CREAM Finance Exploited for $130M in DeFi’s Third-Largest Hack
DeFi lending protocol CREAM Finance has been exploited for over $100M, according to data compiled by security firm Peckshield.
DeFi First Looks
Lossless: The First DeFi Hack Mitigation Tool
Lossless is the first DeFi hack mitigation tool for token creators. Lossless Protocol freezes fraudulent transaction based on a set of fraud identification parameters and returns stolen funds back to the owner’s account.
DODO DEX Suffers $2.1M Hack
DODO, a crypto exchange with contracts on both Binance’s Smart Chain and Ethereum, has suffered a $2.1M hack. The hacker attacked DODO’s Crowdpools, which the project launched in February as part of their version 2 (V2). “On March 8, Several DODO V2 Crowdpools were attacked. WSZO, WCRES, ETHA, and FUSI pools were impacted, while AC…
You Stole $37M, Now What? The $CREAM $ALPHA Exploit Unpacked
Last weekend Alpha Finance was hacked to the tune of $37m but this was a hack so specific and well-informed it was immediately assumed to have been an inside job. Have you ever wondered what happens when a hack goes down, or how a perpetrator can successfully escape with the money?
DeFi Dev Offers $320k to Whoever Finds Critical Bug in Ethereum Dapp
ArmorFi’s CTO Robert Forster is partnering with bug bounty platform Immunefi to personally offer the equivalent of $320k to anyone who can find a critical smart contract bug in any Ethereum ecosystem project. The program, which is hosted on Immunefi and called the R Bounty, is designed to encourage responsible disclosure of critical vulnerabilities. The…
CREAM and Alpha Finance Get Hacked for $37.5M
DeFi experienced one of its more complex exploits over the weekend. An attack which resulted in ~$37.5M drained from CREAM Finance’s Iron Bank using Alpha Homora’s leveraged debt. An attacker was able to use Alpha’s sUSD contracts which had not yet been released to the public or made available in the UI to act as…
Yearn Restores yDAI Vault and Compensates Hack Victims
Yearn Finance, the yield aggregator protocol which suffered the first major hack of 2021 last week, is healing, making its Dai savings smart contract available to users again, and compensating victims of its recent hack. Yearn has restored its yDAI vault and returned $9.7M in DAI funds to users who had their stablecoins deposited in…
Yearn Loses $11M in 2021’s First DeFi Hack
Yearn Finance, the yield aggregation protocol founded by Andre Cronje, has been hacked. One of the platform’s so-called vaults lost $11M, and the attacker got away with $2.8M. It’s the first DeFi hack of the year, after $100M worth of attacks in the sector last year, according to a report by Ciphertrace. About half of…
Insurance Protocol Cover Exploited for $9.4M
DeFi’s rising insurance protocol Cover Finance was exploited for $9.4M worth of user funds after a group of hackers used a faulty smart contract to mint quadrillions of COVER tokens. Cover Finance allows users to buy smart contract protection on supported DeFi protocols by buying CLAIM tokens that can be redeemed in the event of…
Ledger Data Hack Shows Crypto Storage is a Catch 22
Crypto hardware wallet provider Ledger had thousands of its users’ sensitive information leaked to the public this weekend. The data breach that occurred in June was brought to light after a public hacker shared the stolen data on leaking site Raidforum, after months of it supposedly ‘selling for six figures’ on dark marketplaces. The proprietary…
Flash Loan Attacker Drains $8M From Warp Finance
Investors are depositing millions into new DeFi protocols launched by anonymous developers, at times only to be wiped away in a hack. The latest to suffer that unfortunate fate is Warp Finance. Promising to be a money market where users can borrow and lend tokens and stablecoins representing liquidity in automated market makers, Warp rapidly…
DeFi Dre and the Invisible Hacked Pickles
Another week, another hack… what have we learned this time?
Evil Pickle Jars Makes Off with $20M
The latest affected project in a series of DeFi exploits is Pickle Finance – an automated yield aggregator with a mission to make stablecoins stable. Over the weekend, a hacker was able to exploit Pickle’s code to transfer $19M worth of Dai to an ‘Evil Jar’, leaving most LP’s in a pickle. The project allows…
Flash Loans, and Attacks – Explained
After five attacks and millions of dollars lost due to an exploit, this week we’re diving deep into the mechanism behind what made this possible: Flash Loans. Some called it a magnificent attack, some called it art. But there are other important questions to be asked: were the flash loan attack prevention, fake token attack…
Flash Loan Hackers Drain $16M+ From DeFi Protocols in One Week
Hackers were able to drain $16.4 million in ETH and Dai from DeFi projects Akropolis, Value DeFi Protocol, and Origin Protocol using flash loans, just in the past week. Value DeFi Attack An attacker on Value DeFi swapped flash-loaned ETH for DAI and USDT, deposited part of the flash-loaned DAI into Value DeFi’s multi-stablecoin vault. They…
Harvest Finance Grapples to Make Users Whole After ~$34M Hack
Harvest Finance, one of the latest DeFi projects to ride on the waning yield farming wave, was exploited over the weekend, shortly after its total value locked crossed the $1B mark. The hacker was able to drain $33.8M worth of stablecoins. Users can deposit a variety of stablecoins and governance tokens in the Harvest platform…
Andre Cronje Diehards Take "Test in Prod" Over The Edge With $15M Hack
The latest ‘test in prod’ experiment from Yearn founder Andre Cronje has many degen traders questioning their YOLO nature following a flash loan attack of contracts which hadn’t been officially released to the public yesterday afternoon. Eminence Finance, an NFT gaming ecosystem which was still in development, was exploited by a hacker who stole $15M...
bZx Hacked for $8M After Security-Focused Relaunch
bZx had relaunched just two weeks ago, highlighting its increased focus on security after attackers were able to make $900k in two exploits earlier this year. Last night, it was exploited once more. The hacker was able to duplicate tokens received in exchange for deposits in the protocol, called iTokens, and then use those iTokens…