Rumors swirl around what actually happened with DeFi100: a rug pull, or a simple website defacement?

DeFi100, a Binance-based DeFi protocol, suddenly replaced its website with a statement: "We scammed you guys and you can't do shit about it". One crypto analyst estimated a scam would've netted the team $32 million. However, the developers subsequently denied the scam and claimed the website had been hacked, restoring it soon after. Although the developers maintain they never stole any money, rumors around what actually happened sank the project.

$45 million stolen from PancakeBunny Finance

A hacker used flash loans to manipulate the price of other token pools, to then exploit a bug in PancakeBunny logic that calculates how many tokens should be minted. They were able to mint and then sell 7 million tokens, making off with $45 million and tanking the price of BUNNY tokens from $146 to $0.90. PancakeBunny tweeted shortly after the attack that they would be "working on a reimbursement plan" for those affected.

FinNexus "hacked" for $7.6 million in likely inside job

A decentralized finance project called FinNexus was reportedly hacked for $7.6 million, in what was widely speculated to actually be a rug pull by the project's developers.

The theft appeared to have been enabled by someone who had access to the project's admin key, and was able to change the token owner to an address where they then minted and withdrew tokens, amounting to a $7.6 million theft.

Hacker drains $10.85 million from bEarn Fi

An attacker pulled $10.85 million in funds out of one of bEarn Fi's vaults by exploiting a bug that allowed them to withdraw more funds than they deposited. bEarn promised to compensate affected users with 105% of the amount they lost.

$24.5 million emptied from xToken platform

A flash loan attack allowed hackers to exploit two vulnerabilities in the xToken DeFi platform and steal $24.5 million. This was the first of two large-scale hacks of the platform this year.

Rari Capital exploited for $15 million

An attacker exploited a Rari Capital ETH pool, stealing ETH worth around $15 million. The theft caused the price of Rari's governance token to plummet by around 50%.

Value DeFi hacked twice in one week, three times in six months

After a $10 million hack just two days prior, Value DeFi had another $11 million stolen after attackers found and exploited a different bug in their smart contract.

Value DeFi hacked for the second time in six months

Attackers exploited a bug in Value DeFi's smart contract to drain $10 million out of the platform, in a second attack in six months. In November 2020, the platform had lost $7 million to a flash loan attack, after bragging about their "flash loan attack protection". The group was also discovered to be using a paid actress to pretend to be one of their co-founders.

A bug in the Spartan Protocol platform allows an attacker to steal around $30 million

A flawed calculation pertaining to the liquidity pool of Spartan Protocol allowed an attacker to drain $30 million from the project.

An attempt to incorporate NFTs throws a wrench into a $40 million domain name auction

Frank Schilling, founder of the Uni Naming & Registry (UNR) held an auction for 23 TLDs (the bit at the end of the domain, like .com or .org). These included .link, .help, .game, and even .christmas. The April auction grossed more than $40 million, but as of mid-December the transactions had not been completed. This is because UNR attempted to add some marketing flair to the auction by including NFTs for each of the TLDs, to go to the auction winners. ICANN, the group responsible for much of the domain world, objected to and withheld consent for the transactions, writing "we sought to understand the impact of the transactions on the Domain Name System ('DNS'), including how Non-Fungible Tokens (NFTs) created on the Ethereum Name Service (ENS) were being used, and were involved in the transactions. ICANN repeatedly asked UNR for documentation or other information related to NFTs in the hopes that UNR would provide fulsome and complete responses."

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.