January’s 5 biggest crypto hacks earn criminals $39m
Nearly $50 million was stolen from web3 platforms in the year’s first month as crypto remains engaged in a cyber war with hackers and scammers.
Quantstamp, a defi security startup, reported five smart contract protocols with the highest losses from exploits and hackers in January. The five platforms lost $38.9 million to a basket of attack vectors deployed by bad actors.
Four days into the year, Gamma Strategies was rocked by a flash loan attack. The code bug allowed exploiters to drain $6.1 million from Gamma’s public-facing vaults. Gamma shut off deposits to resolve the issue, effectively closing the loophole.
Although less than $10 million was stolen, roughly $500,000 denominated in Ether (ETH) was at risk during the incident.
We have preliminarily reached the root cause of the recent exploit attack on our vaults.
Out of abundance of caution, we shut off all deposits on our public-facing vaults — this effectively nullifies the attack any further because a deposit is required for the attack to take…
— Gamma (@GammaStrategies) January 4, 2024
Radiant Capital lost $4.5 million to an empty market exploit on Jan. 3, hours before the attack on Gamma. According to Peckshield, the root cause was not novel and stemmed from a brief period where new markets were activated on lending protocols.
The defi lender paused its Arbitrum-based USDC pool to address the issue. Radiant also noted that user funds were not exposed, and the protocol resumed operations following an investigation.
You might also like: North Korean crypto hackers raided $600m in 2023
On Jan. 16, the multi-chain protocol Socket was breached via a user verification input vulnerability. The compromise allowed hackers to siphon almost 2,000 ETH worth over $4 million. However, Socket has since recovered 1,032 ETH, worth around $2.3 million. All affected users were also reimbursed as part of Socket’s plan to make users whole.
USER RECOVERY PLAN
We’re delighted to announce 100% reimbursements for all affected users!
Socket is contributing $1m on top of the 1032 $ETH that were recovered.https://t.co/WwI0aGofGt pic.twitter.com/ux4PVzfq8w
— Socket (@SocketDotTech) January 25, 2024
Goledo Finance’s security breach was identical to Gamma’s exploit and the most recent, as hackers used a flash loan attack and stole $1.7 million. At press time, negotiations with the culprit were underway, and Goledo offered a reward for the returned funds.
Additionally, the hacker’s accounts on centralized exchanges were frozen, and Goledo was assessing the loss to finalize a recovery plan while local law enforcement was briefed on the matter.
Meanwhile, we are considering the best options for compensating Goledo users, based on various potential outcomes. Our goal is to provide a compensation solution to Goledo users as soon as possible once the situation with the hacker is resolved.
— Goledo Finance (@GoledoFinance) January 30, 2024
Finally, Wise Lending lost at least $460,000 in a flash loan attack on Jan. 12. This particular flash loan exploit was orchestrated by manipulating the price oracle used by Wise Lending. It was the second attack experienced by the protocol within six months.
Read more: Web3 urgently needs a paradigm shift in its security approach | Opinion