How many millions did DeFi platforms lose in February?
In February 2023, hackers exploited vulnerabilities and used various techniques to steal approximately $21 million from decentralized finance applications, according to analytics platform DefiLlama.
To give you a better idea of the situation, it's worth noting that during the same month last year, hackers stole $359 million. It seems that the perpetrators got tired and finally went on vacation to spend their illegally obtained funds. Alternatively, it's possible that DeFi platforms have stepped up their cybersecurity measures. In any case, let's hope that this positive trend will linger for a long time, and now let's take a look at some major hacker attacks that occurred in February 2023.
Platypus Finance ($9.1 million)
Platypus Finance, a DeFi protocol built on the Avalanche blockchain, was targeted by a hacker three times. Initially, they stole $8.5 million, and then took another $667,000. Further analysis by the Platypus Finance team revealed that the hacker had exploited a flaw in the smart contract code involving collateral funds, using a flash loan attack.
Consequently, the platform's stablecoin, Platypus USD, lost its dollar peg and was trading at 0.3 dollars at the time of writing.
Orion Protocol ($3 million)
Orion Protocol, a decentralized exchange, suffered losses of $3 million after a double-spending attack. A team of hacker programmers deployed a malicious smart contract, which carried out multiple unauthorized withdrawals. The hackers then locked the cryptocurrency in their smart contracts on the Ethereum and BNB Chain blockchains.
According to the CEO of Orion Protocol, the exchange's customers were not affected, as only the company's accounts were impacted. The CEO also noted that the platform's developers used a third-party software library to write smart contracts, which could have resulted in a security flaw.
Dexible ($2 million)
Dexible, an aggregator of decentralized exchanges and automated trading platform, has reported that approximately $2 million was taken from 17 customer addresses.
The attack occurred due to a vulnerability in the smart contract, namely the selfSwap function. As a result, the hacker transferred cryptocurrencies from the Dexible app to a personal smart contract. Then they laundered the stolen funds through a crypto mixer and withdrew them to different BNB wallets.
Hope Finance ($1.86 million)
Hope Finance, a DeFi platform for stablecoins, was hit by a hacker attack that resulted in a loss of $1.86 million. According to the platform’s team, a Nigerian hacker used malicious code to exploit the smart contract and withdraw funds from users’ accounts.
Before the incident, Cognitos audited Hope Finance and did not find any vulnerabilities in the platform's security. Later, the company contradicted its statement, clarifying that there were still some weaknesses.
BonqDAO ($1.7 million)
BonqDAO, a decentralized crypto lending protocol launched on the Polygon blockchain, was the first to be hacked in February 2023. A hacker attacked the DeFi platform's oracle to raise the price of the AllianceBlock (ALBT) token and create a multitude of Bonq Euro tokens, which they later exchanged on the Uniswap crypto exchange. After this manipulation, the value of ALBT fell sharply, leading to the liquidation of its positions in the market.
PeckShield, an independent cybersecurity firm, initially estimated the losses from the hack to be around $120 million. However, after further investigation, it was discovered that the attacker was able to steal only $1.7 million due to the low liquidity of the BonqDAO protocol.