Decentralized finance (DeFi) security startup Quantstamp has identified the top five smart contract protocols that experienced the highest losses from exploits and hackers in January. According to Quantstamp, bad actors utilizing various attack methods, such as smart contract hacks, key compromises, and scams, resulted in total losses of $38.9 million during the month.
In early January, Radiant Capital suffered $4.5 million in losses from a flash loan attack. Blockchain security firm PeckShield determined that the issue was caused by a “known rounding issue” in the current Compound/Aave codebase. Radiant halted its USD Coin (USDC) pool on Arbitrum to address the problem, assuring users that their funds were secure. Operations resumed after an investigation.
Following the Radiant attack, Gamma Strategies also fell victim to a flash loan attack on January 4, resulting in a code bug that allowed attackers to siphon $6.1 million from Gamma’s public-facing vaults. Gamma temporarily halted deposits and fixed the vulnerability to resolve the issue.
On January 12, Wise Lending experienced a flash loan attack, resulting in a loss of at least $460,000. The exploit involved manipulating the price oracle used by Wise Lending and marked the second attack on the protocol in six months. The Web3 lending app lost 170 Ether (ETH) in the incident.
Multichain protocol Socket encountered a security breach on January 16 due to a vulnerability in user verification input. This allowed hackers to steal nearly 2,000 ETH, valued at over $4 million. However, Socket managed to recover 1,032 ETH (approximately $2.3 million) and reimbursed all affected users as part of its plan to restore user funds.
Goledo Finance also experienced a security breach similar to Gamma’s exploit, resulting in the theft of $1.7 million through a flash loan attack. Negotiations with the perpetrator are ongoing, and Goledo has offered a reward for the return of the funds. The lending protocol has frozen the hacker’s accounts on centralized exchanges and is evaluating the extent of the loss to devise a recovery strategy. Local law enforcement has been informed.
Goledo has outlined its process for compensating users and recovering their assets. Users can submit their claims through a provided Google form.
Magazine: DeFi’s billion-dollar secret: The insiders behind the hacks.