Naveen

On Aug 1, the defi protocol @Convergence_fi was exploited for ~$210k when the hacker exploited a vulnerability in the CvxRewardDistributor contract. In an official post on their ‘X’ handle, @Convergence_fi has advised its users not to interact with the protocol and withdraw assets staked on the platform. The 58M CVG stolen by the exploiter were part of tokens dedicated to staking emissions. In addition, the hacker also got away with $2,000 of unclaimed rewards from Convex. The attacker was initially funded through the infamous Tornado Cash by address etherscan.io/address/0x912c… After the exploit, the CVG token prices took a major hit and have not recovered since. The Vulnerability The vulnerable CvxRewardDistributor contract is responsible for minting CVG rewards to eligible stakers and and holding the rewards claimed from Convex, which in turn can be claimed by the stakers. Due to a bug, the input given by the user in the function claimMultipleStaking() of the said contract was not being validated. The hacker manipulated this bug to deploy a malicious contract to mint all tokens meant for staking emissions (58,000,000 CVG) only to dump the newly minted CVG into liquidity pools. Why is this Bug not Fixed in the Audit? To achieve gas optimization, the developers had modified/removed that line from the smart contract's code, which validated the user input given to the function claimMultipleStaking(). These changes were made post-audit; therefore, the auditors couldn’t have done anything to avoid the exploit. Hack Technical Details Attacker Address: etherscan.io/address/0x0356… Attack Txn: etherscan.io/tx/0x636be30e5… Attack Contract Address: etherscan.io/address/0xee45… Target contract: CvxRewardDistributor etherscan.io/address/0x2b08… #Hacked #exploited #crypto #CryptoInvestor #CryptoInvestment #CryptoInvesting #cryptomarket #CryptoCommunity #web3community #bugbountytips #Blockchain #Blockchain101 #WEB3 #web3community #web3jobs #BugBounty #blockchaintechnology #blockchaindevelopment #blockchaingaming #blockchainrevolution #blockchaineducation #blockchains #blockchaincommunity #blockchainjobs #blockchainsecurity #blockchaindevelopers #blockchainsolutions #blockchaintech #web3development #web3education #web3event #cryptocurrency #cryptocurrencynews #cryptocurrencies #cryptonews #bugbountytip #cryptowallet #smartcontracts

On July 24, 2024, the decentralized exchange and staking platform MonoSwap @monoswapio on the Blast chain was exploited, resulting in a significant loss of approximately 💰$1.3M. How the Hack Happened? In an official post on their X handle, @monoswapio claimed that the exploit

🏴‍☠️ On This Day: Revisiting Past 😈#Crypto #Hacks On July 24, 2023, the decentralized exchange @Palmswaporg, on the Binance smart chain, was exploited for ~💰$900k by manipulating a smart contract vulnerability. The Smart Contract Vulnerability The primary reason for the exploit was a flaw in the calculations used to add or remove liquidity from the pool. This calculation was made to determine the exchange rate between USDP(Palm USD) and PLP(Palm Lp). The getAum() function, which calculated the PLP price after removing liquidity, was dependent upon the value of PoolAmount. Due to the miscalculation, the price of PLP increased every time the buyUSDP() was called to buy USDP. The hacker manipulated this miscalculation and made profits due to the difference in the exchange rate between USDP and PLP while removing and adding liquidity. The analysis showed that the hacker used a buying exchange rate of 1:1, whereas the selling exchange rate was 1:1.9, which explains the profit of ~$900k. How to Prevent Such Hacks? 👉 @ImmuneBytes offers reliable and effective smart contract and blockchain security audit services that can help prevent possible exploits by malicious actors in the Web3 space. Reach out for an audit for your Web3 project at 🔍 🔎immunebytes.com/contact-us/ Technical Details of the Hack: Attacker Address: bscscan.com/address/0xF84e… Victim Contract: bscscan.com/address/0x5525… Exploit Transaction: bscscan.com/tx/0x62dba5505… #Hacked #exploited #crypto #CryptoInvestor #CryptoInvestment #CryptoInvesting #cryptomarket #CryptoCommunity #web3community #bugbountytips #Blockchain #Blockchain101 #WEB3 #web3community #web3jobs #BugBounty #blockchaintechnology #blockchaindevelopment #blockchaingaming #blockchainrevolution #blockchaineducation #blockchains #blockchaincommunity #blockchainjobs #blockchainsecurity #blockchaindevelopers #blockchainsolutions #blockchaintech #web3development #web3education #web3event #cryptocurrency #cryptocurrencynews #cryptocurrencies #cryptonews #bugbountytip #cryptowallet #smartcontracts

In a major security breach on July 18, @WazirXIndia—one of the largest cryptocurrency exchanges in India, was hacked for an astonishing ~💰$234M. As per the official release by WazirX India, the breach happened in one of the multisig wallets. WazirX India is currently

RT @ImmuneBytes: On July 16, @lifiprotocol was exploited to steal ~💰$9.7M worth of crypto assets on the Ethereum and Arbitrum chains. The l…

On July 14, the cryptocurrency lending protocol @Minterest on the #mantle chain was exploited for ~💰$1.4M. The hack investigation is currently underway to uncover the reasons behind the exploit. Meanwhile, Minterest has temporarily paused its “Supply & Borrow” and “Repay &

Just in: On July 12, the defi @DoughFina on the #Ethereum chain has been exploited for ~💰$1.8m worth of crypto assets. @DoughFina has already acknowledged the hack through its official X handle. Although the hack investigation is still underway but, the likely cause behind

🏴‍☠️ On This Day: Revisiting Past 😈#Crypto #Hacks On 😈July 10, 2022, the Omni Protocol, a decentralized finance (DeFi) platform, was compromised in a significant security breach. The exploit resulted in the loss of approximately 💰$1.4 million worth of cryptocurrency.

On July 2, 2024, the WMRP token contract on the #BNB chain was exploited for 103 BNB worth ~💰$58k. The attack was carried out by manipulating the price of the MRP using a reentrancy attack. The detailed hack analysis is underway, but executing crypto exploits using

🏴‍☠️ On This Day: Revisiting Past 😈#Crypto #Hacks June 27, 2023, marks the day of the exploit for Themis Protocol, a decentralized lending and borrowing platform on the #Arbitrum chain. The exploit caused losses of ~💰$370K to the protocol. The attack was carried out by

🏴‍☠️ On This Day: Revisiting Past 😈#Crypto #Hacks On June 26, 2022, the NFT lending pool @XCarnival_Lab’s XToken lending contract on #ethereum was exploited for ~💰$3.8M (~3,087 $ETH) The hack was a result of a smart contract vulnerability, which allowed the hacker to use

🏴‍☠️ On This Day: Revisiting Past 😈#Crypto #Hacks Harmony’s Horizon Bridge, a cross-chain bridge, was exploited for 💰$100M on June 24, 2022. The hacker used the compromised private keys in the @harmonyprotocol and stole multiple cryptocurrencies, including ETH, USDC, WBTC,

🏴‍☠️ On This Day: Revisiting Past 😈#Crypto #Hacks On June 17, 2023, the defi protocol Midas Capital on the BNB chain was exploited to steal 💰$600K worth of crypto assets. The critical vulnerability responsible for the exploit at Midas Capital was a rounding issue within its lending protocol. This protocol, a derivative of Compound Finance's V2 codebase, had a flawed redemption process, which the attacker manipulated using a rounding issue and flash loans. The detailed analysis of the Midas Capital hack can be found here: immunebytes.com/blog/midas-cap… 🤔Coincidentally, the same rounding issue was behind the 💰$7.4M exploit of @HundredFinance in April 2023. immunebytes.com/blog/hundred-f… Useful Read: immunebytes.com/blog/precision… How to Prevent Such Hacks? The exploiter carried out the attack by exploiting a vulnerability in the smart contract which could have been identified by a detailed and careful analysis of the smart contract before its deployment on the mainnet. 👉 @ImmuneBytes offers reliable and effective smart contract and blockchain security audit services that can help in preventing possible exploits by malicious actors of the Web3 space. Reach out for an audit for your Web3 project at 🔍 🔎immunebytes.com/contact-us/ You can also connect with us here t.me/immunebytes #Hacked #exploited #crypto #CryptoInvestor #CryptoInvestment #CryptoInvesting #cryptomarket #CryptoCommunity #web3community #bugbountytips #Blockchain #Blockchain101 #WEB3 #web3community #web3jobs #BugBounty #blockchaintechnology #blockchaindevelopment #blockchaingaming #blockchainrevolution #blockchaineducation #blockchains #blockchaincommunity #blockchainjobs #blockchainsecurity #blockchaindevelopers #blockchainsolutions #blockchaintech #web3development #web3education #web3event #cryptocurrency #cryptocurrencynews #cryptocurrencies #cryptonews #bugbountytip #cryptowallet #smartcontracts #SmartContractSecurity

🏴‍☠️ On This Day: Revisiting Past 😈#Crypto #Hacks On June 12, 2023, defi protocol Sturdy Finance was exploited due to a smart contract vulnerability. In the attack, @SturdyFinance lost 442 ETH worth ~$775k. The manipulated vulnerability was the read-only reentrancy in the

MEV Bot service provider @JokInTheBoxETH on the #ethereum chain suffered an exploit on June 11 and lost ~💰$34K worth of its assets. The lost assets include ~109 billion $JOK, which were swapped for 9.12ETH by the attacker post-hack. Team @JokInTheBoxETH acknowledged the

The Defi protocol @UwU_Lend was exploited in an attack on June 10, resulting in the loss of ~💰$20M worth of crypto assets. The Attack The initial analysis indicates that the attacker (who was initially funded by Tornado Cash) carried out the attack using Oracle price

🏴‍☠️ On This Day: Revisiting Past 😈#Crypto #Hacks On June 10, 2023, Atlantis Loans (an abandoned project on the BNB Chain) experienced a governance attack, which resulted in a loss of over 💰$1 million. The exploiter managed to establish themselves as the administrator of the

On June 9, the Defi ZK-rollup protocol @loopringorg on the #ethereum chain was exploited for ~💰1373 $ETH worth ~ 💰$5M. How the Hack Happened? The hacker breached the security (2FA service) of the Loopring Official Guardian wallet and obtained the required privileges to pose

Velocore—the decentralized exchange (DEX) protocol on zkSync and Linea—was hacked on June 2, causing a loss of ~💰$10M of the users’ funds. The root cause of the hack has been found to be the vulnerabilities within the Balancer-style CPMM pool contract. The Vulnerabilities

On This Day: Revisiting Past 😈#Crypto #Hacks May 29, marks the day of multiple hacks in the Web3 space. 📌On May 29, 2021, defi Belt Finance @BELT_Finance on Binance Smart Chain (BSC) came under a flash loan attack and lost ~$6.2M worth of cryptocurrencies. The exploiter