Decentralized platforms have become a popular target among hackers. In February, DeFi platforms lost around $21 million to attackers. According to the DefiLlama report, Platypus Finance was highly attacked by flash loans resulting in a $8.5 million loss. The report highlighted six more hacks that affected the firm the previous month. According to US Blockchain analysis, scammers swiped around $1.3 billion from cryptocurrencies, and 97% was from DeFi platforms in the previous year.
The Financial Stability Board (FSB) released a report on DeFi platforms loopholes in February. DeFi is similar to traditional finance in terms of its functions. DeFi’s unique characteristics like “Operational fragilities, liquidity and maturity mismatches, leverage and interconnectedness” may affect the platform, FSB highlighted in a report.
At the start of Feb, BonqDAO tweeted that Bonq protocol was exposed to an oracle hack where the exploiter increased the price of AllianceBlock (ALBT) token and minted huge amounts of Bonq Euro (BEUR). On February 2, the ALBT token issuer AllianceBlock said that the hackers manipulated nearly $5 million of ALBT tokens on Bonq. The firm assured users that none of its smart contracts was breached during the hack.
On February 2, Orion protocol suffered a $3 million loss due to a reentrancy issue on its core contract. According to the tweet, attackers used malicious smart contracts to drain targeted users’ funds with repeated withdrawal orders. Orion protocol CEO Alexey Koloskov assured users by saying that staking and pools on the platform have not been affected.
After the Orion protocol exploits, dForce Network was affected with a $3.65 million loss on Feb 12 due to a reentrancy attack. However, the firm reacted to the exploit and recovered all the funds from the hacker. “On Feb 13 2023 the exploited funds were fully returned to our multisig on both Arbitrum and Optimism, a perfect ending for all,” dForce tweeted.
In mid-February, the Platypus community said that the hacker targeted a loophole in the USP solvency verification process, resulting in an $8.5 million loss. The firm tweeted that “They used a flash loan to exploit a logic error in the USP solvency check mechanism in the contract holding the collateral.”
Flash loan attacks are still dominant in the recent hacks list, most DeFi platforms, including Deus DAO in April 2022, Nirvana Finance in July 2022, New Free DAO and Mango Markets in September and October months, respectively. At press time, total value locked (TVL) in DeFi is $48.23 billion, down by 0.23%.