{"id":9274,"date":"2023-08-01T09:04:00","date_gmt":"2023-08-01T09:04:00","guid":{"rendered":"https:\/\/www.trustrecipe.in\/?p=9274"},"modified":"2023-10-16T11:58:27","modified_gmt":"2023-10-16T11:58:27","slug":"list-of-crypto-hacks-in-the-month-of-august","status":"publish","type":"post","link":"https:\/\/immunebytes.com\/blog\/list-of-crypto-hacks-in-the-month-of-august\/","title":{"rendered":"List of Crypto Hacks in the Month of August"},"content":{"rendered":"\n

Aug 2<\/h3>\n\n\n\n

On Aug 2, 2022, the yield aggregator @Reaper_Farm on the Fantom chain was exploited for ~$1.7M.The reason for the hack was a vulnerability in smart contract of its multi-strategy vault.<\/p>\n\n\n\n

Post-hack, the #exploiter moved stolen funds to the Tornado Cash.<\/p>\n\n\n\n

\n\n\n\n

Aug 3<\/h3>\n\n\n\n

On Aug 3, 2021, @PopsicleFinance was exploited for ~$25m due to a #smartcontract vulnerability.<\/p>\n\n\n\n

There was a bug in the protocol’s reward debt mechanism that allowed users to claim rewards which they should’ve never got.<\/p>\n\n\n\n

\n\n\n\n

Aug 4<\/h3>\n\n\n\n

On August 4, 2021 @Wault_Finance, a DeFi protocol, suffered an attack involving lightning loans and lost ~$880K.<\/p>\n\n\n\n

There was a smart contract vulnerability, which was exploited for this attack.<\/p>\n\n\n\n

\n\n\n\n

Aug 8<\/h3>\n\n\n\n

On Aug 8, 2021, Zerogoki protocol was exploited for ~$670K by using price oracle manipulation. The attacker could do this manipulation with the help of a compromised private key, which allowed him to swap 300 REI for 700,000 zUSD.<\/p>\n\n\n\n

\n\n\n\n

Aug 9<\/h3>\n\n\n\n

On Aug 9, 2022, @CurveFinance suffered a DNS hijacking<\/a> that made its users to approve a malicious contract and lose ~$575k. The stolen funds were sent to CEXs and Tornado Cash.<\/p>\n\n\n\n

\n\n\n\n

Aug 10<\/h3>\n\n\n\n

On Aug 10, 2021,<\/strong> @PolyNetwork2 was exploited for ~$600M due to smart contract vulnerabilities which allowed the hacker to execute unauthorized transactions and withdraw funds from the contract on both BSC and ETH.<\/p>\n\n\n\n

On Aug 10, 2021, <\/strong>@PunkProtocol , a DeFi protocol, was exploited for $8.9M. The attacker exploited a flaw in the smart contract code that allowed him to replace a privileged contract address with his own address.<\/p>\n\n\n\n

\n\n\n\n

Aug 23<\/h3>\n\n\n\n

Sudorare, an NFT marketplace, was rugged for ~$850K\u00e2\u20ac\u201d 6 hours after its launch. The Attackers withdrew ~519 ETH and other tokens such as Looksrare (LOOKS) and USD Coin (USDC).<\/p>\n\n\n\n

\n\n\n\n

Aug 24<\/h3>\n\n\n\n

On August 24, 2022, Kaoya Swap, a decentralized protocol on the BSC chain, fell victim to a hack that exploited a flaw in a smart contract function.<\/p>\n\n\n\n

The hacker made a profit of around \u00f0\u0178\u2019\u00b0271 wBNB and 37,294 BUSD (approx. $118k).<\/p>\n\n\n\n

\n\n\n\n

Aug 25<\/h3>\n\n\n\n

On Aug 25, 2021, #Defi protocol Dot Finance was exploited for ~$429K in a flash loan attack, which reduced the protocol\u00e2\u20ac\u2122s value by 35 %.<\/p>\n\n\n\n

Detailed Hack Analysis Report<\/a><\/p>\n\n\n\n

\n\n\n\n

Aug 28<\/h3>\n\n\n\n

On Aug 28, 2022, the $DDC token on the BSC chain was exploited for $104,600 due to smart contract vulnerability.<\/p>\n\n\n\n

The vulnerability stemmed from the handleDeductFee<\/code> function of the DDC contract, which lacked appropriate checks for both feeAmount<\/code> and incoming addresses.<\/p>\n\n\n\n

This oversight allowed an attacker to manipulate the function’s parameters and get away with the funds.<\/p>\n\n\n\n

\u00f0\u0178\u02dc\u02c6Txn: https:\/\/bscscan.com\/tx\/0xd08cfb22d14bc4f2808970b5ce2557124ae3d7dc9fda756647a3427b8275f054<\/p>\n\n\n\n

\u00f0\u0178\u02dc\u02c6The attacker (https:\/\/bscscan.com\/address\/0x5b69f9c6cbb4958008eae46072886e6b9524fdef)
transferred some of the stolen funds to another address (https:\/\/bscscan.com\/address\/0xc578d755cd56255d3ff6e92e1b6371ba945e3984), which was found to be involved in the UF DAO Attack of Jan 11, 2023.<\/p>\n\n\n\n

\n\n\n\n

Aug 29<\/h3>\n\n\n\n

On 29th August 2022, during an update to the @OptifiLabs program on the Solana mainnet, the deployer mistakenly executed the ‘solana program close’ command, leading to the permanent closure of the OptiFi program.<\/p>\n\n\n\n

This error locked all user funds and open positions in the program, amounting to a loss of approximately $661K USDC.<\/p>\n\n\n\n

Most of the lost funds belonged to the @OptifiLabs team, and fortunately, only 5% belonged to the investors.<\/p>\n\n\n\n

Nevertheless, the team pledged to compensate affected users fully.<\/p>\n\n\n\n

To avoid a repeat of such incidents, @OptifiLabs proposed changes to the Solana Command-Line Interface (CLI) to display clearer warnings about the implications of certain commands.<\/p>\n\n\n\n

\n\n\n\n

Aug 31<\/h3>\n\n\n\n

On Aug 31, 2022, $CUPID and $VENUS tokens on the BSC chain were exploited in a flash loan exploit, causing their market price to fall by 99%.<\/p>\n\n\n\n

The exploiter made a profit of $78,622 and transferred the amount to different addresses.<\/p>\n\n\n\n

Hack Transaction: https:\/\/bscscan.com\/tx\/0xed348e1d6ef1c26e0040c6c3f933ea51f953bdbafad7fb11c593f6837909c079<\/p>\n\n\n\n

CUPID Token Address:
<\/strong>https:\/\/bscscan.com\/token\/0x9963f04a6d0dc7d47d7f86a2bf4d62e01e043e6b<\/p>\n\n\n\n

VENUS Token Address:
<\/strong>https:\/\/bscscan.com\/token\/0x9963f04a6d0dc7d47d7f86a2bf4d62e01e043e6b<\/p>\n\n\n\n

Attacker Address:
<\/strong>https:\/\/bscscan.com\/address\/0xdf2984cf49ff2944c019decbd2057c09e5b026b1<\/p>\n\n\n\n

Additionally, the attacker is found to be constantly interacting with the following addresses and to transfer funds.<\/p>\n\n\n\n

MDEX LP Token (MDEX LP):
https:\/\/bscscan.com\/address\/0x59b76b5d39370ba2aa7e723c639861266e85bfec
https:\/\/bscscan.com\/address\/0x5f330ba134051d247a6700babed73b587b75b21b
https:\/\/bscscan.com\/address\/0x05ad60d9a2f1aa30ba0cdbaf1e0a0a145fbea16f<\/p>\n\n\n\n

There are various other addresses which were found which were indirectly linked to the hacker. One of the addresses (still active and trading in high volumes):
https:\/\/bscscan.com\/address\/0x893064ca1550c9ced53e85e24a72679f59385b07<\/p>\n","protected":false},"excerpt":{"rendered":"

Aug 2 On Aug 2, 2022, the yield aggregator @Reaper_Farm on the Fantom chain was exploited for ~$1.7M.The reason for…<\/p>\n","protected":false},"author":2,"featured_media":9385,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[714,679],"tags":[],"class_list":["post-9274","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-crypto-hacks-directory","category-web3-security"],"_links":{"self":[{"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/posts\/9274","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/comments?post=9274"}],"version-history":[{"count":19,"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/posts\/9274\/revisions"}],"predecessor-version":[{"id":9341,"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/posts\/9274\/revisions\/9341"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/media\/9385"}],"wp:attachment":[{"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/media?parent=9274"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/categories?post=9274"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/tags?post=9274"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}