Another eventful month has unfolded in the world of blockchain security, with this month's highlights featuring a staggering amount of stolen assets!
Our Latest Research
Secure Proxy Models: Understanding Beacon Proxies
The Hacks
KyberSwap - $47M - The multi-chain decentralised exchange aggregator implemented a vulnerable smart contract that allowed the attacker to manipulate the liquidity pool with the use of flash loans.
Aerodrome and Velodrome DeFi - $40k - This hack was carried out in the Web2 space, where the attacker compromised the domain name system (DNS) to take control of the official website links, which would redirect users to a phishing site associated with a malicious contract that would steal user's funds.
HECO Bridge and HTX - $100M - Both projects are associated with Justin Sun and have suffered a massive security breach potentially orchestrated by the Lazarus Group.
Kronos Research - $25 M - An API key compromise, usually referred to as a Web2 vulnerability, was the lead cause of this hack.
dYdX DEX and YFI Token - $9M - Market manipulation attack, not strictly a cybersecurity related issue, but nevertheless a significant loss for the space.
Raft Protocol - $3.3M - The attacker artificially inflated the collateral value within the protocol by utilising flash loans which led to them minting millions of extra R stablecoins.
Poloniex - $126M - Another hack affecting an exchange affiliated with Justin Sun.
Onyx Protocol - $2.1M - The protocol fell victim to a classic smart contract vulnerability, read-only reentrancy.
Other
Rug Pulls and How to Avoid Them
For real-time hack alerts visit: https://twitter.com/rivanorthSec
Rivanorth is a global boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit rivanorth.com to find out more.
You build the future. We help you secure it.