Key Takeaways
- Exactly Protocol was exploited due to a vulnerability in its smart contracts.
- Exactly’s TVL stood at over $36 million before the hack but fell to $10 million post-attack
- Harbor’s exploit led to the loss of funds sitting on its stable-mint, as well as stOSMO, LUNA, and WMATIC vaults
DeFi protocols have once again faced significant security breaches, as Exactly and Harbor protocols fell victim to separate attacks on August 18, leading to substantial financial losses. Blockchain security firms DeDotFi and PeckShield uncovered these incidents, highlighting the growing challenges in securing decentralized finance platforms.
In the first breach, Exactly Protocol was exploited due to a vulnerability in its smart contracts. Hackers made off with a considerable amount, stealing 4323.6 Ether, valued at almost $7.3 million at the time. The attackers then employed intricate maneuvers, transferring 1490 ETH through the Across Protocol and 2,832.92 ETH via Ethereum’s Optimism Bridge.
The attackers’ strategy involved manipulating a market contract address to bypass security checks and execute a malicious deposit function. This allowed them to pilfer assets deposited by users. Exactly Protocol’s total value locked (TVL) stood at over $36 million before the breach but plummeted to $10 million post-attack. The protocol has taken proactive measures, filing a police report and initiating contact with the hackers in hopes of recovering the stolen assets.
Simultaneously, the interchain stablecoin protocol Harbor experienced an attack that targeted its stable-mint, stOSMO, LUNA, and WMATIC vaults. While the full extent of financial losses is yet to be determined, Harbor’s team is diligently investigating the situation. A comprehensive report detailing the event will be issued once more information is gathered, although the exact approach employed by the attackers remains unknown.
These breaches compound the concerns already surrounding the DeFi ecosystem, which has recently suffered from multiple security incidents. A vulnerability in the Vyper programming language on July 30 led to the theft of over $61 million from stable pools on Curve Finance. Other protocols have also fallen victim, with Earn. Finance is reporting losses of at least $287,000 in ETH, and Zunami Protocol is grappling with $2.1 million in losses due to a distinct exploit.
The vulnerability of DeFi protocols to cyberattacks underscores the industry’s challenges in ensuring the safety of user funds and operational integrity. A recent quarterly report by CertiK, a blockchain security company, revealed a staggering loss of over $300 million in digital assets due to crypto hacks and exploits in the second quarter of 2023.
