Security Incidents in Dec. 2022

Security Incidents / February 3, 2023 / 5 minutes of reading

Here is an overview of the high-profile hacks that occurred in the global DeFi space during the month of December 2022.   

Hacks in December

  1. Helio 

December 2, 2022:  Helio Money was hacked for 19 million due to the previous vulnerabilities from Ankr Protocol. A hacker bought large amounts of depegged aBNB from PancakeSwap and borrowed HAY using aBNB as collateral, profiting 15.5M. Another user profited from a similar method, approximately 3.5M. 

Root cause: Oracle Manipulation 

Loss: approx. $19M 

Reference: Online News 

Claimable event: No 

  1. Ankr 

December 2, 2022: Ankr Protocol was exploited by an ex-employee through a private key leakage. With the deployer key stolen, the hacker was able to mint a total of 60 trillion aBNBc which was swapped to BNB tokens worth 5 million USDC 

Root cause: Private Key Leakage 

Loss: $5M 

Reference: Twitter Announcement by Ankr 

Claimable event: No 

  1. Lodestar Finance 

December 11, 2022: Arbitrum-based lending protocol Lodestar Finance was exploited in a flash loan attack. The attacker manipulated the price of PlutusDAO’s plvGLP token, allowing him to drain lending pools for a profit of approximately 6.5 million. 

Root cause: Price Manipulation/Economic Attack  

Loss: approx. $6.5M 

Reference: Twitter Announcement by Lodestar Finance 

Claimable event: No 

  1. Polynomial Protocol 

December 12, 2022: Polynomial Protocol was hacked due to a flaw in its deposit contract. The swapAndDeposit () function had no restrictions on its input, which resulted in the theft of contract-approved tokens. 

Root cause: Smart Contract Vulnerability 

Loss: approx. $7K 

Reference: Twitter Announcement by Polynomial Protocol 

Claimable event: Yes (Smart Contract Cover) 

  1. Elastic Swap 

December 13, 2022: Elastic Swap was hacked due to a price manipulation attack. The calculation methods for adding and removing liquidity from contracts was flawed which allowed the attacker to drain liquidity for profit. 

Root cause: Smart Contract Vulnerability  

Loss: $850K 

Reference: Analysis by QuillAudits 

Claimable event: Yes (Smart Contract Cover) 

  1. NimbusPlatform 

December 14, 2022: NimbusPlatform was attacked due to a flaw in the calculation of its rewards. It only depends on the number of tokens in the pool, which opened up an opportunities for flash loans to obtain more rewards than expected. 

Root cause: Smart Contract Vulnerability  

Loss: 278 BNB 

Reference: Analysis By Slowmist 

Claimable event: Yes (Smart Contract Cover) 

  1. Raydium 

December 16, 2022: Raydium, a Solana-based AMM lost approximately $4.4M from its liquidity pools. The private key for the pool owner account was compromised which allowed the attacker to drain accumulated protocol fees. 

Root cause: Private Key Leakage 

Loss: approx. 4.4M 

Reference: Twitter Announcement by Pando 

Claimable event: No

  1. Bored Apes 

December 17, 2022: A scammer stole 14 Bored Apes from an individual through an elaborate plan which involved posing as a casting director wanting to use those NFTs for an animation. The vicitim was asked to sign a contract which required his crypto wallet. Upon doing so, the smart contract emptied all his NFTs and sold them for over $1 million. 

Root cause: Phishing Attack 

Loss: approx. 1M 

Reference: Analysis by QuillAudits 

Claimable event: No 

  1. mgnr 

December 19, 2022:  mgnr, a quantitative trading company was rug pulled, with the deletion of all tweets and emptying of its wallet. The address mgnr.eth transferred 43.6 million USDC to Coinbase and 8 million USDC to the Genesis Trading address. 

Root cause: Rug Pull 

Loss: 52M 

Reference: Analysis by QuillAudits 

Claimable event: No  

  1. Defrost Finance V2 

December 23, 2022: Defrost Finance V2 was hit with a flash loan attack. The hacker manipulated the the LSWUSDC share price for a profit for almost $173,000 

Root cause: Economic Attack 

Loss: $173K 

Reference: Twitter Announcement by Defrost Finance 

Claimable event: No 

  1. Defrost Finance V1 

December 25, 2022: Defrost Finance V1 was also compromised through the addition of fake collateral tokens. Fake collateral tokens were minted and malicious price oracles was used to liquidate current users. Stolen funds have since been returned according to Defrost’s team. 

Root cause: Private Key Leakage 

Loss: approx. $12M 

Reference: Twitter Announcement by Defrost Finance 

Claimable event: No  

  1. Rubic 

December 25, 2022: The multi-chain exchange protocol Rubic was hacked due to vulnerability in its contracts. The attacker was allowed to create a custom smart contract that could pass malicious input, resulting in unintended behaviour. The attacker has since transferred 1,100 ETH to the Tornado Cash mixing protocol. 

Root cause: Smart Contract Vulnerability 

Loss: 1.4M 

Reference: Online News 

Claimable event: Yes (Smart Contract Cover) 

  1. BitKeep 

December 26, 2022: BitKeep wallets were hacked through the download of a malicious APK file. The attacker created mulitple fake sites that recommended users to update their wallet apps by downloading the APK file. Their seed phrases were stolen and stolen funds were transferred through 5 other wallets. 

Root cause:  Phishing 

Loss: approx. 77K 

Reference: Online News 

Claimable event: No 

  1. Dictum Exchange 

December 31, 2022: Dictum Exchange was compromised through a rug pull disguised as an airdrop. Liquidity pools were rugged and users have been removing liquidity since the announcement. 

Root cause:  Rug Pull 

Loss: Unknown 

Reference: Twitter Announcement 

Claimable event: No 

  1. Luke Dashjr 

December 31, 2022: One of Bitcoin’s core developer Luke Dashjr has claimed that his wallet was hacked due to a PGP key compromise. Luke’s wallet had multiple ongoing transactions, totalling to approximately 200 BTC. 

Root cause:  Private Key Leakage 

Loss: approx. $3.3M 

Reference: Online News 

Claimable event: No 

The crypto industry has generated a lot of excitement; however, there are a lot of risks attached. Security incidents occur from time to time, all users should enhance their own security awareness to avoid serious losses. 

InsurAce.io currently offer insurance protections for: 

  • Smart contract vulnerability risk: the smart contract of the covered protocol gets hacked; 
  • Custodian risk: the custodian gets hacked where the user loses more than 10% of their funds, and/or withdrawals from the custodian are halted for more than 90 days; 
  • Stablecoin De-Peg risk: the stablecoin moves significantly below its pegged price 

For details on the coverage and exclusions for each cover, kindly read Cover Wording here. 

🛡 Get your investment funds protected with InsurAce.io: Buy Cover 

Must Read

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top