Barely three months into another year and the cryptocurrency industry has recorded a fairly significant loss through cyber theft.
According to blockchain analytic platform DeFiLlama, in February alone, the industry reported about seven Decentralized Finance (DeFi)-based attacks which amounted to $21 million in digital assets. Most of these scams were perpetrated via re-entrance price oracle attacks and exploits.
BonqDAO’s price oracle attack was the first to hit the DeFi ecosystem on the first day of February. The bad actors responsible for the attack siphoned $5 million worth of AllianceBlock (ALBT) tokens from the decentralized borrowing protocol. AllianceBlock clarified that none of its smart contracts was compromised as a result of the attack on BonqDAO.
The hacker manipulated the protocol and increased the ALBT price and also minted a huge amount of Bonq Euro (BEUR). Next, the BEUR was swapped for other tokens on the decentralized crypto exchange Uniswap. The price was then reduced to zero, leading to the liquidation of the ALBT troves.
Only the next day, another breach hit the DeFi ecosystem, specifically Orion Protocol leading to the loss of $3 million in crypto. This was a reentrancy scam where the scammers leveraged a malicious smart contract to siphon funds repeatedly from an account. Orion Protocol Chief Executive Officer (CEO) called the exploit a ‘very sophisticated attack” which has been under investigation.
Platypus Finance Loses $8.5M in Mid-February
One striking exploit due to its size was the one carried out on Platypus Finance in Mid-February. The one-way automated market maker (AMM) DeFi protocol lost $8.5 million to a reentrancy attack.
As a result, its United States dollar-backed stablecoin was one-legged, causing a 52.2% drop at the time. Platypus Finance took to Twitter to explain how the attack was perpetrated on its platform.
“Dear Community, We regret to inform you that our protocol was hacked recently, and the attacker took advantage of a flaw in our USP solvency check mechanism. They used a flash loan to exploit a logic error in the USP solvency check mechanism in the contract holding the collateral.”
The other attacks are the dForce network $3.65 million exploit, Arbitrum-based algorithmic stablecoin project Hope Finance $2 million exploit, multichain exchange aggregator Dexible $2 million exploit, and LaunchZone $700,000 scam. The crypto winter year 2022 ended with almost $3.5 billion in losses in crypto, and now it already seems like 2023 is reliving the moment.