Decentralized platforms have become a popular target among hackers. In February, DeFi platforms lost around $21 million to attackers. According to the DefiLlama report, Platypus Finance was highly attacked by flash loans resulting in a $8.5 million loss. The report highlighted six more hacks that affected the firm the previous month. According to US Blockchain analysis, scammers swiped around $1.3 billion from cryptocurrencies, and 97% was from DeFi platforms in the previous year.
The Financial Stability Board (FSB) released a report on DeFi platforms loopholes in February. DeFi is similar to traditional finance in terms of its functions. DeFi’s unique characteristics like “Operational fragilities, liquidity and maturity mismatches, leverage and interconnectedness” may affect the platform, FSB highlighted in a report.
At the start of Feb, BonqDAO tweeted that Bonq protocol was exposed to an oracle hack where the exploiter increased the price of AllianceBlock (ALBT) token and minted huge amounts of Bonq Euro (BEUR). On February 2, the ALBT token issuer AllianceBlock said that the hackers manipulated nearly $5 million of ALBT tokens on Bonq. The firm assured users that none of its smart contracts was breached during the hack.
On February 2, Orion protocol suffered a $3 million loss due to a reentrancy issue on its core contract. According to the tweet, attackers used malicious smart contracts to drain targeted users’ funds with repeated withdrawal orders. Orion protocol CEO Alexey Koloskov assured users by saying that staking and pools on the platform have not been affected.
We have been investigating this very sophisticated attack from the minutes it occurred. We will not reopen the Deposit function until we feel confident that the bug has been fixed which will only be after successfully passing new audits from leading audit firms.
— Alexey Koloskov (@alexeykoloskov) February 2, 2023
After the Orion protocol exploits, dForce Network was affected with a $3.65 million loss on Feb 12 due to a reentrancy attack. However, the firm reacted to the exploit and recovered all the funds from the hacker. “On Feb 13 2023 the exploited funds were fully returned to our multisig on both Arbitrum and Optimism, a perfect ending for all,” dForce tweeted.
2/5 Shortly after the incident, we entered into conversations with the exploiter, who came forward as a whitehat. We have agreed to offer a bounty and will drop all on-going investigation and law enforcement actions.
— dForce (@dForcenet) February 13, 2023
In mid-February, the Platypus community said that the hacker targeted a loophole in the USP solvency verification process, resulting in an $8.5 million loss. The firm tweeted that “They used a flash loan to exploit a logic error in the USP solvency check mechanism in the contract holding the collateral.”
#CertiKSkynet Analysis
— CertiK Alert (@CertiKAlert) February 16, 2023
Today @Platypusdefi project was attacked via flash loans on AVAX resulting in total losses of ~$9M worth of assets. At this time, most of the stolen funds remain in the attacker’s contract address, with some sent to an EOA and AAVE pool.
Read 🧵 👇 https://t.co/M8b4EVc03e
Flash loan attacks are still dominant in the recent hacks list, most DeFi platforms, including Deus DAO in April 2022, Nirvana Finance in July 2022, New Free DAO and Mango Markets in September and October months, respectively. At press time, total value locked (TVL) in DeFi is $48.23 billion, down by 0.23%.