Hacks in October:
1. Autoshark Finance
Oct 2, 2021: DeFi protocol AutoShark Finance on the Binance Smart Chain was attacked by a flash loan attack.
Root cause: Economic attack
Loss: approx. $580,000
Reference: Auto Shark Finance fell to Flash-Loan Attacks
2. Compound
Oct 4, 2021: Compound Finance mistakenly distributed a total of 202,472 COMP tokens worth $68.8 Million to users due to the loopholes in the liquidity mining token distribution contract.
Root cause: Smart contract vulnerabilities
Loss: $68.8 Million
Reference: COMPOUND — REKT
3. Liquid Network
Oct 5, 2021: The Bitcoin sidechain Liquid Network launched by Blockstream encountered block signature-related issues after the recent upgrade, resulting in no block generation for more than 7 hours.
Root cause: Block signature problem
Loss: NA
4. Evolved Apes
Oct 6, 2021: Evolved Apes, a collection of 10,000 Ape NFTs anonymous developers known as Evil Ape disappeared with NFTs worth 798 ETH. The official website and Twitter handles of Evolved Apes were deleted.
Root cause: Scam
Loss: 798 ETH (approx. $2.7 Million)
Reference: ‘Evolved Apes’ NFT Developer Disappears with — $2.7 Million in Ether
5. CryptoRom
Oct 15, 2021: Researchers at cybersecurity firm Sophos Labs have unearthed that crypto fraud application CryptoRom has stolen at least $1.4 million by using dating sites and apps to lure social-engineer victims to install fake cryptocurrency apps on iPhone and Android.
Root cause: Scam
Loss: approx. $1.4 Million)
Reference: CryptoRom: How scammers are using Tinder and Bumble to steal $1.4 mn in BTC
6. Indexed Finance
Oct 15, 2021: Passive income protocol Indexed Finance was hacked due to a vulnerability in the protocol’s smart contracts. The hacker managed to trick the algorithm into calculating the pool’s value much lower than it should have been, and thus minted huge quantities of the pool’s index tokens which were then burned to claim the underlying assets.
Root cause: Smart contract vulnerabilities
Loss: approx. $16 Million
Reference: Indexed Attack Post-Mortem
7. Glide Finance
Oct 18, 2021: Glide Finance, a DEX on the Elastos Smart Chain (ESC) was exploited due to the team making a fee-change parameter post-audit but failed to update a number on a contract to 10,000 from 1,000.
Root cause: Project team ops failure
Loss: approx. $300,000
Reference: Glide Finance Twitter Announcement
8. Pancake Hunny
Oct 20, 2021: The DeFi protocol Pancake Hunny on BSC was attacked by a flash loan attack.
Root cause: Smart contract vulnerabilities
Loss: 388 BNB and 1.7M TUSD (approx. $1.9 million)
Reference: PancakeHunny Incident Report
9. Avaterra Finance
Oct 21, 2021: Avalanche eco-protocol Avaterra Finance was hacked with a serious vulnerability in the minting contract. The hacker called the mint() function from a custom element of the contract to mint unlimited tokens from the Goose forked project and later dumped thousands of tokens.
Root cause: Smart contract vulnerabilities
Loss: Unknown
Reference: Avaterra Finance Hacked, Exposing Severe Flaws
10. Alpha Finance
Oct 23, 2021: 20 addresses on Alpha Homora V2 are impacted and lost a total of 40.93 ETH due to MEV bot attack.
Root cause: Smart contract vulnerabilities
Loss: 40.93 ETH
Reference: MEV Bots & Uniswap Implicit Assumptions
11. Cream Finance
Oct 27, 2021: DeFi lending protocol Cream Finance was attacked by a flash loan attack. The Ethereum C.R.E.A.M. v1 lending markets were exploited and liquidity was removed.
Root cause: Smart contract vulnerabilities
Loss: $130 Million
Reference: C.R.E.A.M. Finance Post Mortem
12. Autoshark Finance
Oct 29, 2021: DeFi protocol AutoShark Finance suffered a hack on its BSC platform. An attacker manipulated the NOVA-BNB pool of ShibaNOVA by swapping back and forth many times.
Root cause: Smart contract vulnerabilities
Loss: $2 Million
Reference: Post Mortem Review
13. AnubisDao
Oct 29, 2021: AnubisDAO, the OHM imitation project was rugpulled for 13,556 ETH. The team withdrew its liquidity pool one day after it went online.
Root cause: Scam
Loss: 13,556 ETH
Reference: Twitter Post
14. BXH
Oct 30, 2021: BXH, a DeFi eco-platform that provided its users with an artificial intelligence-powered yield farming aggregator was attacked on Binance Smart Chain (BSC). Assets on HECO, OEC and Ethereum are safe.
Root cause: Unknown
Loss: over $130 Million
Reference: BSC-based DeFi protocol BXH attacked and $139 million stolen
The crypto industry has generated a lot of excitement; however, there are a lot of risks involved. Security incidents occur from time to time, all users should enhance their own security awareness to avoid serious losses.
InsurAce.io currently offer insurance protections for:
- Smart contract vulnerability risk: the smart contract of the covered protocol gets hacked;
- Custodian risk: the custodian gets hacked where the user loses more than 10% of their funds, and/or withdrawals from the custodian are halted for more than 90 days;
- IDO event risk: the smart contract of the covered IDO platform gets hacked
- Stablecoin De-Peg risk: the stablecoin moves significantly below its pegged price
Get your investment funds protected with InsurAce.io: Buy Cover
About InsurAce.io
InsurAce.io is a decentralized multi-chain insurance protocol, to empower the risk protection infrastructure for the DeFi community. InsurAce.io offers portfolio-based insurance products with optimized pricing models to substantially lower the cost; launches insurance investment functions with flexible underwriting mining programs to create sustainable returns for the participants, and provides coverage for cross-chain DeFi projects to benefit the whole ecosystem.
At the time of writing, InsurAce.io has provided coverage to 80+ protocols, safeguarding over $120M DeFi assets on 10+ public chains.
InsurAce.io is backed by DeFiance Capital, Parafi Capital, Alameda Research, Hashkey group, Huobi DeFiLabs, Hashed, IOSG, Signum Capital, LongHash Ventures and a dozen of other top funds.
Join InsurAce.io community:
Website | Twitter | Telegram | LinkedIn | Announcements | Medium