According to a recent report by Quantstamp, a DeFi security startup, a staggering $38.9 million has been lost to security incidents in the nascent ecosystem.
Malicious actors continued to launch a barrage of attacks utilizing sophisticated methods such as smart contract hacks, key compromises, and scams.
- Quantstamp highlighted that one of the earliest blows came with the attack on Radiant Capital, a multi-chain lending protocol, which saw a loss of 1,900 ETH, translating to around $4.5 million.
- Exploiting a timing window and a known rounding issue in the Compound / Aave codebase, the hacker made off with a substantial sum, leaving the platform and its users reeling, as reported earlier.
🚨$38.9M has been lost to web3 security incidents so far in January 2024 🚨
Let’s take a look at 5 of the largest smart contract hacks so far ⬇️
— Quantstamp (@Quantstamp) January 30, 2024
- Not long after, the liquidity management protocol Gamma fell victim to a devastating attack, resulting in a loss of approximately $6.18 million.
- Despite having multiple deposit protections, a misconfiguration in the price movement threshold opened the door for attackers to manipulate prices and mint a significant number of LP tokens.
- Wise Lending, another prominent player, was targeted in a flash loan attack, leading to a loss of at least $460,000.
- The onslaught continued with Socket, an interoperability protocol, which succumbed to exploitation of a vulnerability in a newly added module, allowing attackers to pilfer approximately $3.3 million from users.
- Next up was Goledo Finance, a lending protocol within the Conflux ecosystem, which was exploited, resulting in a loss of 7.9 million CFX, equivalent to roughly $1.7 million.
- The preliminary investigation pointed to yet another flash loan attack, highlighting the persistent threat faced by DeFi platforms.
Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).
Source: https://cryptopotato.com/39-million-drained-in-defi-by-malicious-actors-in-january-2024-quantstamp/