Crypto Hack Weekly Report: DeFi Double Trouble & A $70M Phishing Attack

29th April to 4th May 2024

This week has been particularly eventful in the crypto world, marked by significant hacks that have been felt throughout the community. From Pike Finance’s second breach in just a few days to a trader’s unfortunate loss due to a phishing scam, the landscape of crypto security has once again come into focus.

There’s still a lot to be learned from an unfortunate situation. Here’s what went down.

A Detailed Recap

1. Pike Finance Suffers Double Attack

Pike Finance, a notable DeFi lending platform, faced its second exploit within a short span of three days, resulting in a substantial loss of $1.68 million across Ethereum, Arbitrum, and Optimism networks.

The attacker exploited critical flaws in Pike Finance’s smart contracts, gaining control over the protocol’s output address. This orchestrated move led to the transfer of $1.4 million worth of ETH, $150 thousand of OP, and over $100 thousand of ARB.

Interestingly, this incident occurred shortly after another breach on April 26th, where Pike Finance lost $300,000, indicating vulnerabilities in its security measures.

2. Yield Protocol: Vulnerable and Exploited!

In a cautionary tale, the defunct DeFi lending platform, Yield Protocol, fell victim to hackers who exploited vulnerabilities on the Arbitrum blockchain. Despite going offline in December 2023, Yield Protocol suffered a theft of approximately $181,000 in crypto assets due to manipulations within its smart contracts.

Investigations revealed that the attacker exploited anomalies in pool tokens using flash loan assets, highlighting the importance of robust security measures. Unfortunately, attempts to recover the stolen assets were futile as support for Yield Protocol had ceased months prior.

3. A Costly Mistake

More complex is a case when this crypto user mistakenly sent his 1,155 WBTC Wrapped Bitcoin to a bad actor’s wallet losing $68 million. His wallet was drained of over 97% of its total assets. The rest of its contents have since been removed, leaving them with just $13.56 worth of ETH. 

The vulnerability was based on imitating an ETH transfer of 0.05 ETH and causing the victim to send a large number of WBTCs instead. The transfer history of the victim was breached and the victim was made to send the money to the address belonging to the real exploiter who presented his address as legitimate. 

This method of address poisoning confirmed by reputable blockchain security firms such as CertiK, proves how seriously cryptocurrency owners should safeguard their transactions from sophisticated phishing attacks.

Also Check Out: Attacker Steals $71 Million in an Extremely Sophisticated Phishing Attack That Fooled the Investor

These examples should serve as a wake-up call to all crypto users, regardless of experience. As technology evolves, so do the tactics of those seeking to exploit it. By staying informed about the latest threats, implementing robust security measures, and exercising skepticism, users can navigate the crypto markets with ease.


Earn more PRC tokens by sharing this post. Copy and paste the URL below and share to friends, when they click and visit Parrot Coin website you earn: https://parrotcoin.net0


PRC Comment Policy

Your comments MUST BE constructive with vivid and clear suggestion relating to the post.

Your comments MUST NOT be less than 5 words.

Do NOT in any way copy/duplicate or transmit another members comment and paste to earn. Members who indulge themselves copying and duplicating comments, their earnings would be wiped out totally as a warning and Account deactivated if the user continue the act.

Parrot Coin does not pay for exclamatory comments Such as hahaha, nice one, wow, congrats, lmao, lol, etc are strictly forbidden and disallowed. Kindly adhere to this rule.

Constructive REPLY to comments is allowed

Leave a Reply