The previous week witnessed several cyberattacks on significant players in the crypto industry. Particularly, DeFi platforms, crypto-hedge funds, and other blockchain-based services were targeted. This report focuses on the types of attacks, implementation methods, and the response actions taken before and after the attacks occurred.
1. Sonne Finance’s million Flashlash loan attack
Sonne Finance, a lending/borrowing platform built on Compound and deployed on Optimism, fell victim to a flash loan attack resulting in the draining of over $20 million due to protocol vulnerabilities. The White Hat hacker community and Blockchain security experts are collaborating with Sonne Finance to trace the stolen funds and rectify the exploited loopholes.
2. BlockTower Capital: Partial Funding Drain
Blocktower Capital, a major player in crypto financial investments managing assets worth around $1.7 billion, experienced a severe breach in its security system leading to a significant loss in its hedge fund. The fraud prompted the firm to engage Blockchain forensic analysts for further investigation.
3. ALEX Lab: $4.3 million loss to weaknesses in private key storage
ALEX Lab, a DeFi bitcoin application, lost $4.3 million of tokens due to an attack on its bridge service resulting in the theft of Bitcoin, stablecoins, and SKO tokens. Collaboration with experts is ongoing to address the vulnerabilities in its key management systems.
4. Predy Finance: $464,000 contract vulnerability exploit
Predy Finance, a DEX on the Arbitrum chain, suffered a breach of $464,000 from its lending pool due to a smart contract flaw. The platform has ceased operations to identify and resolve the contract issues in coordination with blockchain security auditors.
5. Pump. fun: $2 million misappropriation from a previous employee
Pump.fun experienced a significant compromise when a former employee misappropriated over $2 million worth of digital assets. The employee used flash loans on Solana lending protocol to manipulate the value of coins for personal gain. The platform resumed zero-fee trading for seven days to restore user trust and committed to replenishing liquidity pools on Raydium for affected coins.
The recent wave of cyberattacks highlights the diverse risks faced by the crypto industry, emphasizing the need for continuous security enhancements, active monitoring, and rigorous auditing practices to protect assets effectively.
