DeFi
Millions Lost After Three DeFi Protocols Hacked in One Weekend
The decentralized finance (DeFi) sector often proves to be a minefield for those looking for the latest opportunities; a fact that was perfectly illustrated by a trio of incidents over the weekend.
Ethereum-based lending platform Dough Finance lost nearly $2 million on Friday in a series of hacks fueled by flash loans. raised the alarm before new attack transactions were identified by ExVul, bringing the total loss to $1.96 million.
Learn more: CertiK Returns Funds on Its Own Terms After Hacking Kraken for $3 Million
The vulnerability was identified as a lack of validation of flash loan “callback” data, according to crypto auditing firms Ancilia And CertiKA flash loan allows a user to access large amounts of cryptocurrency, provided the amount is repaid in the same transaction.
Peckshield followed the flow of funds, demonstrating the funding of the attack via Railgun and the whitening funds via Tornado Cash after the event. Railgun and Tornado Cash are both controversial privacy tools, often used by hackers to cover their tracks.
In what was the platform’s first post on X (formerly Twitter), Dough Finance recognized the hack a few hours later.
After a much-needed break on Saturday, Sunday saw two incidents that illustrate the wide range of attack vectors facing DeFi users.
First, Ethena’s Discord server, transmitter of $3.4 billion The “synthetic dollar” USDe has been compromised. The breach led a seemingly legitimate account to post the promise of “retroactive rewards” for token holders while linking to a malicious URL.
Image taken from ZachXBT’s Telegram channel.
Learn more: Ethena offers 27% on stablecoins, but where does the yield come from?
The suspicious message was reported by ZachXBT via Telegram, and Ethena issued an official warning in a job on X shortly after, which has since been deleted.
The incident highlights the variety of dangers facing DeFi users, which come not only from hacked “smart contracts” containing their crypto, but also from insecurities in existing web infrastructure, such as social media or the project websites themselves.
The ongoing DNS hacks on Squarespace are *even* *worse* than the phishing attacks on major sites.
If an attacker controls a project’s DNS, they also control the project’s email. With this, they can reset passwords and take control of team members’ accounts on other services.
— Daniel Von Fange (@danielvf) July 12, 2024
Learn more: Compound Finance and Celer Network websites compromised by front-end attacks
Last week, a wave of web domain hijacking hit the industry, with Compound Finance, Celer Network, Pendle Finance, and (ironically) Unstoppable Domains among those affected.
To round out the weekend, another lending platform, Minterest, informed the users for whom it was exploited $1.4 million Sunday night. The hack, which took place on Ethereum-rollup Mantle, also appears to have been a flash loan attack, similar to the one who hit Dough Finance on Friday.
Important update from Minterest
Attention Minterest users,
We are currently investigating an exploit on Minterest. As a precaution, we have temporarily suspended certain operations on the Minterest app:
👉 On pause: offer and borrowing
👉 Active: Refund and withdraw…— Minterest (@Minterest) July 14, 2024
Learn more: Sifu’s UwU Lend Reportedly Hacked for $20 Million, Curve’s Egorov Among Those Affected
The attacker address was funded via Tornado Cash on Ethereum, suggesting that the Minterest team hopes The hypothesis that the hacker “performed this exploit as a white hat” may be short-lived.
But it wasn’t all bad. note by Cyvers, a phishing victim, who lost $32 million of ETH staked by Lido over a year ago has started receiving reimbursement.
After being contacted out of the blue via a channel message reading “I’m the guy who took your money…I want to give you the money back,” the victim has today confirmed reception of more than 10 million DAI over the past week.
Got a tip? Send us an email or ProtonMail. For more up-to-date information, follow us on X, Instagram, Blue skyAnd Google Newsor subscribe to our Youtube channel.