Nearly $40 Million Lost To Crypto Hacks In The First Month; A Bad Start To The Year??

The post Nearly $40 Million Lost To Crypto Hacks In The First Month; A Bad Start To The Year?? appeared first on Coinpedia Fintech News

The year has just begun, and the crypto community is already seeing millions of dollars’ worth of crypto lost to the bad actors. A Web 3 security platform, Quantstamp, in its series of threads, has concluded that $38.9M has already been lost to Web 3 security incidents so far in January 2024.

Let’s dive deeply and look at five of the largest smart contract hacks so far! 

Gamma Strategies’ unconventional approach Seeks bounty negotiation with hackers after a $3.4M exploit.

Gamma Strategies, a protocol for active liquidity management and market-making strategies on Ethereum, was hacked for a $3.4 million exploit on January 4.  

The attacker created many malicious contracts and executed the transactions. He then bridged the stolen funds to $ETH as $USDT and then immediately swapped them to $ETH to avoid being frozen. Currently, the attacker has 1535 ETH, which is around $3.4M.

As seen in most of the hacks, hackers often use Tornado cash to hide the flow of stolen crypto. These hackers did the same and have started depositing over $1.65M to the famous currency mixer.

Radiant Capital suspends Arbitrum markets following $4.5M Flash Loan attack.

 Radiant Capital, a cross-chain lending protocol, temporarily halted its lending and borrowing markets on Arbitrum after uncovering a reported $4.5 million (2337 ETH) exploit linked to one of its newly created USDC Coin (USDC) markets.

The incident was described as a flash loan attack stemming from a known rounding issue within the codebase. The attacker manipulated the index parameter (which later served as a denominator) to become extremely large. 

Since the index parameter was dramatically inflated, this precision error was also magnified, ultimately allowing the attacker to profit through repeated deposit() and withdraw() operations.

What was surprising was that the actor sniped the new USDC market deployment and exploited it just 6 seconds after the activation. 

Socket Protocol hacked for $3.3M, sparks security concerns amid users (2.3M recovered so far) 

Socket, a prominent blockchain interoperability protocol, reported a significant security breach resulting in over $3.3 million in losses. A vulnerability in user input validation drove the incident. This flaw allowed attackers to exploit wallets that had granted infinite approvals to Socket contracts. 

The vulnerability was also traced back to a specific route added three days before the attack. The attackers leveraged this vulnerability to initiate unauthorized fund transfers.

Over 200 wallets using Bungee’s Socket route on Ethereum were affected, with a combined loss exceeding $3.3 million. Funds were swiftly converted into Ether, Polygon’s Matic token, wrapped versions of Bitcoin and Ethereum, and MakerDAO’s Dai stablecoin, showcasing the complexity of the attack.

But the good news was that the team released a recovery plan, and the users affected were promised 100% reimbursements for the lost crypto.

Another flash loan exploit hits Wise Lending Protocol: Nearly half a million were stolen.

Wise Lending, a prominent Web3 lending application and yield aggregator, fell victim to a flash loan attack due to contract vulnerability, which resulted in a loss of approximately $464,000. This hacking incident marks it as one of the first significant crypto hacks of 2024 in the DeFi world.

The exploit was due to a flaw in Wise Lending’s shared accounting logic, which was manipulated through a precision issue to drain the platform’s funds.

Goledo Finance’s $1.7Million loss, here is what happened

Goledo Finance, operating on Conflux eSpace, faced a significant security breach in its lending and borrowing market on January 28. The company identified irregularities within its lending pool and immediately suspended it to prevent further unauthorized access.

An individual responsible for a cryptocurrency hack involving $1.7 million has reportedly contacted Goledo Finance to initiate negotiations, and users are awaiting the advancements in active negotiations. The team is said to have released the reimbursement plan after the hack.

Conclusion

Though the start of the year ended with millions being lost, we all, as a community, hope that the rest of the year will flow smoothly for all crypto platforms. While the affected platforms struggle to recover the lost assets, other entities like centralized services and security agencies are combining to work to strengthen the crypto securities.