Reentrancy, price oracle attacks and exploits across seven protocols caused decentralized finance (DeFi) space to bleed at least $21 million in crypto in February.
According to DeFi-centric data analytics platform DefiLlama, one of the largest in the month was the flash loan reentrancy attack on Platypus Finance, which led to $8.5 million of funds lost.
DefiLlama highlighted six other noteworthy hacks in the month, the first being the price oracle attack on BonqDAO on Feb 1.
BonqDAO: $1.7 million
BonqDAO revealed to its followers in a Feb. 1 post that its Bonq protocol was exposed to an oracle attack that allowed the exploiter to manipulate the price of the AllianceBlock (ALBT) token.
The exploiter increased the ALBT price and minted large amounts of BEUR. The BEUR was then swapped for other tokens on Uniswap. Then, the price was decreased to almost zero, which triggered the liquidation of ALBT troves.
Blockchain security firm PeckShield estimated the losses to be around $120 million, however, it was later revealed hackers reportedly only cashed out around $1 million due to a lack of liquidity on BonqDAO.
Orion Protocol: $3 million
Just a day later, decentralized exchange Orion Protocol suffered a loss of roughly $3 million on Feb. 2 through a reentrancy attack, where attackers used a malicious smart contract to drain funds from a target with repeated withdrawal orders.
We have been investigating this very sophisticated attack from the minutes it occurred. We will not reopen the Deposit function until we feel confident that the bug has been fixed which will only be after successfully passing new audits from leading audit firms.
— Alexey Koloskov (@alexeykoloskov) February 2, 2023
Orion Protocol CEO Alexey Koloskov confirmed the attack at the time, assuring everyone, “All users’ funds are safe and secure.”
“We have reasons to believe that the issue was not a result of any shortcomings in our core protocol code, but rather might have been caused by a vulnerability in mixing third-party libraries in one of the smart contracts used by our experimental and private brokers,” he said.
dForce Network: $3.65 million
DeFi protocol dForce network was another February victim of a reentrancy attack resulting in losses of around $3.65 million.
In a Feb. 10 post, dForce confirmed the exploit; however in a twist, all funds were returned when the hacker came forward as a whitehat hacker.
2/5…
Click Here to Read the Full Original Article at Cointelegraph.com News…