It took the team at Jay Pegs Auto Mart basically zero time to identify and find the hacker responsible for stealing the proceeds from their auction of DONA tokens on SushiSwap’s MISO platform Thursday night. “It only took us five minutes to figure out who he was,” BasedMoneyGod, a salesman at Jay Pegs told The…

Should I just steal the money? There’s a vulnerability in the code… Of a DeFi protocol with $3B in TVL. I was just looking at the open-source code for fun. But now, it’s serious. There’s a bug bounty, a reward that pays out $10K to anyone who finds a major weakness. But exploiting this vulnerability…

At 6am ET on August 10, over half a billion dollars worth of crypto assets were stolen from Poly Network, a cross-chain protocol that facilitates token swaps across multiple blockchains including Ethereum, Binance Smart Chain and Polygon. With the total drained at $600M, this is the biggest DeFi hack in history, dwarfing the $59M EasyFi…

ThorChain, a popular decentralized exchange that enables native token swaps across different blockchains, was exploited yesterday to the tune of $4.9M. According to the project, the exploit was made possible by a recent upgrade to the protocol’s “Bifrost” router that connects ThorChain to Ethereum. The change allowed the attacker to trick the router using a…

What are CryptoPunks packing down there?  That’s what one new limited-run avatar NFT project, CryptoJunks, is sharing with the Internet. The CryptoJunks project uses the head and shoulders art of CryptoPunks to create matching genitalia. There’s tentacle penises, peeing pee-pees, regular ole schlongs; pink, coiffed lady parts, peach punani and sadist snatches, where the hand…

The value of SafeDollar (SDO), an algorithmic stablecoin intended to be pegged to $1, has dropped to zero after a $248K exploit on Polygon. In a post-mortem analysis published on June 28, SafeDollar reported it had lost $202K of USDC and $46K of USDT as a result of an attack on one of its pools…

SharedStake, a decentralized ETH2.0 Staking-as-a-Service protocol, is in disarray after a suspected inside job.  In a series of transactions on June 19 and June 23, a ‘rogue developer’ withdrew $500K worth of SGT, the project’s governance token, from the team’s allocation. These tokens were locked in a vesting contract and were meant to be unlocked…

Anyone in DeFi is probably familiar with the rug pull — the scam in which crypto developers abandon a project and vanish with investors’ tokens and funds. Now say hello to the “soft rug.” In this new breed of grift a project’s founders simply dump their tokens and exit a project instead of taking control…

A bug was discovered in the Alchemix Finance alETH contract on Wednesday morning, leaving the project undercollateralized by 2,688 ETH, or roughly $6.4M, as users were able to withdraw these funds without repaying their loans first. Alchemix Finance recently launched alETH, a synthetic yield derivative that lets DeFi users borrow 1 alETH for every 4…

xToken, a project which automates staking and liquidity strategies and wraps them into ERC-20 tokens, has been hacked to the tune of ~$25M. The attack resulted in xToken’s TVL dropping by roughly 30% to $63M, according to DeFi Llama. The xSNXa and xBNTa token contracts, for which xToken automates the staking strategies as well as…