Two of Ethereum’s most popular DeFi protocols, Aave and Yearn Finance, have reportedly suffered an exploit. Blockchain security firm PeckShield has directed a tweet to Aave requesting verification of a specific transaction hash. According to the security firm, Yearn Finance was attacked by a flash loan, and the exploit has affected Aave V1, with damage potentially exceeding $11 million. The attacker received a mix of stablecoins from Yearn Finance and Aave, capturing over $10 million in DAI, USDC, BUSD, TUSD, and USDT. Aave has confirmed the transaction but stated that it has not impacted Aave V2 and V3. Aave V1
According to on-chain analysis by security firm BlockSec, the “white hat” exploit was carried out today after the team claimed to have discovered a “misconfiguration” in the token’s smart contract. The pNetwork developers attempted to outrun any malicious hackers by “draining” pgala tokens stored in PancakeSwap pools. These pNetwork-issued tokens are a 1:1 tokenized version of the gala tokens used in the play-to-earn project Gala Games. The tokens are issued whenever users bridge gala tokens from Ethereum’s original chain to the BNB Chain using the pNetwork bridge. Anyone can use pNetwork to lock their assets as collateral in the bridge
Rubic, a decentralized exchange (DEX), has lost over a million tokens as a result of hackers getting hold of an administrator’s wallet’s private keys. The project’s developers disclosed that one of their admins’ wallet addresses, which controlled the RBC/BRBC bridge and staking rewards, had been compromised during the early morning hours of Asia. “We believe malicious software was utilized to gain access to the private keys for the admin wallet,” they continued. The native token of Rubic is RBC, and the wrapped version is BRBC. In order to lower transaction costs and give more people the chance to use Rubic’s
A launchpad for the Near Protocol called Skyward Finance was drained for $3 million in wrapped Near tokens. The Skyward Finance team confirmed the fraud, saying that “a contract exploit has been used to drain the Skyward Treasury.” The exploit, according to security company BlockSec, was used in just one transaction. In this transaction, the hacker redeemed from Skyward’s Treasury Contract more than 1.1 million wrapped Near tokens worth $3 million in a loop. Anyone who desired to exchange wrapped Near tokens for Skyward Finance tokens was able to use the contract. According to a statement provided by the company,
UvToken, a multi-chain wallet project, has lost $1.45 million due to a smart contract exploit. UvToken, a multi-chain crypto wallet, has been hacked for 5,011 BNB tokens (1.45 million), with the funds already routed into authorized crypto mixer Tornado Cash. This comes in the midst of a flurry of hacks and exploits this month, which appears to be a particularly bad month for DeFi projects. According to security firms Ancilia and Peckshield, the incident occurred on the BNB Chain blockchain on Thursday morning around 1 a.m. ET time. UvToken acknowledged the exploit, claiming that its “staking project” had been compromised.
A hacker stole 30,437 OHM tokens (about $300,000) from one of Olympus DAO’s Ethereum smart contracts. According to security firm PeckShield, the incident occurred because a contract failed to properly validate the hacker’s illicit fund transfer request. The contract in question, known as “BondFixedExpiryTeller,” was used to open bonds denominated in Olympus DAO’s OHM tokens. The contract lacked a validation input in the “redeem() method,” allowing the attacker to redeem funds by tricking input values, according to PeckShield. The Olympus team confirmed the exploit in the official Discord and stated: “This morning, an exploit occurred through which the attacker was