- Kelp Dao, Drift Protocol, Grinex, Rhea Finance, Wasabi, Volo Protocol, Purrland, CoW Swap, Aethir, Silo Finance, and Scallop were the largest platforms to be hacked.
- A total of $805 million was lost in the attacks.
- Common attacks method included social engineering, compromised keys, and multiwallet bugs.
- North Korea-backed Lazarus Group was a prime suspect in the largest hacks taking place in the month.
Kelp DAO
Kelp DAO was hacked because its hot wallet had only one point of access rather than a multisig wallet. The platform lost $292 million, resulting in a $260 million net debt for AAVE.
Drift Protocol
The Drift Protocol was hacked through social engineering, where its humans were lured to sign the transactions that led to the draining of funds. A total of $285 million was lost.
Grinex
The Grinex protocol lost nearly $13.7 million through a hot wallet drain. The USDT reserves were exploited across multiple chains of the protocol wallet and quickly converted into TRX and ETH before being drained.
Rhea Finance
Rhea Finance, the largest defi platform on NEAR was hacked for $7.6 million after one of its oracles were compromised. The hacker created fake token contracts and lending pools which mimicked the original ones. These were used by platform users who deppsited funds unsuspectingly and later these funds were stolen.
Wasabi
Wasabi Protocol was hacked for $5 million during a UUPS upgrade, which was meant to upgrade the smart contract, but due to a loophole, the logic was changed, and the smart contract’s attached wallet was drained.
Volo Protocol
The Volo Protocol was drained of $3.5 million after an admin’s private key (kind of a master key) for the protocol was leaked. The key was compromised as a result of human error, rather than any technical fault.
Purrlend
Purrlend was drained of $1.5 million after sevral keys belonging to the protocol’s multisig wallet were either compromised or deliberately leaked (coul be be a rug-pull) The attacker targeted the MegaETH and HyperEVM network which had 449,683 USDC, 214,125 USDT, 194,745 USDH, and smaller amounts of UBTC, wstHYPE, UETH, kHYPE, and WHYPE.
CoW Swap
The CoW Swap lost $1.2 million in a social engineering hack where the hackers gained access to the official CoW Swap protocol domain and redirected unsuspecting users to a compromised website.
The attack highlights the significant dependence on vulnerable Web2 protocols among DeFi projects.
Aethir
Aethir Finance lost $423k after a bridge exploit where hackers stole funds that were in the blockchain bridge connecting the protocol from BNB Chain to Tron (which is also a blockchain in itself).
However, the damage was controlled and the team suspended the bridge, and halted operations. They have also promised a compensation for those who have lost funds.
Silo Finance
Silo Finance has lost $392k in a oracle misconfiguration hack where incorrect price feed led to a loss of funds.
The protocol had also lost $540k last year in June due to a smart contract hack.
Scallop
Hackers exploited Scallop protocol on SUI where 150k SUI amounting to $140k approx were lost. The hack took place in a side smart contract of the Scallop’s reward pool. However, the attack was contained in time and other operations resumed within a few hours.
Disclaimer: BFM Times acts as a source of information for knowledge purposes and does not claim to be a financial advisor. Kindly consult your financial advisor before investing.
