- According to Chainalysis, hackers have raked in $718 million so far in October
- At least four known exploits targeted DeFi protocols on October 11 alone
The culprit behind the $112 million siphoned off by Mango Markets, a decentralized financial trading platform on the Solana blockchain, could be having payout issues.
The attacker manipulated the mango governance token (MNGO) spot price on centralized exchanges, then used the inflated coins as collateral to borrow stablecoins, leaving the protocol with irrecoverable debt once the price of MNGO returned to earth.
The exploiter then suggested returning a fraction of the funds via the platform’s governance system. In a curious twist, the exploiter’s address turned out to be the leading “yes” for this proposal.
The illegitimate stablecoins can be traced on the Solana blockchain to corresponding USD coin (USDC) transfers on Ethereum. Funds were then swapped into dai (DAI) through a decentralized exchange, removing the risk of a freeze by USDC Issuer Circle.
“Circle is investigating the incident in question and will take appropriate action,” a Circle spokesperson told Blockworks.
The Ethereum wallet that received the stolen funds now contains over $30 million in assets, including the ENS domain ponzishorter.eth. The wallet has a long history of NFT and DeFi-related transactions — unusual for a heist of this magnitude, where perpetrators tend to limit links to potentially identifying information. This can help law enforcement or exchange investigators trying to connect the address to a real person.
The incident revealed a weakness in Mango Markets’ price oracle, which FTX CEO Sam Bankman-Fried called a risk management failure.
Four DeFi hacks in one day
Mango Markets hack was notable for the large amount of funds stolen. However, it was just one of four attacks on decentralized finance (DeFi) protocols that took place on October 11. In total, about $115 million was stolen.
The second largest exploit targeted TempleDAO, a yield farming DeFi protocol that resulted in the loss of 1,831 Ether or $2.34 million at press time.
Stax, a decentralized application powered by TempleDAO, tracked the address of the responsible actor and, in the meantime, warned users against making further deposits into STAX contracts.
In third place, Layer 1 blockchain QANplatform suffered a bridge hack that took 1.4 billion QANX tokens, or just over $1 million, from the QANX Bridge on both the Binance Smart Chain (BSC) and were withdrawn on Ethereum.
The company stated that only the QANX Bridge smart contract deployer wallet was compromised – and that affected QANX token holders will be compensated.
The latest target on Oct. 11 was Ethereum wallet service Rabby, which reported an exploit in its smart contract for its Rabby Swap feature, resulting in a loss of around $200,000. It is reportedly still tracking the stolen funds.
These attacks happened all days after Binance’s BNB Chain exploit, which affected the BSC Token Hub – the native cross-chain bridge between BNB Beacon Chain and BNB Smart Chain. The hacker successfully extracted around $100 million before being shut down.
BNB Chain is reviewing the next steps to update and fix the vulnerability.
“BNB Chain is now less decentralized than Ethereum, but more decentralized than many others. It will only become more decentralized as our tech team makes further advances,” reads a blog post from the BNB chain.
It’s been a tough year
According to blockchain analysis unit Chainalysis, the month of October – which is not even half over – has seen the highest value hacked all year – so far $718 million across 11 different DeFi protocols.
1/ After four hacks yesterday, October is now the biggest month in the biggest year ever for hacking activity, with more than half of the month still to come. So far this month, $718 million has been stolen from #DeFi protocols across 11 different hacks. pic.twitter.com/emz36f6gpK
— Chainalysis (@chainalysis) October 12, 2022
The second-highest month was March, due to breaching the Ronin network for around $625 million or 173,600 ether and 25.5 million USDC – the largest single hack to date.
Chainalysis suggests that if this trend continues, 2022 will “likely surpass 2021 as the biggest year for hacking on record.”
Over the past year, there have been over 200 hacks and more than $3 billion in losses. There have already been 125 hacks this year as it approaches the $3 billion mark.
Cross-chain bridges appear to be a prime target for hackers, accounting for 82% of losses this month and 64% of losses for the year, according to Chainalysis data.
Youwei Yang, chief economist at bitcoin mining firm BIT Mining Limited, told Blockworks that the technology behind cross-chain bridges “needs to take some time to develop more thoroughly” and attributes most of the problems “to the validators, who are not that big group nor decentralized enough.”
He added that frequent hacks are “another reason why institutional investors — especially old money — aren’t fully ready to join the crypto powerhouse just yet.”
Get the day’s top crypto news and insights delivered to your inbox every night. Subscribe to Blockworks’ free newsletter now.
Learn Crypto Trading, Yield Farms, Income strategies and more at CrytoAnswers
https://nov.link/cryptoanswers

Comments are closed.