Monthly DeFi Blood bath report #3

Welcome to another instance of Blood bath report. This month we saw many bridges burning and some questionable design decisions that led to hacks.

Let’s dive into the topic. Below you will find a summary of all hacks that had happened. All info was compiled from openblocksec, rekt.news and my blog.

ChainSwap 1

When? Jul-02-2021
How much? ~$800K
Where? ETH
Why? Loophole in the contract. Details unknown.
Link: https://chain-swap.medium.com/chainswap-post-mortem-and-compensation-plan-90cad50898ab

ChainSwap 2

When? Jul-10-2021
How much? ~$4M
Where? ETH/BSC
Why? Cross-chain bridge receive issue
Link: https://twitter.com/cmichelio/status/1414035462164033541

Anyswap

When? Jul-10-2021
How much? ~$7.9M
Where? ETH/BSC
Why? Cryptography bug.
Link: https://www.rekt.news/anyswap-rekt/

DeFiPlaza

When? Jul-11-2021
How much? ~$1.1M
Where? ETH
Why? Integer overflow
Link: https://drive.google.com/file/d/12CcSiUt5oxXzLVubzyrC39PDYSYe9XJq/view

DeFiPie

When? Jul-12-2021
How much? ~$940K (based on tornado and typhoon transfers out of hacker wallet)
Where? BSC
Why? Reentrancy
Link: https://medium.com/defipie/hacking-investigation-85e07454f1c9

Ape Rocket

When? Jul-13-2021
How much? ~$1.3M
Where? BSC/Polygon
Why? Vault minting flawed logic
Link: https://www.adrianhetman.com/how-many-times-you-need-to-re-check-your-code/

Bondly

When? Jul-14-2021
How much? ~$5.9M
Where? ETH/BSC/Polygon
Why? Reward calculation bug
Link: https://www.rekt.news/bondly-rekt/

ThorChain 1

When? Jul-16-2021
How much? ~$4.9M
Where? ETH
Why? Bridge router bug
Link: https://www.rekt.news/thorchain-rekt/ ; https://www.adrianhetman.com/bridges-are-burning/

PancakeBunny

When? Jul-16-2021
How much? ~$2.4M
Where? ETH
Why? Reward calculation
Link: https://www.rekt.news/pancakebunny2-rekt/

ArrayFinance

When? Jul-18-2021
How much? ~$515k
Where? ETH
Why? Price calculation error
Link: https://blocksecteam.medium.com/the-analysis-of-the-array-finance-security-incident-bcab555326c1

ThorChain 2

When? Jul-22-2021
How much? ~$8M
Where? ETH
Why? Bridge router bug
Link: https://www.rekt.news/thorchain-rekt2/

PolyYeldFinance

When? Jul-28-2021
How much? ~$250k
Where? Polygon
Why? Deflationary token support
Link: https://twitter.com/peckshield/status/1420272942030594048?s=21


This month, we saw around $38M stolen from various protocols. The new issue that has risen were different bridges connecting various EVM based protocols, like BSC<>Polygon<>Ethereum.

We will see new types of hacks and new attacks on bridges as side chains will become more prominent. I have only one thing to say.

Stay vigilant.


Thanks for reading, and if you like my writing, you can subscribe to my blog to receive the daily newsletter as I'm currently in the middle of 100 days of blogging challenge. Subscription box below 👇

If the newsletter is not your thing, check out my Twitter @adrianhetman, where I post and share exciting news from the Blockchain world and security.

See you tomorrow!