Security Incidents in October

Hacks in October:

1. Autoshark Finance

Oct 2, 2021: DeFi protocol AutoShark Finance on the Binance Smart Chain was attacked by a flash loan attack.

Root cause: Economic attack

Loss: approx. $580,000

Reference: Auto Shark Finance fell to Flash-Loan Attacks

2. Compound

Oct 4, 2021: Compound Finance mistakenly distributed a total of 202,472 COMP tokens worth $68.8 Million to users due to the loopholes in the liquidity mining token distribution contract.

Root cause: Smart contract vulnerabilities

Loss: $68.8 Million

Reference: COMPOUND — REKT

3. Liquid Network

Oct 5, 2021: The Bitcoin sidechain Liquid Network launched by Blockstream encountered block signature-related issues after the recent upgrade, resulting in no block generation for more than 7 hours.

Root cause: Block signature problem

Loss: NA

4. Evolved Apes

Oct 6, 2021: Evolved Apes, a collection of 10,000 Ape NFTs anonymous developers known as Evil Ape disappeared with NFTs worth 798 ETH. The official website and Twitter handles of Evolved Apes were deleted.

Root cause: Scam

Loss: 798 ETH (approx. $2.7 Million)

Reference: ‘Evolved Apes’ NFT Developer Disappears with — $2.7 Million in Ether

5. CryptoRom

Oct 15, 2021: Researchers at cybersecurity firm Sophos Labs have unearthed that crypto fraud application CryptoRom has stolen at least $1.4 million by using dating sites and apps to lure social-engineer victims to install fake cryptocurrency apps on iPhone and Android.

Root cause: Scam

Loss: approx. $1.4 Million)

Reference: CryptoRom: How scammers are using Tinder and Bumble to steal $1.4 mn in BTC

6. Indexed Finance

Oct 15, 2021: Passive income protocol Indexed Finance was hacked due to a vulnerability in the protocol’s smart contracts. The hacker managed to trick the algorithm into calculating the pool’s value much lower than it should have been, and thus minted huge quantities of the pool’s index tokens which were then burned to claim the underlying assets.

Root cause: Smart contract vulnerabilities

Loss: approx. $16 Million

Reference: Indexed Attack Post-Mortem

7. Glide Finance

Oct 18, 2021: Glide Finance, a DEX on the Elastos Smart Chain (ESC) was exploited due to the team making a fee-change parameter post-audit but failed to update a number on a contract to 10,000 from 1,000.

Root cause: Project team ops failure

Loss: approx. $300,000

Reference: Glide Finance Twitter Announcement

8. Pancake Hunny

Oct 20, 2021: The DeFi protocol Pancake Hunny on BSC was attacked by a flash loan attack.

Root cause: Smart contract vulnerabilities

Loss: 388 BNB and 1.7M TUSD (approx. $1.9 million)

Reference: PancakeHunny Incident Report

9. Avaterra Finance

Oct 21, 2021: Avalanche eco-protocol Avaterra Finance was hacked with a serious vulnerability in the minting contract. The hacker called the mint() function from a custom element of the contract to mint unlimited tokens from the Goose forked project and later dumped thousands of tokens.

Root cause: Smart contract vulnerabilities

Loss: Unknown

Reference: Avaterra Finance Hacked, Exposing Severe Flaws

10. Alpha Finance

Oct 23, 2021: 20 addresses on Alpha Homora V2 are impacted and lost a total of 40.93 ETH due to MEV bot attack.

Root cause: Smart contract vulnerabilities

Loss: 40.93 ETH

Reference: MEV Bots & Uniswap Implicit Assumptions

11. Cream Finance

Oct 27, 2021: DeFi lending protocol Cream Finance was attacked by a flash loan attack. The Ethereum C.R.E.A.M. v1 lending markets were exploited and liquidity was removed.

Root cause: Smart contract vulnerabilities

Loss: $130 Million

Reference: C.R.E.A.M. Finance Post Mortem

12. Autoshark Finance

Oct 29, 2021: DeFi protocol AutoShark Finance suffered a hack on its BSC platform. An attacker manipulated the NOVA-BNB pool of ShibaNOVA by swapping back and forth many times.

Root cause: Smart contract vulnerabilities

Loss: $2 Million

Reference: Post Mortem Review

13. AnubisDao

Oct 29, 2021: AnubisDAO, the OHM imitation project was rugpulled for 13,556 ETH. The team withdrew its liquidity pool one day after it went online.

Root cause: Scam

Loss: 13,556 ETH

Reference: Twitter Post

14. BXH

Oct 30, 2021: BXH, a DeFi eco-platform that provided its users with an artificial intelligence-powered yield farming aggregator was attacked on Binance Smart Chain (BSC). Assets on HECO, OEC and Ethereum are safe.

Root cause: Unknown

Loss: over $130 Million

Reference: BSC-based DeFi protocol BXH attacked and $139 million stolen


The crypto industry has generated a lot of excitement; however, there are a lot of risks involved. Security incidents occur from time to time, all users should enhance their own security awareness to avoid serious losses.

InsurAce.io currently offer insurance protections for:

  • Smart contract vulnerability risk: the smart contract of the covered protocol gets hacked;
  • Custodian risk: the custodian gets hacked where the user loses more than 10% of their funds, and/or withdrawals from the custodian are halted for more than 90 days;
  • IDO event risk: the smart contract of the covered IDO platform gets hacked
  • Stablecoin De-Peg risk: the stablecoin moves significantly below its pegged price

🚀 Get your investment funds protected with InsurAce.io: Buy Cover


About InsurAce.io

InsurAce.io is a decentralized multi-chain insurance protocol, to empower the risk protection infrastructure for the DeFi community. InsurAce.io offers portfolio-based insurance products with optimized pricing models to substantially lower the cost; launches insurance investment functions with flexible underwriting mining programs to create sustainable returns for the participants, and provides coverage for cross-chain DeFi projects to benefit the whole ecosystem.

At the time of writing, InsurAce.io has provided coverage to 80+ protocols, safeguarding over $120M DeFi assets on 10+ public chains.

InsurAce.io is backed by DeFiance Capital, Parafi Capital, Alameda Research, Hashkey group, Huobi DeFiLabs, Hashed, IOSG, Signum Capital, LongHash Ventures and a dozen of other top funds.

Join InsurAce.io community:

Website | Twitter | Telegram | LinkedIn | Announcements | Medium

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top