Welcome to another instance of the Blood Bath report. This months we saw a fix of critical bug in OpenZeppelin, a Supply Chain attack on SushiSwap and just yesterday we saw a Compound proposal that went wrong.
Enough of the talk. Let’s dive into the topic. Below you will find a summary of all hacks that had happened. All info was compiled from openblocksec , rekt.news, Peckshield, and Blocksecteam, Knownsec
How much? $3.5M
Why? Reentrancy bug
How much? $4M
Why? Authentication issue
Link: https://twitter.com/Mudit__Gupta/status/1434059922774237185, https://www.rekt.news/daomaker-rekt/
How much? $3.2M
Why? Staking calculation bug
How much? $1M
Why? Logic Error
How much? $24k
How much? $3M
How much? $12.5M
Why? Faulty tx processing
How much? $35M
Why? Price oracle manipulation
Link: https://blocksecteam.medium.com/the-real-root-cause-of-the-vee-finance-security-incident-8ed6562814e5 ; https://www.rekt.news/veefinance-rekt/
How much? $144K
Why? Private keys compromised on the bridging server
How much? $80M
Why? Bug in distribution of tokens
In hacks alone, excluding Compound, we saw ~$62.2M gone from various DeFi protocols on different chains. We saw first EOS DeFi hack in a while and also we saw few Avalanche hacks, Vee Finance being the largest.
Stay safe out there, and remember that we’re still early in blockchain, and it will take time until the numbers of hacks and their impact will go down.
Thanks for reading, and if you like my writing, you can subscribe to my blog to receive the newsletter. Subscription box below 👇
If the newsletter is not your thing, check out my Twitter @adrianhetman, where I post and share exciting news from the Blockchain world and security.