Back to the list

Defi Hack Alert: NowSwap losses over $1 Million in cyber attack


coingape.com 15 September 2021 11:27, UTC
Reading time: ~2 m

According to news from the Analytic group, PeckShield, the DEX protocol, NowSwap was hacked and lost more than 1 million USD in funds. The attackers stole 535,000 USDT and 158 WETH. USDTs are converted to ETH through the distributed network service, 1inch, and further transferred to the Ethernet Square anonymous trading platform, Tornado Cash. Furthermore, the hackers used an invalid ‘K’ value check in the pair contract of NowSwap to attack the protocol.

Indeed, the current implementation only enforces 1/10 of K! The hacker grabs 535K USDTs and 158 WETHs. The USDTs have been swapped into ETH via @1inch and then washed via @TornadoCash https://t.co/IFXySRn1kV

— PeckShield Inc. (@peckshield) September 15, 2021

Defi Hack History

CREAM Finance Hack

The Defi hack trend has been spreading like wildfire and protocols are dreading if they could be the next victim. Recently, the Defi protocol platform CREAM Finance also suffered its first-ever direct Defi protocol exploit. The organization shared that the hack was in phases, with the main exploit along with a smaller copy-cat. CREAM Finance with PeckShield’s help revealed that the exploit was caused because of an error in the way C.R.E.A.M. Finance integrated AMP into its protocol.

“At approximately 12 pm on 31st August (UTC +8), C.R.E.A.M. Finance was exploited for 462,079,976 in AMP tokens and 2,804.96 ETH tokens.”, CREAM Finance clarified the exploit amount.

PolyNetwork Hack

PolyNetwork, the cross-chain Defi protocol suffered the largest Defi hack worth $610 million. The protocol was hacked on 10th August, where the hacker managed to override permission from the “bookkeepers.” The hacker transferred stolen funds to three different blockchain wallets of Ethereum, Binance, and Polygon. Most of the funds were converted to stablecoins USDC, USDT, and BUSD. However, the attacker recently returned all funds through a private key.

Neko Network Hack

Following the PolyNetwork hack, Neko Network was also attacked and lost over 2 million in Stablecoins. Neko Network attacker’s address obtained 2 million USDT, 390,000 BUSD, and 1 BTCB. The attackers used PancakeSwap on the Binance Smart Chain to exchange the stolen stablecoins with BNB. However, in the Neko Network hack, the Defi protocol has only received a partial return from the hackers.

DAO Hack

Dao Maker, a crowdfunding platform was attacked last month and lost over $7 million in USDC that were later converted into 2,261 ETH. According to one estimate, 9,000 to 10,000 USDC accounts on DAO Maker could have been affected by the hack.

Back to the list