Hacker nets $6.3 million in Belt Finance exploit
Belt Finance fell victim to a flash loan attack which netted an attacker $6.3 million. This was yet another exploit targeting a protocol built on the Binance Smart Chain protocol, following other attacks over the previous five months on C.R.E.A.M. Finance, bEarn, Bogged Finance, Uranium Finance, Meerkat Finance, SafeMoon, Spartan Protocol, BurgerSwap, and PancakeBunny.
- "Belt Finance loses millions in latest BSC-based DeFi exploit", Cointelegraph
- "Belt", Rekt
SEC begins case against those involved in alleged $2 billion BitConnect fraud
The SEC filed an action against five individuals that they alleged promoted unregistered securities in a $2 billion investment scheme, which they described as a "lending program". In September, the SEC also charged BitConnect's founder, Satish Kumbhani, for his role in the scheme, as well as an additional promoter.
- " SEC Charges U.S. Promoters of $2 Billion Global Crypto Lending Securities Offering", U.S. Securities and Exchange Commission
- SEC v. BitConnect
"Trivial" bug costs BurgerSwap $7.2 million
A missing line of code made it "trivally" easy for an attacker to use a flash loan attack to pull $7.2 million from the DeFi platform BurgerSwap. BurgerSwap said it would "strive to cover all [users'] loss".
Attackers drain $3 million from BOG liquidity pool
Attackers exploited a flaw in the smart contract of Bogged Finance's BOG token to drain half the liquidity pool, equivalent about $3 million. This resulted in the BOG token tanking in value from about $1.80 to $0.0003.
Rumors swirl around what actually happened with DeFi100: a rug pull, or a simple website defacement?
DeFi100, a Binance-based DeFi protocol, suddenly replaced its website with a statement: "We scammed you guys and you can't do shit about it". One crypto analyst estimated a scam would've netted the team $32 million. However, the developers subsequently denied the scam and claimed the website had been hacked, restoring it soon after. Although the developers maintain they never stole any money, rumors around what actually happened sank the project.
$45 million stolen from PancakeBunny Finance
A hacker used flash loans to manipulate the price of other token pools, to then exploit a bug in PancakeBunny logic that calculates how many tokens should be minted. They were able to mint and then sell 7 million tokens, making off with $45 million and tanking the price of BUNNY tokens from $146 to $0.90. PancakeBunny tweeted shortly after the attack that they would be "working on a reimbursement plan" for those affected.
FinNexus "hacked" for $7.6 million in likely inside job
A decentralized finance project called FinNexus was reportedly hacked for $7.6 million, in what was widely speculated to actually be a rug pull by the project's developers.
The theft appeared to have been enabled by someone who had access to the project's admin key, and was able to change the token owner to an address where they then minted and withdrew tokens, amounting to a $7.6 million theft.
Hacker drains $10.85 million from bEarn Fi
An attacker pulled $10.85 million in funds out of one of bEarn Fi's vaults by exploiting a bug that allowed them to withdraw more funds than they deposited. bEarn promised to compensate affected users with 105% of the amount they lost.
$24.5 million emptied from xToken platform
A flash loan attack allowed hackers to exploit two vulnerabilities in the xToken DeFi platform and steal $24.5 million. This was the first of two large-scale hacks of the platform this year.
Value DeFi hacked twice in one week, three times in six months
After a $10 million hack just two days prior, Value DeFi had another $11 million stolen after attackers found and exploited a different bug in their smart contract.