|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
While the founders of two OG protocols, Aave and Maker (now Sky), bro’d down over Starcraft while basking in a “DeFi renaissance moment,” some of the sector’s less well-established projects were going down in history for the wrong reasons.
Two decentralized finance (DeFi) protocols were hacked on Friday for a combined total of over $5 million, while compromised wallets saw a further $5 million drained on Wednesday.
While the founders of two OG protocols, Aave and Maker (now Sky), enjoyed a game of Starcraft and reveled in a “DeFi renaissance moment,” some of the sector’s less well-established projects were going down in history for the wrong reasons.
Repeat DeFi hack or a new bug?
First up was Onyx Protocol, whose $3.8 million loss was initially thought to be a repeat of the well-known bug that drained $2.1 million from the project toward the back end of last year.
Hi @OnyxDAO, you may want to take a look pic.twitter.com/fcU6fHP4jr
Read more: Compound DAO asleep at the wheel as $25M governance ‘attack’ passes
Onyx is a fork of Compound Finance, which contains an infamous vulnerability in which freshly-launched, empty lending markets are briefly left open to a price manipulation attack, if not handled correctly.
Given the popularity of Compound’s v2 codebase with fast-forking DeFi devs, the bug is exploited with alarming regularity across the sector, and was initially identified as having been the cause of Onyx’s latest loss.
However, as the team pointed out in a ‘post-mortem’ thread on X (formerly Twitter), this time the vulnerability also lay in the platform’s ‘NFT Liquidation contract.’ The attacker was able to drain the vUSD stablecoin, which was then sold off, causing it to depeg.
Something’s not adding up
Next came ‘bitcoin restaking’ protocol Bedrock, which appeared to be overly bullish on ETH, costing it around $2 million.
uniBTC by @Bedrock_DeFi was exploited today. The vulnerability allowed for you to mint uniBTC with eth! This function was likely leftover from the uniETH implementation 😅 @spreekaway pic.twitter.com/Xj69wQg2GX
Read more: ‘Cryptographic performance art’ drains contract one block after launch
The faulty code allowed users to mint Bedrock’s uniBTC token at a 1:1 ratio with staked ETH tokens, not taking into account the price difference between the two assets (valued at the time at approximately $65,000 vs $2,650, respectively).
The uniBTC tokens were then sold off for an alternative wrapped bitcoin token, for a return of almost 25x.
Crypto security auditor Dedaub claims to have identified the vulnerability in advance, stating that such a simple bug could be discovered and exploited automatically by ‘fuzzing bots.’
Despite warning the Bedrock team two hours before the attack, there was no response due time zone differences. However, by raising the issue separately with Pendle, a platform with $30 million of exposure to uniBTC, further losses were successfully averted.
The Bedrock team responded to the incident, reassuring users that all uniBTC collateral remains intact. It estimated the losses at “approximately $2 million (mostly in DEX LPs),” adding that a “comprehensive reimbursement plan is being finalized.”
Compromised keys?
On Wednesday, real-world-asset-focused Truflation warned of “some abnormal activity,” which it attributed to a malware attack.
On September 25th, 2024, the Truflation team detected some abnormal activity. An attacker launched an attack using malware. We are currently monitoring the situation and are taking measures to protect funds while we are investigating and working with law enforcement. The…
Read more: Chelsea FC sponsor BingX tried to hide $40M hack behind ‘wallet maintenance’
Blockchain investigator ZachXBT traced total losses of over $5 million from addresses identified as the project’s “treasury multisig and personal wallets,” providing a list of addresses via his Investigations Telegram channel.
While the initial disclosure was scant on details, it does mention a reward to any whitehats able to aid the investigation. This was followed up with an on-chain message to the hacker, offering a 10% ‘bounty’ for the return of the funds.
Assuming funds aren’t returned before 8am (UTC) on Saturday, the bounty will be opened up to the public in return for information leading to a conviction.
Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.
Disclaimer:info@kdj.com
The information provided is not trading advice. kdj.com does not assume any responsibility for any investments made based on the information provided in this article. Cryptocurrencies are highly volatile and it is highly recommended that you invest with caution after thorough research!
If you believe that the content used on this website infringes your copyright, please contact us immediately (info@kdj.com) and we will delete it promptly.
-
- Tonkeeper Now Allows Users to Use HMSTR Coin to Pay for Transaction Fees
- Sep 28, 2024 at 06:15 am
- Tonkeeper, a non-custodial wallet designed for the TON ecosystem, now allows users to use HMSTR coin to pay for transaction fees.
-
- Jupiter Opens Community Vote to Decide the Fate of 215M Unclaimed JUP Tokens
- Sep 28, 2024 at 06:15 am
- The vote, opened on September 27, follows a proposal put forward by the Jupiter team, led by developer Weremeow, as part of the J4J initiative which is aimed at promoting certainty, alignment, and transparency among JUP holders.
-
- Former Binance CEO CZ Released from Prison, BNB Price Stays Flat
- Sep 28, 2024 at 06:15 am
- Binance founder CZ has been released from prison. This news was broken by Watcher Guru a few minutes ago via their official X account.
-
- The Fed’s Rate Cuts Will Erase $1.5B From the Revenue of Major Stablecoins
- Sep 28, 2024 at 06:15 am
- The United States Federal Reserve’s recent decision to cut interest rates for the first time since March 2020 is set to significantly impact the revenue streams of the top five centralized stablecoins
-
- Dogecoin (DOGE) Price Skyrockets 8% as Founder Billy Markus Vows Never to Create Another Crypto
- Sep 28, 2024 at 06:15 am
- Dogecoin (DOGE) price is rallying as the meme coin market recovers. DOGE co-creator Billy Markus clarifies his position and involvement in the crypto space.
-
- Bitcoin (BTC) Price Prediction: BTC Could Rally to a New ATH Before Q4 Ends as Liquidity Surges into the Crypto Market
- Sep 28, 2024 at 06:15 am
- Liquidity is projected to surge into the crypto market in the fourth quarter of the year, creating a favorable environment for a potential parabolic rally in both Bitcoin (BTC) and altcoins.
-
- Internet Computer (ICP) to Be Top 5 Crypto by 2025? These Metrics Suggest 20X Price Growth
- Sep 28, 2024 at 06:15 am
- FredCrypto, a famous analyst, gave insights into the Internet Computer Protocol (ICP) and if it could be among the top 5 digital coins by 2025 in a YouTube video.
-
- Kaspa (KAS) and Cutoshi (CUTO): Two Cryptos Poised for Explosive Growth
- Sep 28, 2024 at 06:15 am
- The crypto market is full of potential winners, but two projects are showing sky-high potential: Kaspa (KAS) and Cutoshi (CUTO).
-
- Coretardio Officially Launches the $CTO Token Airdrop Claim, Which Is Now Live
- Sep 28, 2024 at 06:15 am
- Users can now claim CTO tokens through this airdrop. While the airdrop claim is live, rumours are also circulating that Coretardio will list $CTO