5 DeFi projects that have successfully recovered from exploits and hacks
The DeFi community is once again questioning the „test in prod“ approach.
The latest operations concerned the brand new Homora v2 from Alpha Finance Lab and Iron Bank from CREAM Finance.
The Cover Protocol exploitation is probably the most spectacular on this list
The DeFi (decentralized finance) community is once again questioning the “test in production” approach after an exploit led to a deficit of $ 37.5 million at Alpha Finance Labs and CREAM Finance. This week, BeInCrypto takes a look at five DeFi projects that got back on their feet after being mined.
COMP is a decentralized finance lending (DeFi) platform that allows users to borrow and staker to lend without resorting to third parties.
It currently has over $ 5.25 billion in total blocked value (TVL). This makes it the third largest DeFi project, behind Aave ( AAVE ) and Maker (MKR).
In November of last year, an error or malicious attack exploited an oracle in the Coinbase database that the platform used to fix the value of stablecoin dai (DAI). The mistake, or attack, pushed the price of stablecoin up to $ 1.30.
As compound loans require over-collateralization, the sudden rise in the price of DAI has left borrowers unsecured, with many of their funds having been liquidated.
On February 5, 2021, Yearn Finance’s yDAI safe was exploited resulting in a loss of $ 11 million. This consisted of a series of flash loans taken out with the dYdX and Aave pools. The responsible hacker then used these loans as collateral for another loan on Compound’s platform.
Essentially, the hacker tried to take advantage of the price difference in Yearn’s coffers to accumulate Curve DAO Token (CRV) to sell for stablecoins.
The hacker would not have pocketed the full $ 11 million, as the cost of the attack was $ 8.5 million
SushiSwap is an automated market maker (AMM) that branched off last year from its rival, the DeFi protocol Uniswap, in the midst of a centralization feud.
In January of this year, an opportunistic SUSHI user discovered a flaw that allowed him to steal 81 ETH (worth about $ 103,842, at the time).
The operation consisted of a transaction using Badger DAO’s DICG token. The transaction was aimed at converting a small amount of fees into a DICG / WBTC pool through a DICG / ETH pool.
The latter had extremely low liquidity (and therefore high slippage), resulting in relatively high fees. The opportunistic hacker essentially attempted to claim these charges, using a bug that redirected charges from the stakers.
It should be noted, however, that the amounts involved were relatively small, with one Twitter user saying that the exploitation had limited impact.
Old loopholes opened up give a hacker a small reward.
24 hours of DIGG/WBTC swap fees snatched by an opportunist.
It ain’t much, but is it honest work?
The exploitation of Cover Protocol is probably the most spectacular on this list. This time, a Grap Finance hacker (although not known at the time) used an exploit to strike 40 quintillion COVER tokens .
These tokens were under the direct control of the hacker who quickly removed them to Binance. The increased supply, as well as the “dumping” of the hacker in the COVER / ETH markets, caused the price of COVER to drop by more than 50% in a matter of minutes.
Additionally, as the market focused on what was happening, the token’s value dropped from $ 720 to less than $ 100. The attack prompted Binance to halt trading , as well as Cover’s team to halt the token as a whole.
Fortunately, the hacker returned the funds and Binance even reimbursed traders who had “bought the decline” on its own SaFu fund.
Next time, take care of your own shit.@CoverProtocol @chefcoverage https://t.co/ks94ucdoRQ
Finally, the operation of a most recent DeFi project concerns the new Homora v2 version of Alpha Finance Lab and the Iron Bank of CREAM Finance.
This exploitation allowed a hacker to extract 37.5 million dollars. According to a post mortem analysis of the event, it involved Homora v2 loans being deposited in CREAM Finance’s Iron Bank.
ALPHA users familiar with this exploitation pointed out that only someone with knowledge beyond what was publicly available could be responsible for the attack.
The autopsy confirmed it. She indicated that the common financing fund used in the operation was at the level of the contract on HomoraBankV2 for an upcoming launch.