Forwarded from Hackless Announcement
Hackless is looking for new useful content that sheds light on the challenges that DeFi is currently facing security-wise.
This week we will present some new headings and here's the first one 👇
👾 #OneHackLess
We will cover high-profile and most sophisticated crypto hacks to see how needed Hackless is. And How it could have been One Hack Less if those protocol had a chance to use our platform.
3 BIGGEST CRYPTO HACKS IN HISTORY
1) $624M - Ronin Network
The team didn't notice that $624M had been stolen for 6 days. The bad actor compromised Ronin validator nodes and drained the funds in only 2 tx.
Since Hackless works with the infrastructure layer, communicating directly with the node by the cluster of services, we see how it can be set up for the Ronin network validators. Several analytic models can be applied to keep monitoring on funds from validator nodes being safe.
2) $611M - Poly Network
The hacker exploited the Proxy Lock Contracts of Poly Network on 3 different chains (Ethereum, BSC, Polygon). Another bridge hacked due to the hole in the architecture.
Since Hackless aims to detect hacks on early stages, Watchdog could have easily detected those suspicious transactions for plenty of assets withdrawn simultaneously.And this would have been the signal for our stop-transaction to be sent.
3) $326M - Warmhole
The Wormhole, Solana’s bridge, was manipulated into crediting 120k ETH as having been deposited on Ethereum, allowing for the hacker to mint the equivalent in wrapped whETH (Wormhole ETH) on Solana. The bridge was tricked with a transaction without actual ETH moved on Ethereum side.
And that is definitely one of the patterns which could have been recognized by the Watchdog service, signaling that the hack was happening.
That's how Hackless could have come in handy. Thoughts, guys?
This week we will present some new headings and here's the first one 👇
👾 #OneHackLess
We will cover high-profile and most sophisticated crypto hacks to see how needed Hackless is. And How it could have been One Hack Less if those protocol had a chance to use our platform.
3 BIGGEST CRYPTO HACKS IN HISTORY
1) $624M - Ronin Network
The team didn't notice that $624M had been stolen for 6 days. The bad actor compromised Ronin validator nodes and drained the funds in only 2 tx.
Since Hackless works with the infrastructure layer, communicating directly with the node by the cluster of services, we see how it can be set up for the Ronin network validators. Several analytic models can be applied to keep monitoring on funds from validator nodes being safe.
2) $611M - Poly Network
The hacker exploited the Proxy Lock Contracts of Poly Network on 3 different chains (Ethereum, BSC, Polygon). Another bridge hacked due to the hole in the architecture.
Since Hackless aims to detect hacks on early stages, Watchdog could have easily detected those suspicious transactions for plenty of assets withdrawn simultaneously.And this would have been the signal for our stop-transaction to be sent.
3) $326M - Warmhole
The Wormhole, Solana’s bridge, was manipulated into crediting 120k ETH as having been deposited on Ethereum, allowing for the hacker to mint the equivalent in wrapped whETH (Wormhole ETH) on Solana. The bridge was tricked with a transaction without actual ETH moved on Ethereum side.
And that is definitely one of the patterns which could have been recognized by the Watchdog service, signaling that the hack was happening.
That's how Hackless could have come in handy. Thoughts, guys?
Forwarded from Hackless Announcement
📚 Here's our last week's catch-up – a reliable source of the latest updates!
Catch-up #1: first Hackless subscription sold, PriFi ramps up, flop of the week
Hackless milestones
- The first Hackless B2C subscription was sold, after saving $87K of an individual DeFi investor 🚀
- New content formats launched in our social networks: #OneHackLess and #CEOonAIR
- 5 community activities done, 5 winners awarded. Jump in next week!
- AMA with PureFi took place
DeFi rising stars
RAILGUN – a smart contract system that allows users to make invisible, trustless transfers
Shade Protocol – an array of application-layer products on Secret Network
Frax Finance – the world’s first fractional-algorithmic stablecoin
Crypto news
- Flop of the week: hacker left stolen $1M in a contract set to self destruct
- AkuDreams dev team locks up $33M due to smart contract bug
- Deus Finance was exploited for $13.4M on Fantom for the 2nd time
Full catch-up here 👉 https://link.medium.com/f2qVmenKFpb
Catch-up #1: first Hackless subscription sold, PriFi ramps up, flop of the week
Hackless milestones
- The first Hackless B2C subscription was sold, after saving $87K of an individual DeFi investor 🚀
- New content formats launched in our social networks: #OneHackLess and #CEOonAIR
- 5 community activities done, 5 winners awarded. Jump in next week!
- AMA with PureFi took place
DeFi rising stars
RAILGUN – a smart contract system that allows users to make invisible, trustless transfers
Shade Protocol – an array of application-layer products on Secret Network
Frax Finance – the world’s first fractional-algorithmic stablecoin
Crypto news
- Flop of the week: hacker left stolen $1M in a contract set to self destruct
- AkuDreams dev team locks up $33M due to smart contract bug
- Deus Finance was exploited for $13.4M on Fantom for the 2nd time
Full catch-up here 👉 https://link.medium.com/f2qVmenKFpb
Forwarded from Hackless Announcement
We keep working on some useful content with our new heading #OneHackLess 👾
In this post, we’ll share random crypto hacks and see how Hackless would be able to help those protocols see a potential threat in time and minimize losses.
1) $147M - Compound
The team found a vulnerability in the updated Compound Controller vault, which resulted in the wrong distribution of funds. They could not stop this malfunction and minimise the damage, which resulted in one of the biggest “bank errors” in the history of DeFi.
It feels like our Watchdog service was created specifically for such cases. Even though it’s monitoring the protocol to detect malicious attacks, it finds such vulnerabilities like a real pro.
2) $120M - Badger
We previously covered the BadgerDAO attack, which took place in December 2021. It is believed that the hack was against the platform’s user interface, not in the core protocol contracts.
As Hackless aims to detect potential hacks in the early stages, our Watchdog service would alert the team about those suspicious transactions. Then, the protocol could have been stopped with SafeMigrate, and all users’ assets would have been migrated to a new, safer version of the protocol. Read more in the full article.
3) $80M - Fei Rari
The most recent hack in the industry happened just a couple of days ago and cost $80M. The hacker exploited a reentrancy vulnerability in Rari's Fuse lending protocol, which was earlier used to attack other forks of the Compound DeFi protocol.
Similar to the previous cases, in this situation, Watchdog would help the owner of the protocol recognize the vulnerability at an early stage, allowing SafeMigrate to pause the protocol at the right time.
Have you heard of these hacks? Which ones should we review next? Let us know in the comments 👇
In this post, we’ll share random crypto hacks and see how Hackless would be able to help those protocols see a potential threat in time and minimize losses.
1) $147M - Compound
The team found a vulnerability in the updated Compound Controller vault, which resulted in the wrong distribution of funds. They could not stop this malfunction and minimise the damage, which resulted in one of the biggest “bank errors” in the history of DeFi.
It feels like our Watchdog service was created specifically for such cases. Even though it’s monitoring the protocol to detect malicious attacks, it finds such vulnerabilities like a real pro.
2) $120M - Badger
We previously covered the BadgerDAO attack, which took place in December 2021. It is believed that the hack was against the platform’s user interface, not in the core protocol contracts.
As Hackless aims to detect potential hacks in the early stages, our Watchdog service would alert the team about those suspicious transactions. Then, the protocol could have been stopped with SafeMigrate, and all users’ assets would have been migrated to a new, safer version of the protocol. Read more in the full article.
3) $80M - Fei Rari
The most recent hack in the industry happened just a couple of days ago and cost $80M. The hacker exploited a reentrancy vulnerability in Rari's Fuse lending protocol, which was earlier used to attack other forks of the Compound DeFi protocol.
Similar to the previous cases, in this situation, Watchdog would help the owner of the protocol recognize the vulnerability at an early stage, allowing SafeMigrate to pause the protocol at the right time.
Have you heard of these hacks? Which ones should we review next? Let us know in the comments 👇
Forwarded from Hackless Announcement
We keep working on some useful content with our new heading #OneHackLess 👾
Today, we’ll share random crypto hacks and see how Hackless would be able to help those protocols see a potential threat in time and minimize losses. Read the full post
1) $147M - Compound
The team found a vulnerability in the updated Compound Controller vault, which resulted in the wrong distribution of funds.
2) $120M - Badger
It is believed that the hack was against the platform’s user interface, not in the core protocol contracts.
3) $80M - Fei Rari
The hacker exploited a reentrancy vulnerability in Rari's Fuse lending protocol, which was earlier used to attack other forks of the Compound DeFi protocol.
Read the full story behind these hacks and how Hackless would help in a full article and let us know what you think in the comments 👇
Today, we’ll share random crypto hacks and see how Hackless would be able to help those protocols see a potential threat in time and minimize losses. Read the full post
1) $147M - Compound
The team found a vulnerability in the updated Compound Controller vault, which resulted in the wrong distribution of funds.
2) $120M - Badger
It is believed that the hack was against the platform’s user interface, not in the core protocol contracts.
3) $80M - Fei Rari
The hacker exploited a reentrancy vulnerability in Rari's Fuse lending protocol, which was earlier used to attack other forks of the Compound DeFi protocol.
Read the full story behind these hacks and how Hackless would help in a full article and let us know what you think in the comments 👇
Forwarded from Hackless Announcement
#OneHackLess 👾
Terra's fall is still shaking ground of its ecosystem. 2 lending platforms, Venus Protocol & Blizz Finance have been recently drained of $13.5M & $8.3M. Inaccurate Chainlink price feed used by protocols caused funds to be borrowed due to overpriced LUNA collateral. Neither project seem to have any tools to prevent losses. Venus was able to halt activity before a total clean-out. But Blizz Finance failed to react in time, due to their timelock, allowing the protocol wipe-out.
Let’s take a closer look on how Hackless could have helped:
- Monitor abrupt and dramatic change in token price as well as the withdrawal of unusually huge sums from landing protocols
- Notify protocol’s team once any suspicious activity is detected
- Landing protocols and their users are the first to suffer from a dramatic collapse of token prices. With an individual Hackless subscription users could have been notified about the issue much earlier minimising their losses.
Your thoughts on this, guys?
Terra's fall is still shaking ground of its ecosystem. 2 lending platforms, Venus Protocol & Blizz Finance have been recently drained of $13.5M & $8.3M. Inaccurate Chainlink price feed used by protocols caused funds to be borrowed due to overpriced LUNA collateral. Neither project seem to have any tools to prevent losses. Venus was able to halt activity before a total clean-out. But Blizz Finance failed to react in time, due to their timelock, allowing the protocol wipe-out.
Let’s take a closer look on how Hackless could have helped:
- Monitor abrupt and dramatic change in token price as well as the withdrawal of unusually huge sums from landing protocols
- Notify protocol’s team once any suspicious activity is detected
- Landing protocols and their users are the first to suffer from a dramatic collapse of token prices. With an individual Hackless subscription users could have been notified about the issue much earlier minimising their losses.
Your thoughts on this, guys?
Forwarded from Hackless Announcement
#OneHackLess is here with the recent Beanstalk attack analysis 🧐
Beanstalk was exploited for $181M through a flash loan attack on the protocol’s governance mechanism. The entire process took place in less than 13 seconds, based on the duration of an Aave flash loan.
The attacker used a flash loan obtained through Aave to borrow $1B in DAI, USDC, BEAN, and LUSD and converted it into beans. This gave them a 67% voting stake in the project.
With this stake share, the exploiter was able to approve the execution of code that transferred the assets to their own wallet. The attacker then instantly repaid the flash loan with a $80M profit.
With flash loan attacks spiking around DeFi, we see the importance of a powerful monitoring tool like the Hackless Watchdog even clearer. In this case, it could have tracked flashloan txs, spotted suspicious activity and allowed a protocol to be paused much earlier 🛡
Any thoughts at this, folks?
Beanstalk was exploited for $181M through a flash loan attack on the protocol’s governance mechanism. The entire process took place in less than 13 seconds, based on the duration of an Aave flash loan.
The attacker used a flash loan obtained through Aave to borrow $1B in DAI, USDC, BEAN, and LUSD and converted it into beans. This gave them a 67% voting stake in the project.
With this stake share, the exploiter was able to approve the execution of code that transferred the assets to their own wallet. The attacker then instantly repaid the flash loan with a $80M profit.
With flash loan attacks spiking around DeFi, we see the importance of a powerful monitoring tool like the Hackless Watchdog even clearer. In this case, it could have tracked flashloan txs, spotted suspicious activity and allowed a protocol to be paused much earlier 🛡
Any thoughts at this, folks?
Forwarded from Hackless Announcement
#OneHackLess 👾
This time we will talk about recent phishing attack against one of our partners and how it cost around $12,5K to one of their user.
It all started with a fake announcement in PureFi’s chat about the token giveaway - stake tokens and get 2X coins. When staking, the user simply needed to give permission to a hacker’s smart contract.
Once the permission was granted, the attacker’s smart contract withdrew all tokens right away and sold them on a DEX. That simple.
How exactly we could help here?
While Hackless doesn't protect from phishing, its Watchdog helps detect any suspicious requests from malicious platforms and smart contracts. In this case, the user could have been warned before granting permission to attacker’s smart contract 🛡
This time we will talk about recent phishing attack against one of our partners and how it cost around $12,5K to one of their user.
It all started with a fake announcement in PureFi’s chat about the token giveaway - stake tokens and get 2X coins. When staking, the user simply needed to give permission to a hacker’s smart contract.
Once the permission was granted, the attacker’s smart contract withdrew all tokens right away and sold them on a DEX. That simple.
How exactly we could help here?
While Hackless doesn't protect from phishing, its Watchdog helps detect any suspicious requests from malicious platforms and smart contracts. In this case, the user could have been warned before granting permission to attacker’s smart contract 🛡
Forwarded from Hackless Announcement
#OneHackLess 👾 reveals two hacks that hit Mirror Protocol and the first and larger one was noticed only 7 months later.
Let’s go back to October and review from the very beginning how they managed to steal $90M + $2M 👇
The first hack in Oct happened due to a basic logic bug. The lock contract lacked a duplicate call check for withdrawals. The hacker managed to drain funds deposited by users by calling unlock_position_funds for their own position ID. $90M stolen!
Despite the exploit remained undiscovered, no further attack attempts were made. But 232 days later, the attacker came back. Why not? It was quite an opportunity after the rushed fork that caused a very foreseeable oracle issue with another $2M loss.
Hard to estimate the recklessness of the Mirror team and how badly they need a solution like Hackless Watchdog. Not only could it spot hacker’s multiple unlock requests during the 1st hack but also kept monitoring the network and spot suspicious funds movements before the 2nd one
Let’s go back to October and review from the very beginning how they managed to steal $90M + $2M 👇
The first hack in Oct happened due to a basic logic bug. The lock contract lacked a duplicate call check for withdrawals. The hacker managed to drain funds deposited by users by calling unlock_position_funds for their own position ID. $90M stolen!
Despite the exploit remained undiscovered, no further attack attempts were made. But 232 days later, the attacker came back. Why not? It was quite an opportunity after the rushed fork that caused a very foreseeable oracle issue with another $2M loss.
Hard to estimate the recklessness of the Mirror team and how badly they need a solution like Hackless Watchdog. Not only could it spot hacker’s multiple unlock requests during the 1st hack but also kept monitoring the network and spot suspicious funds movements before the 2nd one
Forwarded from Hackless Announcement
#OneHackLess 👾
2nd time in 2 months that someone has stolen Yuga Labs NFTs.
In April, a bad actor was able to steal users’ funds after compromising the CAPTCHA bot stealing over $2.8M worth of NFTs. This time Bored Ape Yacht Club Discord server was hacked, $360K worth of NFTs stolen.
The hack was the result of a phishing attack that compromised the Discord account of the project’s community manager. After obtaining login credentials, the attacker posted fake links in the official Discord channels
While Hackless has no power to prevent phishing attacks, we have the power to spot unusual activities like huge amount of user txs following the phishing attack. Our Watchdog service could have spotted it and notified the team 🔔
2nd time in 2 months that someone has stolen Yuga Labs NFTs.
In April, a bad actor was able to steal users’ funds after compromising the CAPTCHA bot stealing over $2.8M worth of NFTs. This time Bored Ape Yacht Club Discord server was hacked, $360K worth of NFTs stolen.
The hack was the result of a phishing attack that compromised the Discord account of the project’s community manager. After obtaining login credentials, the attacker posted fake links in the official Discord channels
While Hackless has no power to prevent phishing attacks, we have the power to spot unusual activities like huge amount of user txs following the phishing attack. Our Watchdog service could have spotted it and notified the team 🔔