Summary: On February 27th, 2023, the SwapX Project was exploited on the BNB Chain due to a lack of access control. The attacker exploited the vulnerability to manipulate the price of the DND tokens, resulting in a total loss of $1 million of users' funds. Vulnerability Analysis & Impact: The Root Cause: The contract was unverified, and after…

Summary: On February 10, dForce experienced an attack that resulted in a total loss of $3.64 million across both Optimism and Arbitrum Chain. It was a price manipulation attack due to the “Read-only Reentrancy” vulnerability. Around $1.73M was lost on Optimism and $1.91M on Arbitrum. Introduction to dForce Protocol: dForce promotes the development of a…

Summary On February 2, 2023, the Orion Protocol was exploited on Ethereum and the BNB Chain. The attack was caused by a reentrancy vulnerability in the swap function of the contract, which resulted in an asset loss of almost $3 million, i.e., $191,030 on BSC and $2,836,206 on the Ethereum Chain. Introduction to Orion Protocol …

Summary: On February 1, 2023, BONq DAO was exploited with an oracle attack. The attackers completely changed the price of AllianceBlock’s $ALBT tokens via an oracle manipulation technique, which led to estimated losses of about $120 million. BONq DAO: Bonq is a non-custodial, decentralized, and over-collateralized lending platform that allows users to borrow…

In brief⚡

Summary: On January 18, 2023, Thoreum Finance on BNB chain was exploited. The cause of the attack was a bug in the transfer function of the contract. The exploit caused the loss of approximately 2261 BNB ($680K) from the protocol. Then, the attacker used Tornado Cash to transfer the stolen money. About Thoreum Protocol: …

Summary On January 17, 2023, the OMNI Real Estate Project (ORT Token) on the BNB chain was hacked. The main cause of the attack was insufficient checks in their staking pool contract. The attacker stole around 236 BNB, i.e., roughly $70K, at the time of the attack. Introduction to OMNI Group and ORT Token: Omni Group offers a…

In brief⚡

Summary: On the 11th of January, 2023, ROE Finance was attacked in Ethereum Chain. The attacker used Flash loans to create an imbalance in one of the pools and manipulate the price. Then he drained the balance of the victim pool leading to the loss of $80K. Introduction to ROE Finance: The ROE product ecosystem…