vulnerabilities which allowed the hacker to execute unauthorized transactions and withdraw funds from the contract on both BSC and ETH.
On Aug 10, 2021, @PunkProtocol , a DeFi protocol, was exploited for $8.9M. The attacker exploited a flaw in the smart contract code that allowed him to replace a privileged contract address with his own address.
Sudorare, an NFT marketplace, was rugged for ~$850K— 6 hours after its launch. The Attackers withdrew ~519 ETH and other tokens such as Looksrare (LOOKS) and USD Coin (USDC).
On August 24, 2022, Kaoya Swap, a decentralized protocol on the BSC chain, fell victim to a hack that exploited a flaw in a smart contract function.
The hacker made a profit of around 💰271 wBNB and 37,294 BUSD (approx. $118k).
On Aug 25, 2021, #Defi protocol Dot Finance was exploited for ~$429K in a flash loan attack, which reduced the protocol’s value by 35 %.
On Aug 28, 2022, the $DDC token on the BSC chain was exploited for $104,600 due to smart contract vulnerability.
The vulnerability stemmed from the
handleDeductFee function of the DDC contract, which lacked appropriate checks for both
feeAmount and incoming addresses.
This oversight allowed an attacker to manipulate the function’s parameters and get away with the funds.
😈The attacker (https://bscscan.com/address/0x5b69f9c6cbb4958008eae46072886e6b9524fdef)
transferred some of the stolen funds to another address (https://bscscan.com/address/0xc578d755cd56255d3ff6e92e1b6371ba945e3984), which was found to be involved in the UF DAO Attack of Jan 11, 2023.
On 29th August 2022, during an update to the @OptifiLabs program on the Solana mainnet, the deployer mistakenly executed the ‘solana program close’ command, leading to the permanent closure of the OptiFi program.
This error locked all user funds and open positions in the program, amounting to a loss of approximately $661K USDC.
Most of the lost funds belonged to the @OptifiLabs team, and fortunately, only 5% belonged to the investors.
Nevertheless, the team pledged to compensate affected users fully.
To avoid a repeat of such incidents, @OptifiLabs proposed changes to the Solana Command-Line Interface (CLI) to display clearer warnings about the implications of certain commands.
On Aug 31, 2022, $CUPID and $VENUS tokens on the BSC chain were exploited in a flash loan exploit, causing their market price to fall by 99%.
The exploiter made a profit of $78,622 and transferred the amount to different addresses.
Hack Transaction: https://bscscan.com/tx/0xed348e1d6ef1c26e0040c6c3f933ea51f953bdbafad7fb11c593f6837909c079
CUPID Token Address:
VENUS Token Address:
Additionally, the attacker is found to be constantly interacting with the following addresses and to transfer funds.
MDEX LP Token (MDEX LP):
There are various other addresses which were found which were indirectly linked to the hacker. One of the addresses (still active and trading in high volumes):