Cointime

Cointime

Download App
iOS & Android
Home / Security

DeFi Sector Suffers $2 Million in Losses from Governance Attack, Oracle Exploit, and Tool Vulnerability

Decentralized finance (DeFi) projects have suffered losses of approximately $2 million in three separate incidents over the past few days. These incidents highlight the various threats faced by DeFi users, including governance attacks, third-party vulnerabilities, and hacking attempts.

Atlantis Loans and Sturdy Finance, two lending platforms, were targeted in governance attacks and via a known vulnerability in their price oracle system, respectively. Additionally, the open-source nature of DeFi was exploited through a vulnerable tool called K3PR, resulting in losses of around $200,000 worth of K3PR tokens to the attacker's address.

The recent compromise of the Keep3r project due to an insecure vanity address tool called Profanity was warned about by decentralized exchange 1inch in September, and Wintermute lost $160 million to the same bug five days later. Composability between projects can lead to innovation but also creates risks when depending on external code, as seen in the $200 million Euler hack in March.

1inch Network 1inch Network $0.26
-1.88%
Decentralized Finance DeFi
Comments

All Comments

Recommended for you

  • SlowMist: About 55 million DAI that were stolen were sent to different addresses and most of them were converted into ETH

    On August 22nd, according to SlowMist monitoring, approximately 55 million DAI stolen from a user in a previous phishing attack was sent to different addresses, but some were collected again at address 0x8cc568f3565a7ed44b3b0af8765a7ef67b8bc2dc. Most of it was later exchanged for ETH.

  • Cyvers Alerts: A phishing address converted assets into 2,881 ETH and then transferred them to two addresses

    According to Cyvers Alerts monitoring, a fake phishing address exchanged all digital assets for 2881 Ethereum (about $7.66 million), and the stolen funds were subsequently transferred to two different addresses.

  • Ronin COO: Ronin bridge has been temporarily disabled, more information will be released later

    In response to community concerns about the bridge being attacked, Ronin COO Psycheout posted on X platform stating that Ronin Network Bridge has been temporarily suspended as we investigate reports of potential MEV vulnerabilities from white hat hackers. We will soon release more information. The Ronin Bridge currently secures over $850 million in funds.Previous reports suggest that Ronin may have been attacked, involving $9.33 million in funds.

  • ZachXBT: Sydney Sweeney’s X account hacked and linked to hacker Gurvinder Bhangu

    American actress Sydney Sweeney suffered a major cryptocurrency-related hack on X a few weeks ago. On X, blockchain detective ZachXBT published his investigation into the recent hack of Sydney Sweeney's X account, as well as the alleged involvement of convicted hacker Gurvinder Bhangu in the incident. On July 2nd, the actress's X account was hacked, with the attacker promoting the Solana-based token SWEENEY by manipulating the stock price. According to ZachXBT's investigation, Gurv was one of the masterminds behind the hack. Bhangu, also known as "Gurv" in ZachXBT's post, is described as a convicted hacker who served a brief sentence in the UK for hacking into Instagram accounts and extorting users.

  • Cyvers: LI.FI suspected of suspicious transactions, more than 8 million US dollars of funds affected

    According to Cyvers Alerts monitoring, the cross-chain trading aggregator LI.FI has allegedly experienced suspicious transactions, and users are advised to revoke relevant authorizations. So far, more than 8 million US dollars of user funds have been affected, most of which are stablecoins, and the attacker is converting USDC and USDT to ETH.

  • Unstoppable Domains: Official website domains have been attacked, users need to be vigilant

    Unstoppable Domains, a Web3 domain provider, announced on X platform that their official website was under attack. They advised users not to open any emails or use the website until further notice. 0xngmi, the founder of DefiLlama, also stated on X platform that this attack may be related to issues with domain provider Squarespace. Earlier reports suggested that Squarespace's problems with domain registration may have put hundreds of encrypted project domains at risk of attack.

  • SingularityNET CEO X’s account was stolen. Beware of fake links related to AGIX airdrop

    Decentralized AI platform SingularityNET stated that its CEO Ben Goertzel's X account has been hacked and reminded users to be cautious as there is currently no AGIX airdrop plan.

  • Updated list of domains at risk of attack due to Square Space: including Litecoin, Aptos Labs official website, etc.

    The founder of DefiLlama updated the list of projects facing attack risks related to domain registrar Square Space. In addition to the previously listed 103 domains, newly listed domains include syncbond.com, gyro.money, rvrs.app, tempus.finance, rare.fyi, ferrum.network, looksrare.org, ratio.finance, opulous.org, nftearth.exchange, pxswap.xyz, aptoslabs.com, unifiprotocol.com, foundation.app, florence.finance, near.org, safe.global, mantadao.app, meowl.xyz, aftermath.finance, litecoin.org, flare.network, and tna-btc.com.

  • Report: Cryptocurrency breaches cost nearly $1.4 billion this year

    According to the mid-year Web3 security report by cybersecurity company Cyvers, as centralized exchanges become the new point of attack, the total amount of stolen cryptocurrency funds this year has reached nearly $1.4 billion. In the second quarter of 2024, the total cryptocurrency losses exceeded $600 million, an increase of 100% compared to the same period last year. The report stated that the main reason for the surge in stolen funds was a 900% increase in losses from centralized exchanges.

  • DeFi TVL exceeds $95 billion again

    According to defillama data, as of May 18, 2024, the total value locked (TVL) in DeFi has once again surpassed $95 billion. It is currently reported at $95.069 billion, an increase of nearly $12 billion from the low point of $83.04 billion 35 days ago. Among the top five protocols in terms of TVL, Eigenlayer has the highest 30-day increase, with TVL rising by 19.67% to a total of $15.455 billion.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company