Amidst FTX Saga, Hacker Swept More Than $25 Million in 2nd week of November
HashingBits | Week- 45
In briefâš¡
Events Under the Spotlight💥
The mooCakeCTX project suffered $143,921 in a flash loan
The MooCakeCTX attack originated as a result of the contract being reinvested without a reward before settlement.
The contract reinvested (the earn function was not called) before the user pledged (depositAll function) without settling the reward, which means that when the user pledged, the contract did not settle the previous reward and instead conducted a new investment.
The attacker borrows 50,000 cake tokens using a flash loan in the same block, pledges it twice in a row, and then withdraws and returns the pledged cake tokens to profit.
Attacker's address: 0x35700c4a7bd65048f01d6675f09d15771c0facd5
Loopring Network Halted Due to DDoS Attack
A large-scale DDoS attack on the Ethereum L2 protocol knocked services offline for 11 hours.
During the incident, the rate per second (RPS) increased significantly because the Loopring gateway could not handle such a high volume of requests.
brahTOPG lost $89,879 in a smart contract exploit
The brahTOPG project on the ETH chain was attacked, resulting in an exploit of $89,879.
The primary reason for this attack is that the Zapper contract strictly checks the data passed in by the user, resulting in the issue of arbitrary external calls.
The attacker uses this arbitrary external call problem to steal the tokens of users who are still authorized to the contract.
DFXFinance loses 3000ETH in a Flash Loan Attack
DFXFinance's DEX pool suffers a $5 million loss due to a flash loan attack.
Using a flash loan, an attacker could exploit a vulnerability in the smart contract for DFX Finance, a decentralized forex trading platform.
The attacker then used the Tornado Cash cryptocurrency tumbler to launder the funds.
Because an MEV bot stole a significant portion of the funds, the attacker did not take the entire amount lost from the platform.
Pando exploited for $20Â million
When the defi protocol Pando was exploited with an oracle manipulation attack, it cost the company $20 million.
In response to the hack, the protocol halted several projects and stated they hoped to negotiate with the hacker to reclaim some of the stolen funds.
Some of the stolen funds could be locked, but it is unclear whether this was the total amount.