This Week in Hacks
AnubisDAO, a DAO project rugpulled for $60M
AnubisDAO, a DAO project, was rugpulled for 13,556 ETH or $60 Million. The project raised $60M in a token sale.
Also to note that the project does not have a website and a strong internet presence. Community suspects it due to a phishing attack, more information awaiting.
AutoShark Finance is the Latest Victim on the BSC platform
AutoShark Finance, a yield optimizer platform on BSC and Polygon, suffered a hack on its BSC platform.
The community suspects this as a flash-loan attack on the project. The price of the $JAWS (Newly issued token to compensate users for previous hack) token dropped substantially to a low at $0.06.
The total loss is estimated to be more than $100,000,000. The attack was possible due to a profit inflation bug. The platform was previously attacked in early October and in May, 2021 for flash-loan.
Cream Finance Flash-loaned for - $18.8M
Cream Finance, a DeFi lending protocol, was flash-loaned on the Ethereum blockchain for $18.8 million.
Stolen funds were Cream LP tokens and other ERC-20 tokens. The issue was identified as a miscalculated price because unexpected funds were sent to the yUSD contract.
The platform had suffered multiple flash-loan attacks before, including $37.5 Million in February, 2021 and 18.8 Million in August, 2021 respectively. The platform has lost $186 million in a single year which makes this hack as the third largest DeFi hack till date. As a result of the hack, Cream Finance’s token ($CREAM) price has fallen down 37% at the time of writing.
Aztec Finance spotted a vulnerability
Aztec Finance patched a critical double-spend vulnerability in non-native field operations.
Ondo Finance discovered a bug in an audited contract
Ondo Finance, a risk marketplace for DeFi, announced that they have discovered a bug in an audited contract. The team executed a rebalance transaction using the guarding contract and the funds are safe.
Vulnerability Write-ups
Post mortem Review on Economic Attack (AutoShark) by AutoShrak Finance team.
Aztec Double Spend Attack Postmortem by Aztec team.
Cream Finance Attack Postmortem by Mudit Gupta.
Yearn Finance Postmortem by Robot Vault.
DeFi Security
How to Lose $280 Million With a Single Line of Code By SANS Offensive Operations.
How Hackers Steal Your Cryptocurrency Without You Knowing…. And How to Prevent it By George Levy.
What is Frontrunning? By iC3 Initiative of Cryptocurrency and Contracts.
DeFi in Numbers
As of 27th October, 2021, the total value lost in DeFi hacks is $1.5 Billion in a total of 70 hacks.
Source: https://cryptosec.info/defi-hacks/
More From Editor’s Desk
Auditing of a smart contract won’t be a smooth process if you are unprepared to deal with the challenges.
Possible issues include taking a decision regarding the scale of the audit, finding experienced auditors, giving adequate time for audit under pressure of taking the project to the audiences, technical challenges, compiling a proper report, or finding a reliable auditing company.