In brief ⚡
🙃 Decentralized Interest Rate Market Exactly Falls Victim to Security Exploit, Becoming Third Target This Week
🥲 RocketSwap Labs was hacked for around $869k after a private key exploit
😔 Swirlend did a rug pull of $500k on the BASE chain
.
Hacks and Scams⚠️
Exactly Protocol
Amount of Loss: ~ $7.3 Million
Analysis
"Exactly" decentralized interest rate market hit by security exploit, marking third smart-contract attack this week after Zunami and RocketSwap.
Exactly Protocol promptly halted its smart contract, launching an active investigation into the incident.
Total Value Locked (TVL) in Exactly Protocol dropped over 50% from $38.5 million to $16 million post-exploit, as per DeFiLlama data.
The report confirms a loss of about (approximately $ 7.4 million) suffered by the protocol. The attacker moved funds between Ethereum and Optimism using an exploiter contract.
Swirlend
Amount of Loss ~ $500k
Analysis
Coinbase's Base blockchain launched just a week ago, has already witnessed scams and hacks.
SwirlLend, a lending protocol on Base and Linea chains, swiftly siphoned $460,000 from both chains upon its launch.
The project then proceeded to erase its social media presence.
Despite its recent establishment and limited funds locked, Base blockchain is experiencing its share of fraudulent activities.
SwirlLend's exploit highlights the vulnerability of nascent blockchain projects to malicious actions.
RocketSwap
Amount of Loss ~ $620k
Analysis
Approximately 471 ETH (equivalent to ~$857,000) was stolen from RocketSwap on Ethereum layer-2 blockchain.
RocketSwap admits storing private keys on a server, which was exploited through brute force hacking.
An apologetic message was posted on Twitter, expressing regret for the incurred losses.
RocketSwap outlines intentions to distribute airdropped tokens as a form of compensation to affected users.
Reassurances given to projects transitioning from RocketSwap, asserting the safety of their funds and discouraging hasty migration.
Explore the Depths of Knowledge: Research Papers & Blogs🔖
Becoming a web 3 security researcher: Balancing foundations and the attacker mindset.
The Only Audit Methodology You Will Ever Need. 01 - The Dive
Web3 Community Spotlight🔦
Check our walkthrough for the first QuillCTF: Road-Closed
Thanks for reading HashingBits! Share a summary of our newsletter on your social media platforms, tag us, and use the #AwareToEarn hashtag, and you could win 10 USDT as a reward! Help us build a safer Web3 ecosystem and have a chance to earn rewards and support our work.