June 27
Table of Contents
June 27, 2023, marks the day of the exploit for Themis Protocol, a decentralized lending and borrowing platform on the #Arbitrum chain. The exploit caused losses of ~💰$370K to the protocol.
The attack was carried out by manipulating the Balancer LP token price oracle, which resulted in the inflated price for B-wstETH-WETH-Stable-gauge. This eventually led to the exploiter making significant profits through flash loans.
💡Blockchain Oracles & Their Use Cases
Technical Details of Hack
Attackers address: https://arbiscan.io/address/0xDb73eb484e7DEa3785520d750EabEF50a9b9Ab33
Exploited contract: https://arbiscan.io/address/0x75f805e2fb248462e7817f0230b36e9fae0280fc
Attack Transaction: https://arbiscan.io/tx/0xff368294ccb3cd6e7e263526b5c820b22dea2b2fd8617119ba5c3ab8417403d8
The Stolen Funds
After stealing the funds, the Themis Protocol exploiter cross-chained through Stargate Finance. The funds were swapped for ETH and subsequently moved to the address https://etherscan.io/address/0xDb73eb484e7DEa3785520d750EabEF50a9b9Ab33
At a later date, the exploiter moved 191 ETH to Tornado Cash, a coin-mixing service often used by Hackers to obfuscate the trail of stolen funds.
Not the First Price Manipulation Exploit in Crypto!
Oracle price manipulation exploits are not new in the blockchain world. Look at the list of other crypto hacks where the hacker employed more or less similar techniques to carry out an exploit.
💡List of Oracle Manipulation Exploits/Hacks in Crypto
June 26
😈On June 26, 2022, the NFT lending pool @XCarnival_Lab ’s XToken lending contract on the Ethereum chain was exploited for ~💰$3.8M (~3,087 $ETH)
The hack was a result of a smart contract vulnerability, which allowed the hacker to use withdrawn pledged NFTs as collateral and drain the funds.
The Attack Flow:
- The hacker gets funded with 120 ETH from the cryptocurrency mixer Tornado Cash
- Deploy the attack contract (0xf70F…cA8d)
- Use 87 ETH from this fund to buy BAYC NFT with ID 5110 and transfer transfer 5110 BAYC to the attack contract.
- Use the attack contract (0xf70F…cA8d) for bulk creation of pledge records.
- As there was no restriction on the Xtoken address in the pledge, the attacker easily passes his own pre-deplyed attack address for calling IXToken (xToken).borrow.
- The attacker’s Xtoken avoids borrowing funds in the pledge record to withdraw pledged NFT immediately at will.
- Due to the logical flaw, the pledge record of Xtoken is not updated; only the marker of whether the NFT is withdrawn is modified.
- The attacker creates multiple attack contracts and then repeatedly transfers the NFT to repeat the previous steps, creating multiple abnormal pledge records.
- Since the borrow verification does not verify the status of the NFT but only verifies the order ID, the exploiter uses these multiple abnormal pledge records to borrow a large sum.
- The attacker transfers the profits to his wallet address.
What Could Have Prevented It?
This hack could have been avoided if the address of Xtoken had a whitelist for restriction and verification and if the business logic had been set to verify the status of the collateral multiple times.
The NFT staking time could have been limited to ensure it could not be withdrawn instantaneously.
An extensive security audit by experienced Blockchain and Smart Contract security auditors in the Web3 space could have detected such business logic flaws and vulnerabilities before its deployment on the mainnet.
Technical Details
👉Attack Txn:
0x51cbfd46f21afb44da4fa971f220bd28a14530e1d5da5009cfbdfee012e57e35
👉Pledge Records Creation Txn:
0x60a3143c1c7a40d650e9e319d99425da5a87604f474279765f4ffbc0c4c375c2
👉Hacker’s address:
0xb7cbb4d43f1e08327a90b32a8417688c9d0b800a
👉Attack Contracts
- 0xf70F691D30ce23786cfb3a1522CFD76D159AcA8d
- 0x3edf976dF38f7d6273884B4066e3689Ef547D816
- 0x7b5a2f7cd1cc4eef1a75d473e1210509c55265d8
- 0x234e4B5FeC50646D1D4868331F29368fa9286238
👉Official Contracts
- XToken 0x5417da20ac8157dd5c07230cfc2b226fdcfc5663
- XNFT 0x39360ac1239a0b98cb8076d4135d0f72b7fd9909
- P2Controller 0x34ca24ddcdaf00105a3bf10ba5aae67953178b85
June 24
😈Harmony’s Horizon Bridge, a cross-chain bridge, was exploited for 💰$100M on June 24, 2022.
The hacker used the compromised private keys in the @harmonyprotocol
and stole multiple cryptocurrencies, including ETH, USDC, WBTC, USDT, DAI, BUSD, AAG, FXS, SUSHI, AAVE, WETH, and FRAX.
💡Compromised Private Keys: Threats and Remedies
💡Public and Private Keys: A Must Know In Cryptography!
How did the Exploit Happen?
The Harmony Horizon Bridge used a multi-signature—or “multisig”—wallet for the validation process. The transaction approval required validation from five validators.
However, the bridge was utilizing only two validators instead of five to secure itself, which meant the attacker only needed access to 2 private keys to carry out the attack.
The hacker moved stolen funds to the Tornado Cash to obfuscate the stolen fund trail.
Post-hack, the number of validators in the multi-signature were changed from 2 to 4.
List of Crypto Hacks Due to Private Key Compromise
💡List of Compromised Private Key Crypto Hacks
Technical Details
The two (multisig) addresses that were compromised:
- https://etherscan.io/address/0xf845A7ee8477AD1FB4446651E548901a2635A915
- https://etherscan.io/address/0x812d8622C6F3c45959439e7ede3C580dA06f8f25
Exploiter address: https://etherscan.io/address/0x0d043128146654c7683fbf30ac98d7b2285ded00
Harmony ETH Bridge: https://etherscan.io/address/0xf9fb1c508ff49f78b60d3a96dea99fa5d7f3a8a6
Harmony ERC20 Bridge: https://etherscan.io/address/0x0d043128146654c7683fbf30ac98d7b2285ded00
Harmony BUSD Bridge: https://etherscan.io/address/0xf9fb1c508ff49f78b60d3a96dea99fa5d7f3a8a6
June 17
😈On June 17, 2023, the defi protocol Midas Capital on the BNB chain was exploited to steal 💰$600K worth of crypto assets.
The critical vulnerability responsible for the exploit at Midas Capital was a rounding issue within its lending protocol.
This protocol, a derivative of Compound Finance’s V2 codebase, had a flawed redemption process, which the attacker manipulated using a rounding issue and flash loans.
Midas Capital Hack—June 17, 2023—Detailed Analysis
🤔Coincidentally, the same rounding issue was behind the 💰$7.4M exploit of @HundredFinance in April 2023.
Hundred Finance Hack—April 15, 2023—Detailed Analysis
June 12
😈On June 12, 2023, defi protocol Sturdy Finance was exploited due to a smart contract vulnerability. In the attack, @SturdyFinance lost 442 ETH worth ~$775k.
The manipulated vulnerability was the read-only reentrancy in the Balancer which led to the exploit by allowing a faulty price oracle to determine the cB-stETH-STABLE asset price and consequently help the exploiter in make illicit profits.
The detailed analysis report for the hack can be found here:
https://www.immunebytes.com/blog/sturdy-finance-hack-june-12-2023-detailed-analysis/
How to Tackle Read Reentrancy Attacks?
This hack could have been prevented if the developers had taken the following precautions and steps:
✔️ To detect potential vulnerabilities, regularly perform thorough code reviews and security audits by experts.
🔎@ImmuneBytes brings you a team of expert auditors who can sniff out all potential vulnerabilities in your contract that might become a doorway for hackers.
Setup a free consultation call here:
https://www.immunebytes.com/contact-us/ or https://t.me/immunebytes
✔️ Implementing Reentrancy Guards is an effective strategy against such attacks. The ReentrancyGuard from OpenZeppelin is commonly used by developers across the Web3 space.
https://www.immunebytes.com/blog/shield-your-smart-contracts-with-a-robust-reentrancy-guard/
✔️ Ensures that the state is updated before any external calls are made. This can prevent the attacker from reentering the contract with the old state.
✔️ If using call, set a fixed gas limit for external calls to mitigate the risk of reentrancy attacks by limiting the amount of gas the called function can consume.
✔️ Prefer pull payment models over push payment models. In a pull payment model, users withdraw their funds instead of the contract sending funds to users automatically.
✔️ Leverage well-audited libraries and contracts, such as those provided by OpenZeppelin, to benefit from community scrutiny and best practices.
Technical Details of the Hack
Exploiter Add:
https://etherscan.io/address/0x1e8419e724d51e87f78e222d935fbbdeb631a08b
Exploited Contract:
https://etherscan.io/address/0x59276455177429ae2af1cc62B77AE31B34EC3890
Exploit Txn
https://etherscan.io/tx/0xeb87ebc0a18aca7d2a9ffcabf61aa69c9e8d3c6efade9e2303f8857717fb9eb7
June 11
😈MEV Bot service provider @JokInTheBoxETH on the #ethereum chain suffered an exploit on June 11, 2024, and lost ~💰$34K worth of its assets.
The lost assets include ~109 billion $JOK, which were swapped for 9.12ETH by the attacker post-hack.
Team @JokInTheBoxETH acknowledged the exploit through a post on their official X handle and stated that to compensate the users affected in the exploit, they would airdrop the exact amount of tokens each user staked and lost on the platform within 24h.
They also reassured the community of their commitment to the platform’s stability and value by announcing a token buyback and burn strategy. In an effort to reduce the circulating supply, they will buy back 110B $JOK tokens from the market over time and burn them, demonstrating their dedication to the community’s long-term interests.
The exact reason behind the exploit is not known yet but the exploit is currently being investigated.
Attacker:
https://etherscan.io/address/0xfcd4acbc55df53fbc4c9d275e3495b490635f113
Attack contract:
https://etherscan.io/address/0x9d3425d45df30183fda059c586543dcdeb5993e6
Attack Txn:
https://etherscan.io/tx/0xd14f5d5181c181d1c0734ebf7976199652caaad91fad9391b8a725407a284852
Target contract:
https://etherscan.io/address/0xa6447f6156effd23ec3b57d5edd978349e4e192d (JokInTheBoxStaking)
June 10
😈The Defi protocol @UwU_Lend was exploited in an attack on June 10, 2024, resulting in the loss of ~$20M worth of crypto assets.
The Attack
The initial analysis indicates that the attacker (who was initially funded by Tornado Cash) carried out the attack using Oracle price manipulation in tandem with flash loans.
The sUSDE price fetched by sUSDePriceProviderBUniCatch (0xd252953818bdf8507643c237877020398fa4b2e8) is decided by five oracles namely, FRAXUSDe, USDeUSDC, USDeDAI, USDecrvUSD, and GHOUSDe.
The attacker cleverly manipulated the price of these five oracles to artificially inflate the price of sUSDE.
What are Oracle Manipulation Attacks in Blockchain?
This attack was conducted from a single wallet address, and it stole several tokens, including wrapped ether (WETH), wrapped bitcoin (WBTC), and stablecoins.
The attack took place in three transactions, and the hacker swapped the stolen assets for ETH and split them into the following two Ethereum wallets through the decentralized exchange Uniswap.
- https://etherscan.io/address/0x48D7C1dd4214B41EDa3301BCA434348F8d1C5EB6
- https://etherscan.io/address/0x050c7E9c62Bf991841827F37745DDaDb563FEB70
Attacker Address:
https://etherscan.io/address/0x841dDf093f5188989fA1524e7B893de64B421f47
Attack Transactions:
- https://etherscan.io/tx/0x242a0fb4fde9de0dc2fd42e8db743cbc197ffa2bf6a036ba0bba303df296408b
- https://etherscan.io/tx/0xb3f067618ce54bc26a960b660cfc28f9ea0315e2e9a1a855ede1508eb4017376
- https://etherscan.io/tx/0xca1bbf3b320662c89232006f1ec6624b56242850f07e0f1dadbe4f69ba0d6ac3
The UwU Lend Controversy
UwU Lend was founded by Quadriga CX co-founder Michael “Sifu” Patryn, who is not new to controversy.
When Quadriga CX collapsed in 2022, it was found that an address linked to him transferred $5.5 million worth of ether (ETH) to Tornado Cash.
He is also connected with the defi cryptocurrency project Wonderland, which he ran pseudonymously before his identity was revealed. As soon as this fact came to light, the protocol suffered a meltdown.
List of Oracle Manipulation Exploits/Hacks in Crypto
😈On June 10, 2023, Atlantis Loans (an abandoned project on the BNB Chain) experienced a governance attack, which resulted in a loss of over $1 million.
The exploiter managed to establish themselves as the administrator of the token’s proxy contract, thereby gaining control and manipulating its functionalities.
Any users who had granted approvals for the Atlantis Loan contract and have not revoked them had funds extracted from their wallets.
Atlantis Loans Hack, June 10, 2023: Detailed Hack Analysis
Governance attacks in the cryptocurrency context refer to malicious or manipulative actions aimed at influencing the governance mechanisms of a blockchain or decentralized organization (such as a Decentralized Autonomous Organization, or DAO) for personal gain or to cause disruption.
Must Read:
What Are the Governance Risks Associated With Blockchains?
Exploring the Perils of Centralized Systems in the Cryptocurrency Landscape
Here are some common forms of governance attacks:
- 51% Attack: If an entity controls the majority of the voting power (or stake in proof-of-stake systems), they can unilaterally make decisions, passing proposals that benefit them even if these proposals are harmful to the network.
51% Attack in Blockchain: ImmuneBytes explains - Sybil Attack: An attacker creates multiple identities to gain a disproportionate influence over the voting process. This is easier in systems where the cost of creating new identities is low.
Is Sybil Attack a Threat to Blockchain? - Front-Running: In blockchain systems, proposals and votes are often public. Attackers can see upcoming proposals and position themselves to influence the outcome before other stakeholders can react.
Front-Running Attacks in Blockchain: The Complete Guide - Proposal Manipulation: Attackers can submit misleading or malicious proposals that appear beneficial on the surface but contain hidden mechanisms or clauses that serve their interests.
- Snapshot Manipulation: Manipulating the timing of when snapshots of token holdings are taken for voting purposes, allowing attackers to temporarily acquire tokens just long enough to influence a vote, and then offload them.
June 9
😈On June 9, 2024, the Defi ZK-rollup protocol @loopringorg on the Ethereum chain was exploited for ~1373 $ETH worth ~ $5M.
How the Hack Happened?
The hacker breached the security (2FA service) of the Loopring Official Guardian wallet and obtained the required privileges to pose as a wallet owner, only to reset ownership later.
This enabled the exploiter to initiate the recovery process from the Official Guardian wallet and withdraw assets.
To contain the hack and protect user funds, the Guardian-related and 2FA-related operations have been temporarily suspended.
To obfuscate the stolen funds trail, the exploiter has already started moving funds to different addresses.
Loopring is in touch with law enforcement and professional security teams to track down the exploiter.
While the hack is being investigated, the possible reason for the breach of 2FA security could be the SIM swap fraud.
How to Protect Yourself Against a SIM Swap Fraud
How to Make Crypto Wallets More Secure To Use?
Stolen Funds
59674.218749 USDC | 6.81 wstETH |
24050.537677 USDC | 6.7387 wstETH |
14730.392262 USDC | 5.22499977 ciETH |
1271.80597 USDC | 4.58107434 ciETH |
20.15748405 wstETH | 2.72981463463 wstETH |
10.77 wstETH | 1.74 ciETH |
10.663135971 wstETH | 1.5197967494 wstETH |
7.36 wstETH | 0.5132247 WBTC |
Hacker Addresses:
- https://etherscan.io/address/0x44f887cfbd667cb2042dd55ab1d8951c94bb0102
- https://etherscan.io/address/0xbacef3a142e39f14f4f15e22e9248ee4141af18f
Hack Txns:
- 0x3a73899ed54d1946e32bcdd457d2790da009a67b6a689c3429752301579faaf4
- 0x30d987922c5cf9e31016b174d24ef6d0547fd8964d3b56ea0f07ca6450d9d085
- 0x051065b414e0e9801e850b49860cd2b257d27a28a70025b334b95aacb42dd716
- 0xb81dcfd0b51a44340b802d7d6c7aa31e47bcab245af3c4e26553771e92ebb56c
- 0x2662a4e2f39e1fe53c85ce689770dfd91d9e36c7ce07e82f75d097930e2adc7f
- 0xb3c54acd736ad4887eed7f2aca8a4f68d7a9a86a7aeb8a7d6950434e9d21670e
- 0x05898b988c768215e58fd2375403926d768716a55279ce3cbad31645d9604d80
June 6
😈On June 6, 2022, the Maiar Exchange (now @xExchangeApp), a DEX on the Elrond blockchain (now @MultiversX), was exploited for ~$113M worth of Elrond eGold.
This caused a temporary suspension of services at Maiar. The exploit happened due to a smart contract bug.
June 2
😈Velocore—the decentralized exchange (DEX) protocol on zkSync and Linea—was hacked on June 2, 2024, causing a loss of ~$10M of the users’ funds.
The root cause of the hack has been found to be the vulnerabilities within the Balancer-style CPMM pool contract.
The Vulnerabilities
There was a flaw in the logic within the ‘velocore__execute()’ function of the ConstantProductPool.
Along with that, there was also an underflow vulnerability which comes into play when withdrawing LP into a single token.
On top of that, there was an additional vulnerability due to which the velocore__execute()
function does not verify whether the caller is the Vault or not.
The attacker, who was initially funded from the Tornado cash, exploited these vulnerabilities in conjunction with flash loans to carry out the attack.
The stolen funds were later bridged to the Across Bridge and finally deposited back to the Tornado cash.
Learn How Underflow and Overflow Vulnerabilities can Prove to Be Fatal In an Attack
https://immunebytes.com/blog/explained-overflow-and-underflow-vulnerability-in-smart-contracts/
Hack Status
As per the official update by Team Velocore,
- All volatile pools(CPMM) in Linea and zkSyncEra Velocore are affected.
- No stable pools are affected.
- The vulnerabilities have been taken care of to avoid any further exploit
- A snapshot of the blockchain state prior to the incident has already been taken.
- The affected users will be duly compensated once the operations are resumed.
- Efforts are ongoing to track, freeze and recover the stolen funds by collaborating with various exchanges and security security partners.
- An on-chain negotiation with the hacker is also being contemplated.
Balancer-style CPMM pool contract:
https://github.com/velocore/velocore-contracts/blob/master/src/pools/constant-product/ConstantProductPool.sol
Attacker address: 0x8cdc37ed79c5ef116b9dc2a53cb86acaca3716bf
Stolen Funds are currently parked at-0xe4062fcade7ac0ed47ad794028967a2314ee02b3
EOA:
- 0x8cdc37ed79c5ef116b9dc2a53cb86acaca3716bf
- 0xd8c465ecd8c6f1a0c114890f1ef553f82e59d274
Affected Contracts:
- 0xed4e130f6f9e68918996f7e1e46a3306b3e12cec
- 0xb7f6354b2cfd3018b3261fbc63248a56a24ae91a
- 0xc030fba4b741b770f03e715c3a27d02c41fc9dae
- 0xf7f76b30a301524fe76508546B1e3762eF2B9267
Hack Txs
- https://lineascan.build/tx/0xed11d5b013bf3296b1507da38b7bcb97845dd037d33d3d1b0c5e763889cdbed1
- https://lineascan.build/tx/0x37434e674efc4e7cfeed7746095301ace5636028906fe548b786ead286e35eb0
- https://explorer.zksync.io/tx/0x4156d73cadc18419220f5bcf10deb4d97a3d3f7533d63ba90daeabc5fd11ba17
June 1
😈On June 1, 2022, Liquidity pool @CoFiXProtocol suffered an attack and lost $140K to a smart contract vulnerability.
Contract Address: https://bscscan.com/address/0xde9972fe2567b7eeb3c015d7dcaefa8580877f7d#code
Hack Txn: https://explorer.phalcon.xyz/tx/bsc/0x927723660249253399e54c192a5f989ceacf46fbb967ab364d4405155539bec8