- One of the largest is the flash loan reentrancy attack on Platypus Finance.
- DefiLlama has highlighted seven noteworthy hacks in February.
- The first hack in February was the price oracle attack on BonqDAO.
According to data from DeFi aggregator DefiLlama more than $21 million in cryptocurrencies was stolen by hackers from DeFi platforms in February.
In the data report, DefiLlama highlighted seven major hacks that amount to $21 million.
Seven major February DeFi hacks
1. $1.7 million BonqDAO hack
Bonq protocol was on February 1, 2023, exposed to an oracle attack that allowed the hacker(s) to manipulate the price of the AllianceBlock (ALBT) token.
The hacker altered the price of the ALBT token upwards and then minted a large number of BEUR which was then swapped for other tokens on Uniswap. The hacker then decreased the price of ALBT to almost zero triggering the liquidation of ALBT trovers.
In the process, the hacker only managed to steal about $1 million due to a lack of liquidity.
2. $3 million Orion Protocol hack
On the following day (February 2, 2023) decentralized exchange Orion Protocol lost about #3 million through a reentrancy attack.
The hackers used a malicious smart contract to steal funds using repeated withdrawal orders.
3. $3.65 million dForce Network hack
On February 10, a white hat hacker stole about $3.65 million in crypto. The hacker however later returned all the funds.
dForce confirmed the return of the funds on February 13 saying:
“On Feb. 13, 2023, the exploited funds were fully returned to our multi-sig on both Arbitrum and Optimism, a perfect ending for all.”
4. $9.1 million Platypus Finance hack
DeFi protocol Platypus Finance lost about $8.5 million through a flash loan attack on February 16, 2023.
A postmortem of the hack revealed that the hacker took advantage of a code that was in the wrong order.
The Platypus Finance team later confirmed the second and third exploits that resulted in another $667,000 loss, bringing total losses to around $9.1 million.
The French police, however, arrested two suspects related to the hack and seized around $222,000 in cryptocurrency assets on February 25.
5. $2 million Dexible hack
On February 17, Multichain exchange aggregator Dexible lost about $2 million worth of cryptocurrencies after the aggregator was hit by a hacker targeting the app’s selfSwap function.
The hacker exploited a vulnerability in the app’s newest smart contract allowing them to steal funds from wallets that had unspent spend approval on the contract. The attacker(s) withdrew the tokens through Tornado Cash into unknown BNB wallet addresses.
6. $1.86 million Hope Finance hack
On February 20, arbitrum-based algorithmic stablecoin project, Hope Finance, lost about $2 million after a smart contract exploit.
The funds were stolen from users’ accounts.
7. $700,000 LaunchZone hack
The LaunchZone hack which caused the protocol’s native token, LaunchZone (LZ), price to nosedive was the last of the major DeFi hacks in February. It took place on February 27 resulting in a loss of about $700,000 in cryptocurrencies.
The hacker reportedly leveraged the vulnerability of an unverified smart contract to drain assets from the platform.
DefiLlama’S February figures show a rise from January figures which stood at $740,000 from two DeFi hacks –ROE Finance and Midas Capital.
According to crypto crime reports, DeFi protocols lost about $3.1 billion worth of crypto assets to hackers in 2022, which is over 82% of the total funds lost to hacks across the wider cryptocurrency market.