Value DeFi hacked for the second time in six months
Attackers exploited a bug in Value DeFi's smart contract to drain $10 million out of the platform, in a second attack in six months. In November 2020, the platform had lost $7 million to a flash loan attack, after bragging about their "flash loan attack protection". The group was also discovered to be using a paid actress to pretend to be one of their co-founders.
A bug in the Spartan Protocol platform allows an attacker to steal around $30 million
A flawed calculation pertaining to the liquidity pool of Spartan Protocol allowed an attacker to drain $30 million from the project.
- "Spartan Protocol exploit results in loss of $30M", Cointelegraph
An attempt to incorporate NFTs throws a wrench into a $40 million domain name auction
Frank Schilling, founder of the Uni Naming & Registry (UNR) held an auction for 23 TLDs (the bit at the end of the domain, like .com or .org). These included
.link, .help, .game, and even .christmas. The April auction grossed more than $40 million, but as of mid-December the transactions had not been completed. This is because UNR attempted to add some marketing flair to the auction by including NFTs for each of the TLDs, to go to the auction winners. ICANN, the group responsible for much of the domain world, objected to and withheld consent for the transactions, writing "we sought to understand the impact of the transactions on the Domain Name System ('DNS'), including how Non-Fungible Tokens (NFTs) created on the Ethereum Name Service (ENS) were being used, and were involved in the transactions. ICANN repeatedly asked UNR for documentation or other information related to NFTs in the hopes that UNR would provide fulsome and complete responses."- NFTs trip up Uniregistry's top level domain auctions, Domain Name Wire
Uranium Finance is drained of $50 million in hack
A bug in Uranium Finance, a DeFi exchange based on Binance Smart Chain, allowed an attacker to drain the liquidity pools for multiple token pairs. Uranium had just commissioned an audit which uncovered the bug, but the attack occured two hours before the patch went live. An apparent member of Uranium's development team wrote that they believed the attack had been the result of leaked information.
German museum accidentally burns two valuable Cryptopunks NFTs in copy-paste error
An employee of the ZKM Centre for Art and Media in Karlsruhe accidentally sent two of their four Cryptopunk NFTs back to its smart contract address. This is referred to as "burning" the NFTs, because the address is inaccessible and the NFTs are permanently impossible to trade as a result. The employee had copied the Cryptopunks contract address while browsing Etherscan, and didn't realize that was what he was pasting while making the transfer — wallet addresses are long hex strings like 0xb47e3cd837ddf8e4c57f05d70ab865de6e193bbb and are prone to errors like this since they are not easily distinguished at a glance. The two NFTs were originally acquired for the museum for approximately $100 each in 2017, and are individually valued at around $187,000 as of January 2022.
CEO of Turkish crypto exchange Thodex apparently makes off with $2 billion in investments
Turkish Bitcoin exchange Thodex halted trading and limited customers' access to their investments, claiming it was to investigate suspicious activity and swearing it was not an exit scam. With an international manhunt now underway for the Thodex CEO, and no sign of the approximately $2 billion that was invested in the platform, it seems awfully likely it was a rug pull.
$80 million taken from EasyFi lending platform
Hackers compromised a computer belonging to EasyFi founder Ankitt Gaur, accessing his private keys which allowed them to transfer $6 million in stablecoins and $120 million worth of EASY. The price of EASY crashed as a result of the low liquidity, limiting the hacker's total payout to around $80 million. EasyFi followed the breach with a hard fork to "EZ 2.0", and compensated users with a mix of stablecoins and "IOU tokens" that could later be redeemed for discounted EZ.
Africrypt investors disappear with $3.6 billion of investor funds
The two founders of a South Africa-based crypto investment firm called Africrypt claimed they had been hacked, and all assets had been stolen. The duo disappeared as legal action began, and as skepticism grew as to the veracity of that story.
FTX loses $800 million to MobileCoin market manipulation
At some point in April 2021, a trader on the FTX cryptocurrency exchange successfully exploited the firm for around $800 million. They were able to take positions in relatively illiquid crypto tokens, including MobileCoin and BTMX, then manipulate the token prices to appear much higher than their true market value (for example, MobileCoin spiked to $70 a token, rather than around $6). Using these falsely high-valued tokens as collateral, the trader was able to borrow around $800 million in more liquid tokens, abandoning the relatively valueless collateral on the exchange.
During the October 2023 criminal trial of FTX founder and CEO Sam Bankman-Fried, he gave more detail on how the exploit took place, and admitted that he personally had disabled FTX's automatic liquidation systems for this account. Though he intended to closely monitor the account to prevent any losses to FTX, he said that it was actually his actions that allowed the trader to drain such a massive quantity of assets from the exchange.
Prosecutors alleged that Bankman-Fried later had his cryptocurrency trading firm, Alameda Research, shoulder the loss, saying that he'd hoped it would be less visible on Alameda's balance sheets than on FTX's.
- "The FTX trial, day fourteen: Same events, new stories", Newsletter by Molly White
Creators of "Turtledex", a project offering decentralized storage, make off with $2.5 million
24 hours after pre-sale, the team behind Turtledex drained $2.5 million from the liquidity pool and disappeared. Turtledex's smart contract had been audited shortly before the sale, with no major issues found, leading some to question the point of such audits.