🔐 Smart Contract Incidents

Poly Network, a cross-chain protocol, fell victim to one of the largest attacks in DeFi history. The attacker exploited a vulnerability in the cross-chain manager function, allowing them to gain control over private keys and withdraw funds from three blockchains: Ethereum, Binance Smart Chain, and Polygon. The attack was possible due to insufficient input validation in the function responsible for validating transactions between blockchains. The attacker was able to forge signatures and bypass the security system, leading to the theft of over 600 million dollars in various cryptocurrencies. After the attack, the Poly Network team appealed to the attacker to return the funds, and most of the funds were returned. The incident demonstrated the critical importance of security auditing for cross-chain protocols and the need for stricter checks in smart contract code.

Wormhole, a popular bridge between blockchains, was attacked, resulting in the theft of 325 million dollars. The attacker exploited a vulnerability in the signature validation system, allowing them to create fake transactions and withdraw funds from the protocol. The problem was that the system did not properly verify the authenticity of validator signatures, allowing the attacker to bypass security mechanisms. The attack was particularly devastating because Wormhole is one of the main bridges between Ethereum and Solana, and many DeFi protocols rely on its security. After the incident, the Wormhole team received financial support from Jump Crypto to cover losses, but the reputational damage was significant. This case highlighted the importance of thorough auditing of validation systems and the need for stricter checks in cross-chain protocols.

Ronin Network, the blockchain for the game Axie Infinity, was attacked, resulting in the theft of 625 million dollars. The attackers gained access to the private keys of network validators, allowing them to sign fraudulent transactions and withdraw funds from the bridge between Ethereum and Ronin. The attack was possible due to insufficient infrastructure security and social engineering. The attackers were able to gain access to four of the nine network validators, giving them control over the majority of votes in the consensus system. This incident demonstrated the vulnerability of systems based on multisignature when security depends on human factors. After the attack, Ronin Network switched to a more secure validation system and increased the number of validators, but the damage to the Axie Infinity ecosystem was significant.

Nomad Bridge, a cross-chain protocol, was attacked, resulting in the theft of 190 million dollars. The attackers used a vulnerability in the message validation system, allowing them to create fake transactions and withdraw funds from the protocol. The problem was that the system did not properly verify message hashes and their signatures, making it possible to create fraudulent transactions. The attack was particularly devastating because many users lost their funds, and trust in cross-chain protocols was undermined. After the incident, Nomad Bridge suspended operations and began the recovery process, but many users were unable to recover their funds. This case highlighted the importance of thorough auditing of validation systems and the need for stricter checks in cross-chain protocols.

Beanstalk Farms, a DeFi protocol for stablecoins, was attacked, resulting in the theft of 182 million dollars. The attacker used a flash loan to gain temporary control over a large number of governance tokens, allowing them to vote for a malicious proposal that withdrew all funds from the protocol. The attack was possible due to shortcomings in the protocol governance system and lack of protection against flash loan attacks. The attacker was able to bypass security mechanisms and gain control over the protocol for a short time, but this was enough to steal all funds. After the attack, Beanstalk Farms suspended operations and began the recovery process, but many users lost their investments. This incident demonstrated the importance of protection against flash loan attacks in DeFi protocols.

Harmony Bridge, a cross-chain protocol, was attacked, resulting in the theft of 100 million dollars. The attackers gained access to the private keys of multisignature validators, allowing them to sign fraudulent transactions and withdraw funds from the bridge. The attack was possible due to insufficient infrastructure security and social engineering. The attackers were able to gain access to two of the five validators, giving them control over the multisignature system. This incident demonstrated the vulnerability of systems based on multisignature when security depends on human factors and physical infrastructure security. After the attack, Harmony Bridge suspended operations and began the recovery process, but many users lost their funds.

Wintermute, a major cryptocurrency trading firm, lost 160 million dollars due to a vulnerability in a smart contract. The problem was in the incorrect implementation of a function that allowed attackers to access funds without proper authorization. The vulnerability was that the smart contract did not properly verify access rights and allowed critical operations to be performed without necessary permissions. The attackers were able to exploit this vulnerability and withdraw funds from the contract. After discovering the attack, Wintermute suspended operations and began an investigation, but the damage was significant. This incident demonstrated the importance of thorough security auditing for all smart contracts, especially those managing large amounts of funds.

Mango Markets, a DeFi protocol on Solana, was attacked, resulting in the theft of 117 million dollars. The attacker used price manipulation to exploit a vulnerability in the collateral system. The attacker was able to artificially inflate the price of the MNGO token, allowing them to obtain large loans against collateral and then withdraw funds from the protocol. The vulnerability was that the system did not have sufficient protection against price manipulation and allowed the use of inflated prices for obtaining loans. After the attack, the attacker offered to return some funds in exchange for immunity from prosecution, which caused controversy in the community. This incident demonstrated the importance of protection against price manipulation in DeFi protocols.

Rari Capital, a DeFi lending protocol, was attacked, resulting in the theft of 80 million dollars. The attacker exploited a vulnerability in the smart contract that allowed repeated function calls before the initial transaction was completed. This allowed the attacker to repeatedly withdraw funds from the protocol within a single transaction. The vulnerability was that the contract did not use the checks-effects-interactions pattern and did not check the state before performing critical operations. After the attack, Rari Capital suspended operations and began the recovery process, but many users lost their funds. This incident demonstrated the importance of protection against reentrancy attacks in smart contracts.

Cream Finance, a DeFi lending protocol, was attacked, resulting in the theft of 130 million dollars. The attacker used a flash loan to gain temporary control over a large number of tokens, allowing them to exploit a vulnerability in the protocol's pricing system. The attack was possible due to shortcomings in the price determination mechanism and lack of protection against liquidity manipulation. The attacker was able to artificially inflate the price of a specific token, allowing them to obtain large loans against collateral and then withdraw funds from the protocol. After the attack, Cream Finance suspended operations and began the recovery process, but many users lost their investments. This incident demonstrated the importance of protection against flash loan attacks and price manipulation in DeFi protocols.