As token price rises and reputation mends, Sushiswap foils midnight exploit

As exploits and hacks run rampant across the DeFi ecosystem, at least one project appears to have fended off the worst of an attack — the once-maligned “vampire” AMM (automated market maker) exchange Sushiswap.  Observers noticed last night that Sushiswap — which got its start leeching liquidity from rival AMM Uniswap — was experiencing an exploit, and that anonymous head developer 0xMaki was taking steps to mitigate it: Possible @SushiSwap exploit found? @0xMaki sends exploiter a tx with a message to collect bug bounty. See below tx with message from…

Read More

$pickle in a pickle as attacker swipes $20 million in “evil jar” exploit

In yet another attack on a major decentralized finance (DeFi) protocol, farming project Pickle Finance has been exploited today to the tune of $20 million.  The attack transpired roughly two hours ago, and ETH-savvy Twitter users were quick to notice that pickle’s cDAI jar — Pickle’s term for a yield-bearing vault — had been emptied: I think @picklefinance‘s cDAI jar just got attacked and drained. https://t.co/Lxwi2dWSSZ pic.twitter.com/nUBE1KjEPh — mattyb (@mattybchats) November 21, 2020 Unlike other recent attacks however, this particular exploit did not feature flashloans — an increasingly maligned DeFi…

Read More

Value DeFi protocol suffers $6 million flash loan exploit

Following a Twitter thread on Friday that highlighted the decentralized finance protocol’s flash loan exploit prevention methodology, Value DeFi appears to have been the victim of a $6 million flash loan exploit.  At roughly 10:45 AM EST, a user took out a flashloan of 80,000 ETH (over $36 million) from lending protocol Aave. Aave developer Emilio Frangella immediately called attention to the loan: 80.000 eth flashloan on @AaveAave https://t.co/ngnHIoNKpi — Emilio Frangella (@The3D_) November 14, 2020 According to Emiliano Bonassi, a self-described whitehat hacker and the co-founder of DeFi Italy, the…

Read More

Researcher suggests miners are manipulating Ethereum blocks to exploit DeFi

Some Ether (ETH) miners appear to be re-engineering blocks to take advantage of DeFi opportunities in an instance of what is termed “miner extractable value,” or MEV. Miner extractable value was long anticipated by researchers as a potential exploit pattern for DeFi that leverages the miners’ unique protocol influence. Since miners have free reign over what transactions to include and in which order, this opens the way for several exploitation techniques for on-chain decentralized finance. Anonymous researcher Frank Topbottom highlighted several convincing instances of MEV in the wild, in what…

Read More

Over $1 Billion Ethereum-Based Tokens Vulnerable to ‘Fake Deposit Exploit’

A number of university researchers published a study that demystifies the “fake deposit vulnerability” in Ethereum-based smart contracts. The findings show that over 7,000 tokens worth more than $1 billion built on top of Ethereum are vulnerable to two types of attacks that exploit smart contracts. Researchers from the University of Queensland, Beijing University of Posts and Telecommunications, Zhejiang University, and Peking University have published a paper that describes a vulnerability held by over 7,000 Ethereum-based tokens. Essentially, the tokens created have verification methods that are subpar to ERC20 contracts…

Read More

Opyn Removes Liquidity From Uniswap After $370K Stolen in DeFi Exploit

Attackers have exploited a vulnerability in the Opyn ETH Put contract to walk away with more than $370,000. One of the first members of Crypto Twitter to report on the theft, DegenSpartan, stated on Aug. 4 that the traders used flash loans to buy Ethereum Put oTokens (oETH) from Uniswap. They then reportedly chose an ERC20 token — in this case, USD Coin (USDC) — as collateral and exercised the trading option.  The result was reportedly a double transfer which effectively “stole” the collateral. According to blockchain records, the attackers…

Read More