In brief⚡
Events Under the Spotlight💥
Team Finance suffers a $14.5 million loss due to a smart contract bug
Team Finance, a crypto liquidity provider, had lost $14.5 million due to a smart contract bug in its system.
Using weaknesses in the Team Finance migration function, the attacker moved locked liquidity tokens from UniswapV2 liquidity to an attacker-controlled new V3 pair with a skewed price, resulting in a substantial profit refund.
The attacker's wallet address still holds the proceeds of the exploit, which include $6.43 million in DAI stablecoin and 880 ETH ($1.36 million).
Team Finance also requested the exploiter to contact them so that a reward payment may be arranged.
Freeway suffered $100 million+ in a rug pull
Crypto investment platform reportedly banned withdrawals on assets worth more than $100 million.
According to Terra researcher FatMan, the names of all platform team members have been erased from the website, and a $100 million Rug pull is suspected of having occurred.
Layer2DAO was hacked for 50 million L2DAO tokens
Hackers stole 49,950,000 L2DAO tokens after gaining access to an Optimism Layer2DAO multisig.
The attacker exchanged 16.7 million tokens before the project agreed to purchase the remaining 33.2 million tokens for $0.001.
The Layer2DAO team did not know how the hack occurred.
Still, it was comparable to the June 2022 event, in which an attacker obtained 20 million Optimism tokens after Wintermute submitted an inaccurate wallet address.
A smart contract exploit costs UvToken 5,011 BNB tokens
Due to a smart contract vulnerability, UvToken, a multi-chain wallet startup, lost 5,011 BNB tokens ($1.45 million).
Its "staking project" was under attack. The attacker most likely took advantage of the UvToken staking contract's lack of properly authenticated input data.
The monies have already been sent to Tornado Cash, an authorised crypto mixer.
A hack cost VTF Token 58K USD
VTF Token on BSC was compromised, and the attacker profited around 58K USD from the exploit.
To get holding benefits, there is a flaw in VTF's contract.
The attacker pre-deploys a large number of attack contracts, acquires the initial $VTF through a flash loan, and then transfers VTF tokens to the attack contracts to claim the holding rewards.
QuickSwap market lost $188,000 in an exploit
An Oracle manipulation attack on a Quickswap market netted an exploiter $188,000 in profit.
The vulnerability was introduced by using a Curve LP oracle, which incorporates a vulnerability discovered earlier that month by a security firm.
Hacker manipulated the spot price of assets to borrow funds, eventually escaping with 138 ETH ($188,000) mixed through Tornado Cash.