November 2022 Kickstart with $32+ Million in DeFi Hacks🚨

In brief⚡

Events Under the Spotlight💥

  • Deribit, a cryptocurrency derivatives platform, was hacked for $28 million late November 1 (UTC).
  • During the breach, attackers gained access to Deribit’s Bitcoin, Ethereum, and USDC hot wallets.
  • Client assets, Fireblocks, and cold storage addresses are unaffected.
  • Attacker’s ETH address: 0xb0606f433496bf66338b8ad6b6d51fc4d84a44cd
  • Attacker’s BTC address: bc1qw5g8lw4kzltpdcraehy2dt6dqda8080xd6vhl4kg4wwsypwerg9s3x6pvk

Check out this blog for a detailed analysis of this Incident.

  • An exploiter had manipulated the Oracle price of an asset on their platform, allowing them to take out a loan that resulted in a $1.26 million loss for the platform.
  • The attacker took advantage of a flaw in the project’s price-data oracle, which tracks the prices of various crypto assets.
  • The attack targeted three lending pools holding Hubble stablecoins, Coin98 tokens, and Kamino tokens.
  • An attacker gained access to the private key of an admin wallet for the Rubic crypto exchange and transferred approximately 34 million Rubic tokens.
  • The tokens were then sold on the decentralized exchanges Uniswap and PancakeSwap.
  • The stolen tokens were nominally worth nearly $2.8 million (but given the lack of liquidity to absorb such a large scale, it’s unlikely the attackers could exchange them for that much.
  • The NEAR-based token launchpad’s treasury was drained of 1.1 million NEAR, worth approximately $3.2 million.
  • The exploit caused the SKYWARD price to plummet by 90%.
  • The attackers allegedly purchased large amounts of Skyward Tokens on Ref Finance, then redeemed them through the Treasury on Skyward Finance, earning more than the original investment in Skyward Tokens.

Check out this blog for a detailed analysis of this Incident.

Trending Blog of the Week🚀

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store