On 1 Sept 2022, @KyberNetwork faced a breach, compromising UI due to an ex-employee’s compromised Cloudflare account.
Attackers exploited this to display deceptive “Increase Allowance” prompts, affecting two users. One user suffered a $314,000 loss, later reimbursed by Kyber. The compromised #API key facilitated the deploying of malicious scripts via Cloudflare Workers.
On Sep 4, 2021, DAO Maker’s vesting contract was exploited due to an exposed
init() function in the #smartcontract, allowing an attacker to reset four token contracts and subsequently extract significant funds.
Affected #tokens included DeRace Token (DERC), Coinspaid (CPD), Capsule Coin (CAPS), and Showcase Token (SHO).
On Sep 12, 2022, Corgi Finance ($COG), a token created on the DogeChain, was subjected to a rug pull incident for ~44 ETH (~$200k).
The Movement of Stolen Funds
The hacker (0x931A7c641E12e623225CFCF186869F4e5859303f)
transferred the stolen funds to the address 0x11c8e05a8f9863a2a039cb2a9dfd38eb55d9047f on #ethereum chain on Sep 11.
Months later, the attacker moved funds to another address, 0x42d0ea48397639145f5da0a6ef630dfb70940bbf, on Feb 2, 2023.
Finally, on Feb 9, 2023, the exploiter transferred the entire stolen funds to Tornado Cash.
☠️The 0x42d0e… address is still active and has had interactions with several addresses and tokens having a poor reputation.
Some addresses and tokens are listed below:
Most of these tokens are distributed via Airdrop and are suspected to be honeypots along with phishing links like hxxps://yfDAI.in etc.
On Sep 13, 2022, the SAD Token on the BSC chain was exploited for 💰~$824k. An EOA 0x95d8 called a privileged function from an unverified contract to drain 69.9k LP tokens.
Token Contract: 0xD795CaC8d9265A1f8c630b3f4F1C16EabaD2bFF7
Interestingly, the same EOA was found to be linked to another exploit that happened on June 22, 2022, when @pandorachainDAO came under a flash loan attack and lost $128k worth of #crypto assets.
On 19 Sept 2022, EthereumPoW token (ETHW) saw an exit scam.
Price manipulation resulted in an illicit gain of approximately 💰~$40K USD for the exploiter.
On 19 Sept 2022, the BNQ token (BNQ) saw a rug pull.
This saw a plunge of 99.46% in its value. EOA 0x7F725 benefitted by getting 152M BNQ, which it later sold for around 💰~233K USDT. Concurrently, the Deployer burnt 750K BNQ.
On Sep 19, 2021, @pNetworkDeFi, a cross-chain protocol enabling “wrapped” tokens’ inter-blockchain use, faced a severe breach.
A flaw in their event logs processing led to an attacker exploiting the vulnerability, robbing the protocol of 277 BTC worth an enormous 💰~$13M!
On September 21, 2021, @VeeFinance was exploited for 💰~$35M (8804.7 ETH and 213.93 BTC) due to smart contract vulnerability. The incident occurred due to a vulnerability in the system’s price feed and decimal processing.
Hacker Add: 0xeeeE458C3a5eaAfcFd68681D405FB55Ef80595BA
Exploited Contract Address: 0xd1F855ceF146D36CC5851E2139c54524420797f2
Single Source Price Feed: The protocol relied on a single source, the Pangolin pool, for price data. The pool’s price fluctuated more than 3%, allowing the attacker to manipulate it.
Decimal Processing: Price data obtained from the oracle was not properly processed for decimals. This resulted in inaccurate calculations, particularly when dealing with tokens with significantly different decimal places.
Price Manipulation: The attacker manipulated the number of tokens in the Pangolin pool to force the Vee Finance oracle to refresh the price inaccurately. This manipulation directly caused the slippage check to fail.
Forged cTokenB: In a subsequent update, it was revealed that the attacker forged cTokenB for leveraged transactions. This led to discrepancies in price calculations, further complicating the attack.
On September 28, 2020, a hacker exploited a #smartcontract vulnerability in an unreleased #DeFi project called Eminence Finance, created by Andre Cronje @AndreCronjeTech, who happens to be the founder of another defi Yearn @yearnfi
This hack resulted in the theft of 💰$15 million worth of cryptocurrency.
The vulnerability allowed the attacker to use a flash loan to manipulate the price of EMN #tokens, which were part of the Eminence project.
Surprisingly, 11 minutes after the hack, the exploiter returned $8 million to the Yearn: Deployer contract.
The motive behind this return remains unclear, and it led to various speculation within the crypto community at that time.
While the incident highlighted risks in DeFi projects and the importance of security audits, it also raised questions about the responsibility of developers in promoting unfinished projects to avoid FOMO (Fear of Missing Out) among investors.