Aug 2
Table of Contents
On Aug 2, 2022, the yield aggregator @Reaper_Farm on the Fantom chain was exploited for ~$1.7M.The reason for the hack was a vulnerability in smart contract of its multi-strategy vault.
Post-hack, the #exploiter moved stolen funds to the Tornado Cash.
Aug 3
On Aug 3, 2021, @PopsicleFinance was exploited for ~$25m due to a #smartcontract vulnerability.
There was a bug in the protocol’s reward debt mechanism that allowed users to claim rewards which they should’ve never got.
Aug 4
On August 4, 2021 @Wault_Finance, a DeFi protocol, suffered an attack involving lightning loans and lost ~$880K.
There was a smart contract vulnerability, which was exploited for this attack.
Aug 8
On Aug 8, 2021, Zerogoki protocol was exploited for ~$670K by using price oracle manipulation. The attacker could do this manipulation with the help of a compromised private key, which allowed him to swap 300 REI for 700,000 zUSD.
Aug 9
On Aug 9, 2022, @CurveFinance suffered a DNS hijacking that made its users to approve a malicious contract and lose ~$575k. The stolen funds were sent to CEXs and Tornado Cash.
Aug 10
On Aug 10, 2021, @PolyNetwork2 was exploited for ~$600M due to smart contract vulnerabilities which allowed the hacker to execute unauthorized transactions and withdraw funds from the contract on both BSC and ETH.
On Aug 10, 2021, @PunkProtocol , a DeFi protocol, was exploited for $8.9M. The attacker exploited a flaw in the smart contract code that allowed him to replace a privileged contract address with his own address.
Aug 23
Sudorare, an NFT marketplace, was rugged for ~$850K— 6 hours after its launch. The Attackers withdrew ~519 ETH and other tokens such as Looksrare (LOOKS) and USD Coin (USDC).
Aug 24
On August 24, 2022, Kaoya Swap, a decentralized protocol on the BSC chain, fell victim to a hack that exploited a flaw in a smart contract function.
The hacker made a profit of around 💰271 wBNB and 37,294 BUSD (approx. $118k).
Aug 25
On Aug 25, 2021, #Defi protocol Dot Finance was exploited for ~$429K in a flash loan attack, which reduced the protocol’s value by 35 %.
Aug 28
On Aug 28, 2022, the $DDC token on the BSC chain was exploited for $104,600 due to smart contract vulnerability.
The vulnerability stemmed from the handleDeductFee function of the DDC contract, which lacked appropriate checks for both feeAmount and incoming addresses.
This oversight allowed an attacker to manipulate the function’s parameters and get away with the funds.
😈Txn: https://bscscan.com/tx/0xd08cfb22d14bc4f2808970b5ce2557124ae3d7dc9fda756647a3427b8275f054
😈The attacker (https://bscscan.com/address/0x5b69f9c6cbb4958008eae46072886e6b9524fdef)
transferred some of the stolen funds to another address (https://bscscan.com/address/0xc578d755cd56255d3ff6e92e1b6371ba945e3984), which was found to be involved in the UF DAO Attack of Jan 11, 2023.
Aug 29
On 29th August 2022, during an update to the @OptifiLabs program on the Solana mainnet, the deployer mistakenly executed the ‘solana program close’ command, leading to the permanent closure of the OptiFi program.
This error locked all user funds and open positions in the program, amounting to a loss of approximately $661K USDC.
Most of the lost funds belonged to the @OptifiLabs team, and fortunately, only 5% belonged to the investors.
Nevertheless, the team pledged to compensate affected users fully.
To avoid a repeat of such incidents, @OptifiLabs proposed changes to the Solana Command-Line Interface (CLI) to display clearer warnings about the implications of certain commands.
Aug 31
On Aug 31, 2022, $CUPID and $VENUS tokens on the BSC chain were exploited in a flash loan exploit, causing their market price to fall by 99%.
The exploiter made a profit of $78,622 and transferred the amount to different addresses.
Hack Transaction: https://bscscan.com/tx/0xed348e1d6ef1c26e0040c6c3f933ea51f953bdbafad7fb11c593f6837909c079
CUPID Token Address:
https://bscscan.com/token/0x9963f04a6d0dc7d47d7f86a2bf4d62e01e043e6b
VENUS Token Address:
https://bscscan.com/token/0x9963f04a6d0dc7d47d7f86a2bf4d62e01e043e6b
Attacker Address:
https://bscscan.com/address/0xdf2984cf49ff2944c019decbd2057c09e5b026b1
Additionally, the attacker is found to be constantly interacting with the following addresses and to transfer funds.
MDEX LP Token (MDEX LP):
https://bscscan.com/address/0x59b76b5d39370ba2aa7e723c639861266e85bfec
https://bscscan.com/address/0x5f330ba134051d247a6700babed73b587b75b21b
https://bscscan.com/address/0x05ad60d9a2f1aa30ba0cdbaf1e0a0a145fbea16f
There are various other addresses which were found which were indirectly linked to the hacker. One of the addresses (still active and trading in high volumes):
https://bscscan.com/address/0x893064ca1550c9ced53e85e24a72679f59385b07