DeFi didn’t had an easy month. In June we saw China crackdown on Bitcoin and crypto, cryptocurrency market went into bear market and there was staggering amount of hacks/exploits happening in DeFi.
How much? ~$88k
Why? Taking all the wallet balance to create the LP tokens which will later was used for profit calculation and minting. Same bug as PancakeBunny.
How much? $0
Why? Weak stabilisation mechanism that lead to panic sell and first crypto bank run. $2B TVL dropped to ~$260M.
How much? $6.53M
Why? Reward calculation error
How much? $500k
Why? Mishandling of private-keys of the admin account.
How much? $500k
Why? Removal of x*y>k check in Swap functionality.
How much? $4.5M
Why? Double spending of NerveShares.
How much? $27M+
Why? Malicious Library implementation. Rug pull.
How much? $250k
Why? Flawed logic in reward mechanism
How much? $330k
Why? Flawed logic in reward mechanism, testing on production, rug pull?
Total value lost in June alone is around ~$40M. It’s much better situation from last months ~$173M but still $40M too much.
I will repeat my statement from last month’s report, why we see so many attacks these days.
There is an abundance of copy-pasted projects like SafeMoon tokens forks that change only 10-15 lines of code, sometimes not thinking about what the change introduces. PancakeBunny is the best example of how much a certain project can be forked alongside its issues and exploits.
Most developers of new projects don’t care about security that much. Quick money schemes are the new norm and interestingly enough, they work as we still see money being put into such projects.
If you want to read more about my thoughts on this subject, I wrote separate article.
We will see more hacks like the ones above. Another interesting pattern emerging is not hacks itself, but lost value in TVL of projects due to black swan events. Iron Finance is the best example of that.
There's no any
Thanks for reading, and if you like my writing, you can subscribe to my blog to receive the daily newsletter as I’m currently in the middle of 100 days of blogging challenge. Subscription box below 👇
If the newsletter is not your thing, check out my Twitter @adrianhetman , where I post and share exciting news from the Blockchain world and security.
See you tomorrow!