Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. After the Mango Markets exploit last week, Compound protocol paused the supply of four tokens as lending collateral to protect it against any price manipulation. Crypto staking protocol Freeway said one of its trading strategies “appears to have failed,” forcing the firm to halt services earlier this week. October continues to be dominated by DeFi hacks as another DeFi lockup protocol, Team Finance, lost $14.5 million during contract migration, despite an audit clearance. MakerDAO community voted to approve the custody of $1.6 billion USD Coin (USDC) with the institutional brokerage platform Coinbase Prime. The to...
Decentralized lending protocol Compound has paused the supply of four tokens as lending collateral on its platform, aiming to protect users against potential attacks involving price manipulation, similar to the recent $117 million exploit of Mango Markets, according to a proposal on Compound’s governance forum that was recently passed. With the pause, users will not be able to deposit Yearn.finance’s YFI (YFI), 0x’s ZRX, Basic Attention Token (BAT) and Maker’s MKR (MKR) as collateral to take loans. The proposal passed on Oct. 25 with 99% of all voters in favor. It stated: “An oracle manipulation-based attack analogous to the one that cost Mango Markets $117m is much less likely to occur on Compound due to collateral assets having much deeper liquidity than MNGO and Compound requiring loans...
Hackers took over the official Twitter account of crypto exchange Gate.io, putting over 1 million users at risk of losing funds to an ongoing fraudulent Tether (USDT) giveaway. Social media platform Twitter serves as the most effective medium to reach the crypto community. As a result, the trend of hacking into official Twitter handles of verified accounts to promote scams is on the rise. Hackers of unknown origin took over Gate.io’s Twitter account and changed the website URL from Gate.io to gąte.com (https://xn--gte-ipa.com/) — a fraudulent website impersonating the exchange. The fake website is actively promoting a fake giveaway of 500,000 USDT while asking users to connect their wallets (such as MetaMask) to claim the rewards. Once a user connects their wallet to the fake website, the ...
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. The last week’s headline was dominated by some of the biggest hacks in DeFi. This week is redemption time for many DeFi protocols that either averted an attempted hack or got a significant chunk of their stolen funds back. The BitBTC bridge reportedly had a bug that would essentially allow an attacker to mint fake tokens on one side of the bridge and swap them for real ones. However, one Twitter user was able to foresee the vulnerability and informed the cross-bridge platform about it. The Moola Market attacker has scored about a half-million dollar “bug bounty” after choosing to return a majority of the cryptocur...
According to a new report by crypto data aggregator Token Terminal, approximately 50% of exploits in decentralized finance, or DeFi, occur on cross-chain bridges. In two years’ time, more than $2.5 billion have been stolen by hackers from exploiting vulnerabilities on cross-chain bridges. The amount is enormous comparison to other security breaches, such as DeFi lending hacks ($718 million) and decentralized exchange exploits ($362 million) in that period. Bridge exploits account for ~50% of all DeFi exploits, totaling ~$2.5B in lost assets These hacks can typically be attributed to smart contract loopholes (e.g. Wormhole & Nomad) or compromised private keys (e.g. Ronin & Harmony). What will it take to create secure bridges? pic.twitter.com/LrVf0W0zeK — Token Terminal (...
BNB Chain, the native blockchain of Binance Coin (BNB) and the Binance crypto exchange, has been subject to security-related developments over the last month. On Thursday, Oct. 6 the network experienced a multi-million dollar cross-chain exploit. The incident caused BNB Chain to temporarily suspend all withdrawal and deposit activity on the network. Initially, the announcement of the network outage cited “irregular activity” with an update stating it was “under maintenance.” As rumors were confirmed the CEO of Binance, Changpeng Zhao tweeted out an apology for any inconvenience to the BNB Chain community. However the suspension was brief, as the BNB Chain Team announced the network was back online early on Oct. 7, just hours after the attack. As the network regained activity its validators...
When Wintermute, a cryptocurrency market maker, lost $160 million due to a hack, concerns related to the repayment of debt worth $189.4 million surfaced. However, in an exciting turn of events, Wintermute paid back its largest debt due Oct. 15, involving a $92 million Tether (USDT) loan issued by TrueFi. After repayment of TrueFi’s $92 million loan, Wintermute still owes $75 million to Maple Finance in USD Coin (USDC) and wrapped ether (WETH) and $22.4 million to Clearpool, a total of $97.4 million in debt. Loan details show that Wintermute Trading had borrowed $92.5 million for a term period of 180 days. James Edwards from Libre Blockchain suspects that “some of the funds from their recent “hack” contributed to the payback.” He further claimed that BlockSec’s attempt to debunk...
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. October is historically associated with the bulls, but in 2022, the month has also become the leader in crypto hacks as barely halfway through, and the DeFi ecosystem has already seen nearly a dozen hacks resulting in losses of hundreds of millions of dollars. The largest hack occurred on Solana’s DeFi platform Mango Markets on Oct. 11, resulting in a loss of over $100 million worth of crypto. The hacker has now come out to demand $70 million in USD Coin (USDC) stablecoin as a bounty to return the stolen crypto. In another hack, TempleDAO was exploited for $2 million on the same day as Mango Market’s exploit. Movi...
Following a $117 million exploit on Oct. 11, the Mango Markets community is set to make a deal with its hacker, allowing the hacker to keep $47 million as a bug bounty, according to the decentralized finance (DeFI) protocol governance forum. The proposed terms reveal that $67 million of the stolen tokens will be returned, while $47 million will be kept by the hacker. 98% of the voters, or 291 million tokens, have voted in favor of the deal, which also stipulates that Mango Markets will not pursue criminal charges on the case. With the quorum reached, the voting is likely to happen on Oct. 15. The proposal stated: “The funds sent by you and the mango DAO treasury will be used to cover any remaining bad debt in the protocol. All mango depositors will be made whole. By voting...
Transit Swap, a multi-chain decentralized exchange (DEX) aggregator, lost roughly $21 million after a hacker exploited an internal bug on a swap contract. Following the revelation, Transit Swap issued an apology to the users while efforts to track down and recover the stolen funds are underway. “We are deeply sorry,” stated Transit Swap while revealing that a bug in the code allowed a hacker to make away with an estimated $21 million. Blockchain investigator Peckshield narrowed down the attack to a compatibility issue or misplaced trust in the swap contract. pic.twitter.com/KJ7u5xoxBp — Transit Swap | Transit Buy | NFT (@TransitFinance) October 2, 2022 Peckshield, along with other investigators, including SlowMist, Bitrace and TokenPocket joined in on the pursuit to track down the hacker. ...
Amber Group has reproduced the recent Wintermute hack, the Hong Kong-based crypto finance service provider announced on its blog. The process was fast and simple, and used hardware easily accessible to consumers. Wintermute lost over $160 million in a private key hack on Sept. 20. Reproducing the hack can help “build a better understanding of the attack surface spectrum across Web3,” Amber Group said. It was only hours after the hack of UK-based crypto market maker Wintermute was revealed that researchers were able to pin the blame for it on the Profanity vanity address generator. One analyst suggested that the hack had been an inside job, but that conclusion was rejected by Wintermuteand others. The Profanity vulnerability was already known before the Wintermute hack. classy — wishful cyn...
MEV gain, an Ethereum (ETH) arbitrage trading bot built by MEVbots, which claims to provide stress-free passive income, has been actively draining its users’ funds via a fund-stealing backdoor. Arbitrage bots are programs that automate trading for profits based on historical market information. An investigation of MEVbots’ contract revealed a backdoor that allows the creators to drain Ether from its users’ wallets. Our analysis confirms what the @mevbots promotes for the so-called “MEV gain” has a fund-stealing backdoor. Do *NOT* fall prey to it https://t.co/z2eDqMF36b. And thanks @monkwithchaos for the heads-up https://t.co/dhSNGljoH0 pic.twitter.com/HWfCAwbae4 — PeckShield Inc. (@peckshield) September 23, 2022 The scam was first pointed out by Crypto Twitter’s @mo...