An attacker steals $3 million from the PAID Network
A contract exploit allowed a hacker to mint almost 60 million PAID tokens (priced at around $160 million based on the value before the attack) on the PAID Network. The hacker then made off with about $3 million in Ethereum from their efforts. The attack caused the PAID token to crash about 88% in value over the course of a day, from around $2.86 to $0.32.
Meerkat DeFi team briefly rug-pulls $31 million before returning the funds with an odd explanation
The team behind the Meerkat DeFi protocol claimed they had been victims of a hack, but subsequently disappeared from the web after the equivalent of $31 million in Binance Coin (BNB) and BUSD was pulled from the project. Two days later, a developer for the project wrote that the project had been a "test [of] user greed and subjectivity", and aimed to "[help] users realize the potential danger in smart contracts [and] the subjectivity in the audit processes of audit companies." The developer wrote that all victims would be refunded. Some believed that the bizarre "experiment" explanation was to cover that Binance had stepped in to address the scam.
$37.5 million stolen from C.R.E.A.M. lending platform
A hacker was able to code a smart contract that tricked C.R.E.A.M. into believing it was from a trusted source. They were then able to make off with $37.5 million worth of Ethereum and stablecoins in what was only the first of several major exploits of the platform in 2021.
Yearn Finance loses $11 million to a hack
An exploit in Yearn Finance's yDAI vault resulted in an $11 million loss to the platform, though "only" $2.8 million of this went to the hacker.
- "Yearn.Finance puts expanded treasury to use by repaying victims of $11M hack", Cointelegraph
- "Yearn Finance suffers exploit, says $2.8 million stolen by attacker out of $11 million loss", The Block
- "DeFi platform Yearn moves to restore exploited 'vault' less than a week after $11 million loss", The Block
Tether pays $18.5 million in penalties; NY Attorney General alleges they don't have the cash reserves they claim
The stablecoin Tether swears up and down that it's fully backed by actual currency, but the New York Attorney General doesn't agree. Tether paid $18.5 million in penalties, was banned from trading in New York, and agreed to submit transparency reports for two years in exchange for ending the long-running legal dispute.
- "Tether, Bitfinex to pay $18.5M to NYAG, cease trading in New York", Amy Castor
- "The curious case of Tether: a complete timeline of events", Amy Castor
- "Cryptocurrency firms Tether and Bitfinex agree to pay $18.5 million fine to end New York probe ", CNBC
- Press release from the New York Attorney General
PopcornSwap rug pulls
PopcornSwap launched on BNB Chain and then immediately drained its liquidity pool, making off with tokens priced at around $2 million.
Binance stated that they had been able to freeze users' assets on the BNB Chain partway through the incident. However, as of June 2023, Binance had not taken any steps to return the frozen funds to their original owners.
Saddle Finance exploited within hours of launch
The Saddle Finance defi project, a fork of the Curve Finance project, launched on January 20. It promised it would "eliminate slippage".
The project was exploited only hours later, by attackers who stole more than 7.9 BTC (~$275,000) by taking advantage of high slippage on the platform.
- "Saddle Finance", Rekt