DeFiHackAlerts

@jussy_world @piggybank_fi piggybank gives me Stream Finance vibes. Just not transparent enough.

He’s right 5% on stables isn’t worth it But when it’s 19% since inception on delta-neutral strategies, you’re missing profit On @piggybank_fi, yield comes from funding rate arbitrage across perpetual DEXs And tonight, Season 0 rewards should be announced, with some form of revenue sharing That’s what I call DeFi Ofc, DYOR as always

@wasabi_protocol it doesn't look good.

@no__yield @bbbb @wasabi_protocol Oh. Alert sent to our subscribers.

@bbbb @wasabi_protocol its over

? etherscan.io/tx/0xcd77423f1…

@WazzCrypto Thanks. Will try it out for my next programming task.

I've been using this for basically 90% of my projects, I can oneshot everything without issues I generally use Gemini Gems to generate it, I have found it yields good results, better than other models. But you can use this prompt with any agent: github.com/wwwazzz/senior…

Sharing my Prompt on How to One-shot any App with your Coding Agent One shotting an app these days is not hard, but you need the proper structure and plan, otherwise everything will be filled with assumptions or gaps, which are often wrong for your specific use case 🧵

Be careful with Litecoin right now.

@basedsnipez Früher habe ich was mit Medien gemacht .. Jetzt mehr in Defi ;-)

@DeFiHackAlerts wer bisch du den jetzt

I just realized that half of CT is german. willkommen meine brüder und schwestern🇩🇪

@cryptoleon Rheinländer hier .. ;-)

Ich möchte mich mit mehr deutschen connecten im Space. Wenn du deutsch sprichst kommentier einfach und ich folge dir brudi

@0xfinancier Sorry for your loss.

The Insiders took away my Lambo 😪😥 $RAVE Ravedao

@DonDegenDefi @HYPEconomist Hyperliquid and Drift?! ;-)

@HYPEconomist Only reasonable thing you can do is making your own stablecoin by doing delta neutral trades on Hyperliquid and other perps

all i want is 7% APY on my stablecoins without the constant fear of losing everything to a hack is that asking too much?

Oh man .. things are really crazy.

@rhea_finance got hacked.

@hyperbridge has a problem.

Good to know, if you are invested in USD1.

@TRTtheSalad @yield @ResolvLabs Fell lucky that you paid just a small price for that lesson 🙂

3% instant withdrawal fee wiped out months of yield. I deposited 2,000 USDC into the yoUSD(@yield) vault in December. The position generated ~37 USDC in yield over time. In theory my balance should now be around 2,037 USDC. But due to the @ResolvLabs exploit exposure (yoUSD vault had funds in the RLP junior tranche), a 2.95% withdrawal fee now applies. Result: • Redeemable today: 1,980 USDC • Net result: -20 USDC That turns months of yield into roughly -3.3% APY. A good reminder that in DeFi risk isn't only smart contracts it's also hidden mechanics in vault strategies. You don’t win every time. Keep doing your own research!🫡

@DefimonAlerts @squidrouter Congrats! Well done 👋

⛑ $512K rescued by Defimon after infinite approvals were granted to @squidrouter multicall The SquidMulticall contract's run() function allows anyone to execute arbitrary external calls with no access control. A wallet 0xacc0 mistakenly approved the multicall contract instead of the router contract and did it across multiple chains. It didn't take a long time before first attack - a MEV-bot called run() with a crafted Call struct that executed transferFrom() on the WETH contract, transferring just 1 WETH from a victim. In fact the victim user had around $800K approved to the mulitcall contract on various chains. After we detected the first attack our whitehat bot identified the vulnerable cross-chain approvals and managed to rescue around $512K. We contacted the person via Blockscan chat and returned all the rescued funds. We learnt that it was an operational mistake: "we were supposed to only approve to the Squid router address". Although some funds were lost, 0xacc0 was happy that the majority of the funds was rescued! First attack: bscscan.com/tx/0x81d0c429e… Victim: bscscan.com/address/0xaCc0… SquidMulticall: bscscan.com/address/0xaD6C… Rescued funds consolidation address: debank.com/profile/0xF50D…

@resendedefi @jukitCrypto @ExponentFinance We help a bit with security and recovery with our alert system (free).

From what I’ve seen so far, I also think it’s unlikely they’ll recover the capital lost in the attack. This situation honestly made me rethink a few things, because I’ve never gone too deep into protocol security. I enjoy exploring new DeFi projects, and most of my analysis was focused on metrics like TVL, liquidity, adoption, and similar signals. Now I want to improve my risk management and start taking protocol security much more seriously.

I had $1K USDC+ exposure on @ExponentFinance , currently can not withdraw anything stay safu

@FabianoSolana I still won't touch Solana ... for some weeks.

I’m tired of losing money So I locked in the past two days and built a website that tracks almost every stablecoin yield on Solana - Risk (audits, multisigs, liquidation risk) - APY (and where the yield comes from) - Airdrops 🔗 solana-yields-two.vercel.app

@yieldsandmore @SiloFinance Sadly I was sleeping when this happened. If you want to support me and DeFi with a bit of your time, please contact me.

Earlier today, ~392k USDC from @SiloFinance's managed soUSDC vault on Arbitrum was forcibly allocated into the wstUSR/USDC market, leaving bad debt. wstUSR was trading at ~$0.12 onchain, but the Silo market's oracle priced it at 1 wstUSR = 1.1329 USDC. Anyone who bought wstUSR cheaply could use it as collateral worth ~10x its real value. The exploiter called deposit() on the wstUSR market directly, donating the shares to soUSDC. The supply cap controlling how much soUSDC can actively allocate to this market was 0, but that cap only governs the vault's own outbound deposits. It does nothing to stop external parties from crediting positions to the vault. Once those shares landed in soUSDC's balance, totalAssets() counted them. It iterates every market in the withdrawal queue and reads the vault's actual share balance in each one, with no check on whether the position was voluntarily entered. Combined with the oracle gap, each attack loop worked like this: 1. Flash-loan USDC. 2. Deposit the bulk of USDC to soUSDC, which routes it to an existing market and mints soUSDC shares to the attacker. 3. Deposit a small amount of USDC to the wstUSR market directly, donate the shares to soUSDC. 4. Borrow that USDC back using cheap wstUSR as collateral at the inflated oracle price. 5. Redeem the soUSDC shares. soUSDC's totalAssets() now includes the gifted position, so the attacker's shares are worth more than when they deposited. Combined with the borrow proceeds, this covers the flashloan repayment. 6. Walk away with a small profit. wstUSR stays locked as collateral permanently. Each loop was limited by how much wstUSR the attacker had, so between loops they kept buying more on the open market. That pressure drove wstUSR from ~$0.12 to ~$0.75. The loop ran 32 times over ~75 minutes. Silo's allocator noticed and called reallocate() to move the remaining 154k to an idle holding vault. It didn't help. The idle vault was in soUSDC's withdrawal queue. Each flashloan loop inflated soUSDC's book value by depositing to the wstUSR market, but that market had nothing liquid to withdraw since it was immediately borrowed out. So soUSDC pulled the shortfall from the idle vault every single time. 154k gone in 40 seconds across 20 transactions. soUSDC depositors are now exposed to ~392k of undercollateralised debt at 100% utilisation. What could Silo have done? The oracle used by the wstUSR market is hardcoded as immutable in the SiloConfig contract. The only option available was removing the wstUSR market from soUSDC's withdrawal queue before anyone exploited it. That process requires three steps, each behind the vault's 48h timelock: enable the market with a nominal cap, set the cap back to 0, submit removal and wait for it to finalise. Six days total. They didn't start it. What can they do now? They can still run that same six-day process. It won't recover the 392k, but it prevents a repeat. They should also remove the soUSDC vault from the UI to prevent new deposits. SiloVault is forked from @Morpho's MetaMorpho contract (Silo's own source code says `Forked with gratitude from Morpho Labs`). Any MetaMorpho/SiloVault-style vault that (1) counts externally credited market balances in totalAssets(), (2) leaves the toxic market in the withdraw queue, and (3) relies on a stale or structurally incomplete pricing path can be exposed to this same class of attack. Example exploit tx: arbiscan.io/tx/0xd354389e6… Exploiter: debank.com/profile/0x8170… soUSDC Vault: v2.silo.finance/vaults/arbitru… wstUSR market: v2.silo.finance/markets/arbitr… Failed rescue tx: arbiscan.io/tx/0x3235decc8… Oracle: #readContract" target="_blank" rel="nofollow noopener">arbiscan.io/address/0x6BC7…