- The Web3 industry witnessed 16 major hacks in August that collectively drained a staggering $39.97M from various crypto and blockchain protocols.
- Smart contract vulnerabilities accounted for most of the hack incidents, with the highest being the $11.4M loss attributed to a 0-day Vyper compiler bug exploit.
- Exit scams also made their presence felt, with the notorious Pepe coin rug pull accounting for a whopping $13.2 million.
Smart Contract Compromise and Rug Pulls Take Center Stage
QuillMonitor, a prominent Web3 hacks & vulnerability analytics tool, showcases a comprehensive dashboard of all the Web3 exploits with the hack details.
The graph presented by QuillMonitor reveals Ethereum (ETH), BNB, and Solana Chain took the biggest hits, losing a whopping 62% of all the money stolen in August. The Ethereum chain had the highest number of attacks, with 7 incidents, followed by BNB and Solana.
DeFi projects remained the primary target throughout this period, underscoring the critical importance of security within decentralized finance.
Decoding the Million-Dollar Hacks Of August 2023
This section presents a breakdown of the several major hacks that left investors and project teams scratching their heads. Note that we included the infamous Curve Finance hack, which, although it took place in July, set the tone for the rest of August.
Curve Finance Exploit
Loss Incurred: $60M
Over $69 million was siphoned from various protocols, including JPEG’D, Alchemix, Metronome, and Curve Finance. While some funds were recovered by ethical hackers, the losses still had a substantial impact on the prices of related tokens.
This vulnerability stemmed from a bug in specific outdated versions of Vyper, the programming language used in Curve Finance contracts. Exploiting a misalignment of storage slots between two functions, attackers tampered with liquidity pool token prices and depleted affected pools.
Explore the details of all the exploits here: 0-day Vyper Compiler Bug Caused Havoc ???? – by QuillAudits (substack.com)
BALD
Loss Incurred: $9.2M
BALD, a meme coin, experienced a significant surge in value on July 31st, drawing in a substantial number of enthusiastic investors. Unfortunately, the coin quickly fell victim to a rug pull, resulting in substantial losses for many token holders.
The rug pull caused BALD to lose approximately 5,000 ETH, equivalent to around $9.28M. This malicious act involved the deployer initially adding 6,077 ETH in liquidity and then removing 11,077 ETH, inflicting severe financial harm on unsuspecting investors.
Steadifi
Loss Incurred: $1.1M
Steadifi faced an attack that resulted in a $1.14M loss.
This attack involved the attacker gaining control of the deployer’s wallet and transferring ownership of all vaults to their own wallet.
Exactly Protocol
Loss Incurred: $12M
Exactly Protocol, a decentralized credit market on the Optimism network, fell victim to a bridge exploit worth approximately $12M. The fund movement was facilitated between Ethereum and Optimism using an exploiter contract.
Magnate Finance
Loss Incurred: $6.4M
Magnate Finance, a platform on Base, raised alarms by deleting its Telegram group and shutting down its website, sparking concerns of an exit scam.
With $6.4 million in Total Locked Value, the platform’s native token (MAG) plummeted by 88% in value since the website’s shutdown, with a 90% drop confirming the exit scam.
Read more on this Magnate Finance exploit from here: Decoding Magnate Finance’s $6.4 Million Rug Pull (quillaudits.com)
The hack incidents of August’23 in the Web3 space serve as a stark reminder of the dire need for robust security measures and vigilant monitoring tools. QuillAudits is a dedicated guardian, protecting over $30 billion in user funds within the Web3 ecosystem. Bolstered by a dedicated community of ethical hackers, QuillAudits meticulously scrutinizes blockchain and smart contract code, uncovering vulnerabilities and responsibly reporting them.
QuillCheck, a due diligence tool powered by QuillAudits, helps navigate the complex Web3 ecosystem. This comprehensive analysis tool serves as the ultimate guide for filtering out subpar token standards and identifying legitimate ones by performing rigorous code checks and market assessments to detect potential rug pulls and honey pot schemes.
The digital future deserves the best protection, and QuillAudits is here to provide it.
About QuillAudits
QuillAudits is a leading Web3 Cybersecurity firm dedicated to ensuring the safety and integrity of the Web3 ecosystem. With its state-of-the-art security solutions and expert team, QuillAudits empowers businesses and individuals to navigate the Web3 landscape safely.
