DeFi protocols lose $38.9M in January exploits

Top 5 Smart Contract Protocols Suffering Losses in January 2022 Due to Crypto Exploits and Hacks

Quantstamp, a DeFi security startup, has identified the top five smart contract protocols that were hit the hardest by crypto exploits and hackers in January 2022.

In a recent post on social media platform X, Quantstamp revealed that malicious actors used various attack methods, such as smart contract hacks, key compromises, and scams, resulting in total losses of $38.9 million in the first month of the year.

One of the most significant losses was suffered by Radiant Capital, with $4.5 million taken in a flash loan attack. This issue was identified by blockchain security firm PeckShield as a “known rounding issue” in the current Compound/Aave codebase.

To address the problem, the DeFi lender suspended its USD Coin (USDC) pool on Arbitrum and conducted an investigation. Fortunately, Radiant assured users that their funds were secure, and operations resumed after the issue was resolved.

Crypto Attacks Plague Industry in January 2022

In the month of January 2022, the cryptocurrency industry faced a series of attacks, causing significant losses for various platforms and users. These incidents highlight the need for stricter regulations and better security measures in the crypto space.

Gamma Strategies and Radiant Flash Loan Attacks

On January 4, just hours after the Radiant attack, Gamma Strategies also fell victim to a flash loan attack, resulting in a code bug that allowed hackers to steal $6.1 million from the platform’s public-facing vaults. To address the issue, Gamma had to temporarily halt deposits and fix the vulnerability.

Wise Lending and Price Oracle Manipulation

Wise Lending suffered a loss of at least $460,000 on January 12 in a flash loan attack. The exploit involved manipulating the price oracle used by the lending app, marking the second attack on the platform in six months. The hackers were able to drain 170 Ether (ETH) from the platform.

Socket and User Verification Vulnerability

On January 16, Socket, a multichain protocol, experienced a security breach due to a vulnerability in user verification input. This allowed hackers to steal nearly 2,000 ETH, valued at over $4 million. However, the platform was able to recover 1,032 ETH (approximately $2.3 million) and reimburse all affected users as part of their plan to restore user funds.

Goledo Finance and Flash Loan Attack

On January 28, Goledo Finance suffered a similar fate as Gamma, falling victim to a flash loan attack that resulted in the theft of $1.7 million. Negotiations with the perpetrator are still ongoing, and the platform has announced a reward for the return of the stolen funds.

Conclusion: Crypto Industry in Need of Better Regulations and Security Measures

These attacks highlight the growing need for stricter regulations and better security measures in the cryptocurrency industry. As the industry continues to grow, it is crucial to address these vulnerabilities and protect users from potential losses.

The decentralized lending platform has announced that the hacker’s accounts on centralized exchanges have been frozen. Goledo is currently assessing the extent of the damage in order to devise a recovery plan, and has also informed local law enforcement about the situation.

The team at Goledo has outlined their process for compensating users and recovering their assets. To facilitate this, they have provided a Google form for affected users to submit their claims.

Categorized in:

Tagged in: