Special Report: Four-Day Crypto Hacking, Phishing Spree Nets Bad Actors $106.5 Million

Rari Capital and Fei Protocol lose $77 million, Hacker nets $10 million from Saddle Finance, Deus Finance exploited for $13.4 million, Bored Apes phishing scheme scams $6.1 million

May 2

April was one of the cruelest months for cryptocurrency projects, with many hacks and cyber incidents, causing a total loss of around $359 million. Approximately 30% of this total came in a five-day spree beginning April 28th. Our special report highlights these four incidents.

Fei Protocol said they suffered a $77 million hack five months after their merger.

Fei offered the hacker a $10 million bounty if they returned the remaining user funds, “no questions asked.” Meanwhile, the hacker has already started moving crypto to Tornado Cash, allowing users to mask transactions. The hacker drained funds from several Fuse pools by exploiting a reentrancy vulnerability. (Emily Nicolle and Sidhartha Shukla / Bloomberg)

BlockSec @BlockSecTeam

Our monitoring system detected that multiple pools related to @RariCapital @feiprotocol were attacked, and lost more than 80M US dollars. The root cause is due to a typical reentrancy vulnerability. @defiprime versatile.blocksecteam.com/tx/eth/0xadbe5…

A decentralized exchange for trading stablecoins, Saddle Finance, was hacked in a DeFi exploit, with the hacker netting over $10 million in ether cryptocurrency.

Smart contract audit firm BlockSec rescued $3.8 million from the exploiters who initially stole $13.8 million with an "internal system" that can detect and front-run hacking incidents using off-chain arbitrage bots called flashbots. (Vishal Chawla / The Block)

Related: BeInCrypto, CryptoPotato

PeckShield Inc. @peckshield

1/ @saddlefinance was exploited in a flurry of txs (etherscan.io/tx/0x2b023d654… and etherscan.io/tx/0xe7e047479…), resulting in the protocol loss of >$10M.

Security researchers at PeckShield said that decentralized finance (DeFi) application Deus Finance was exploited for the second time in two months, with the attacker gaining more than $13.4 million of cryptocurrency.

The attacker used a flash loan to trick the way Deus's smart contracts read data on the platform’s liquidity pools. This technique allowed the attacker to artificially inflate the value of some assets, borrow funds and make a profit after repaying the loan. (Shaurya Malwa / CoinDesk)

Related: The Block, Bitcoinist, The Record

PeckShield Inc. @peckshield

The @DeusDao was exploited today in ftmscan.com/tx/0x39825ff84… with ~$13.4M gain for the hacker (The protocol loss may be larger).Fantom Transaction Hash (Txhash) Details | FtmScanFantom (FTM) detailed transaction info for txhash 0x39825ff84b44d9c9983b4cff464d4746d1ae5432977b9a65a92ab47edac9c9b5. The transaction status, block confirmation, gas fee, FTM, and token transfer are shown.ftmscan.com

Some of the historically phishing-prone fans of the pricey Bored Apes project fell for scams that pretended to be the Bored Apes' new land project, called "Otherside.”

One address netted around $1 million and two other scammer wallets contained $5.1 million of other stolen NFTs. (Molly White / Web3isGoingJustGreat)

Related: The Gamer

zachxbt @zachxbt

1/ As we all anticipated Otherside phishing sites would appear Today 0xb87 stole $1.03m (369 ETH) worth of NFTs. Most notably 4 MAYC, 1 BAYC, & 30+ SandboxNFT This lead to 0xa8 & 0x5d which have $5.1m worth of stolen NFTs! 4 BAYC, 19 Azuki, 2 MAYC, 2 WOW & more $6.2m in total!

Gergely Orosz @GergelyOrosz

"Web 3 is going great" by @molly0xFFF is a masterpiece and required reading for anyone planning to invest their savings in web3. The past 2 days, $91M has been stolen in 3 hacks. This month: $359M. This year so far: $1.76B. These numbers are hard to comprehend: yet real.

$91M frad in web3 projects the past 3 days

$385M frad in web3 projects the past month

Image by Sergei Tokmakov Terms.Law from Pixabay

Metacurity