DeFi Vulnerabilities: Protocols Suffer $38.9M in Losses from Exploits

Share IT

Key takeaways:

  • Quantstamp has determined which five smart contract protocols saw the greatest losses in January due to hacker and exploit attacks.
  • On January 12, Wise Lending was the victim of a flash loan attack that cost them at least $460,000.

Quantstamp, a decentralized finance (DeFi) security startup, has determined which five smart contract protocols saw the greatest losses in January due to hacker and exploit attacks.

Quantstamp noted in a post on the social networking platform X that $38.9 million in damages were incurred in January as a result of malicious actors’ use of a variety of attack techniques, including key breaches, smart contract hacks, and frauds.

Early in January, Radiant Capital suffered losses of $4.5 million due to a flash loan assault. The problem was traced to a “known rounding issue” in the Compound/Aave codebase as of right now, according to blockchain security company PeckShield.

In order to address the issue, the DeFi lender suspended its USD Coin pool on Arbitrum. Radiant made it clear that user funds were safe, and following an inquiry, business as usual was restored.

Hours after the Radiant attack, on January 4, Gamma Strategies also encountered a flash loan attack, which led to a programming fault that allowed hackers to steal $6.1 million from Gamma’s vaults that were visible to the public. Gamma fixed the vulnerability by temporarily stopping deposits in order to resolve the problem.

On January 12, Wise Lending was the victim of a flash loan attack that cost them at least $460,000. The exploit, which was the second on the protocol in six months, involved changing the pricing oracle that Wise Lending employed. The Web3 lending application had 170 Ether left in it.

A flaw in user verification input resulted in a security breach of the multichain protocol Socket on January 16. This made it possible for hackers to take almost $4 million worth of approximately 2,000 ETH. As part of its plan to refund user funds, Socket did, however, recover 1,032 ETH (about $2.3 million) and reimburse all affected customers.

Similar to Gamma’s exploit, Goledo Finance also suffered a security compromise on January 28 that used a flash loan attack and resulted in the theft of $1.7 million. Goledo has issued a prize for the restoration of the funds, and negotiations are still ongoing with the offender.

The hacker’s centralized exchange accounts were declared frozen by the lending protocol. Goledo has informed local law enforcement of the issue and is assessing the amount of the loss in order to formalize a recovery plan.

The Goledo group has outlined its payment procedure for the retrieval of user assets. Users can submit their claims via a Google form that the team has made available.

Share IT
Deep
Deep

Can’t find what you’re looking for? Type below and hit enter!