News

Analysis of recent hacker attacks and DeFi security breaches

Published

6 months ago

on

The last week has seen a series of high-profile cyberattacks against cryptocurrency industry giants, with a particular focus on DeFi platforms, crypto hedge funds, and other blockchain-based services.

Join us in this week’s crypto hack report focusing on the types of attacks, their implementation methods, and evaluating response actions before and after the lifecycle of such attacks.

1. The Sonne Finance Million Flash Loan Attack

Sonne Finance, a typical lending/lending platform, was built on Compound and deployed on Optimism, a Layer-2 chain. However, a came flash loan attack which influenced their protocol.

Attackers took advantage of protocol bugs and bypassed the flash loan feature to drain more than $20 million in seconds. Through these loans, the hackers managed to manipulate the protocol’s liquidity reserves and thus create enormous financial damage that could only be stopped after being discovered.

Sonne Finance, in collaboration with its White Hat hacker community and Blockchain security experts, is on its way to tracking down stolen funds and fixing errors that have been exploited.

2. BlockTower Capital: Partial Drain of Funds

Blocktower Capital, one of the large players in the management of financial investments in cryptocurrencies, which manages assets worth approximately 1.7 billion dollars, has been the victim of a massive violation in their security system.

A serious setback was the loss and half of the drain of his main hedge fund due to the action of scammers. The exact amount of funds from the scam is hidden, however, the fraud has certainly forced the company to try to bring in Blockchain forensic analysts for further investigation.

3. ALEX Lab: $4.3 million loss due to weaknesses in private key storage

ALEX lab, a bitcoin DeFi application, lost $4.3 million of tokens. The assault specifically attacked BTC’s bridge service and consumed $300,000 in Bitcoin, $3.3 million in stablecoins, and $75,000 in Sugar Kingdom (SKO) tokens.

Since the breach has been detected, ALEX Lab is working with experts to complete implementations and changes to its key management systems.

4. Perdy Finance: $464,000 Contract Vulnerability Exploit

Perdy Finance, the DEX of the Aribtrum chain, was attached due to his contractual defect – resulting in a breach of $464,000 from their loan pool.

Hackers have discovered a vulnerability in Perdy Finance’s smart contracts that allows them to steal considerable values ​​while leaving the system and authorities to this problem. They only knew what to do when the problem was detected, and by then resources had already been drained.

Perdy Finance had halted operations to identify and resolve contractual issues and losses caused by such security breaches. To identify and fix the flaws of the smart contract they coordinated with blockchain security auditors and their collaboration to achieve successful smart contracts.

5. Pump. fun: embezzlement of $2 million by a previous employee

There was a massive compromise of SOL tokens in Pump.fun when a former employee of the platform stole more than $2 million value of digital assets. The employee had benefited from the senior role which granted him unrestricted access to the custody of the vault.

This exploit used flash loans on the Solana lending protocol to borrow SOL, exchange them for different coins to cause their value on the bond curves to rise to 100%, and then sell the coins to obtain the liquidity they used to repay the debt . flash loans.

Pump. economic resumed with its zero-commission trading for the next seven days to restore user confidence. The site underlined its commitment to uploading liquidity pools to Raydium for affected coins and returning the assets to consumers.

Indeed, events over the past seven days have once again brought to the fore the multi-faceted and dynamic nature of cyber risks leading to the cryptocurrency sphere.

The spectrum of illustrious flash loan exploits to intrusion threat and contract vulnerabilities has revealed the importance of constantly improving security practices, active monitoring and critical control actions to the ultimate goal of asset protection.

Also check: Q1 2024 Cryptocurrency Hack Report: Trends, Losses, and Recovery Efforts



Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version