On Apr 17, 2023. The DeFiGeek Community fell victim to a security breach in which an attacker exploited a flash loan vulnerability, causing the loss of 10 ETH (valued at over $20,000) from their DeFiGeek Community Pool Dai (fDAI-102
Beanstalk protocol got hacked for around $74M through exploiting the governance mechanism & stealing all the BEANS & Curve LP tokens stored in the Beanstalk protocol. It is a bit complex hack, let's break it down step by step.
Proposal creation transaction on BeanGovernance
Before diving into the hack let's analyze how the governance system worked for the protocol & why the proposal was important.
The attacker created 2 Proposals.
The malicious contract requested the following tokens to be sent over the exploit contract address.
The hacker used tornado cash & split the ~24k Eth into chunks of 1, 10 & 100 Eth to disappear in thin air. One thing to note is that this hack was a result of a bad governance design and not the economic design.
Here is the Github repo that has POC for the hack.
Also see Cream Finance Hack: What Motivates Hackers to Return Stolen Funds?
On Apr 17, 2023. The DeFiGeek Community fell victim to a security breach in which an attacker exploited a flash loan vulnerability, causing the loss of 10 ETH (valued at over $20,000) from their DeFiGeek Community Pool Dai (fDAI-102
The attack on dForce network had significant consequences for the platform and its users. By exploiting a reentrancy vulnerability in the wstETH/ETH pool on Curve and the dForce wstETH/ETH Vault, the attacker was able to manipulate the virtual price of the pool, which in turn affected the oracle used by the dForce wstETH/ETH Vault
Zunami is a decentralized protocol operating in the Web3 space, specializing in issuing aggregated stablecoins like UZD and zETH. These stablecoins are generated from omnipools that employ various profit-generating strategies. Recently, the protocol was exploited, resulting in a loss of $2.1M.
Jimbo's Protocol is a decentralized finance (DeFi) system built on the Arbitrum chain. The protocol uses a semi-stable floor price for its ERC-20 token, $JIMBO, backed by a treasury of Ether (ETH). However, despite its pioneering efforts to maintain on-chain liquidity and price floors, Jimbo's Protocol recently faced a Flash loan attack.
The last few years have resulted in consumer privacy and data breach issues. Those issues have made the users conscious and ambiguous about the data on the internet. Read more in this blog.
As the positive hype around cryptocurrency increases, so does the negative. Many argue that the very benefits of decentralization and anonymity result in it being favored for use in a host of illegal activities. However, is outright banning a viable solution?
An off-chain transaction deals with values outside the blockchain and can be completed using a lot of methods. To carry out any kind of transaction, both functioning entities should first be in agreement, after that a third-party comes into the picture to validate it.
Kokomo Finance has taken off with approximately $4 million worth of user funds, leaving users unable to withdraw their funds. Wrapped Bitcoin deposits were rugged, with almost $2M of tokens still remaining in the project’s pools on Optimism.
The unfavourable effect brought by MEVs continues to gain recognition globally, with many believing MEVs capable of providing serious risk to Ethereum’s future. Amidst this crisis, research organization Flashbots has emerged with a solution.