Decentralized finance (DeFi) protocols Exactly and Harbor were exploited in two separate and apparently unrelated attacks on Aug. 18, according to blockchain security firms DeDotFi and PeckShield.
On-chain data shows that at the time of writing, 4323.6 Ether (ETH) worth nearly $7.3 million has been stolen from Exactly Protocol. The hacker then bridged 1,490 ETH to the Ethereum network using the Across protocol, and bridged 2,832.92 ETH to the Ethereum network through the Optimism Bridge.
UPDATE: After a thorough review of Exactly Protocol Hack, we have concluded that the total amount stolen to date is approximately $7.2 million (4323.6 $ETH)
Eventually, they bridged ~1490 $ETHusing a cross-protocol, and 2,832.92 $ETH To Ethereum via the Optimistic Bridge:… https://t.co/s61ai1OEMd
— De.Fi️ Web3 Antivirus (@DeDotFiSecurity) August 18, 2023
Exacts is one of the cryptocurrency lenders on the Optimism network. The original report mentioned that more than 7,160 ETH was stolen, worth nearly $12 million, but it was later revised to reflect the smaller amount lost. According to Exactly, the attackers targeted the DebtManager peripheral contract:
“The attacker passed in the address of the malicious market contract, bypassed the license check, performed the malicious recharge function, and stole the user’s recharge assets. About 7.3 million U.S. dollars were stolen.”
The protocol team noted on X (formerly Twitter) that the protocol has filed a report with the police and is attempting to communicate with the attackers to return the stolen assets.
In another security incident, cross-chain stablecoin protocol Harbor disclosed fell victim to an attack that resulted in the loss of funds in its stable mint and stOSMO, LUNA, and WMATIC vaults. As of this writing, the number of stolen crypto assets is still unclear. Harbor is said to be tracking the funds and estimating total losses.
These attacks follow multiple security incidents in the DeFi ecosystem over the past few weeks. On July 30, vulnerabilities in three versions of the Vyper programming language resulted in the theft of more than $61 million from Curve Finance’s stable pool. Other protocols compromised in the past few days include Earn.Finance, which saw at least $287,000 worth of ETH stolen, and the Zunami protocol, which suffered $2.1 million in losses from another breach.
Magazine: Father of DeFi, Hall of Flame: Ethereum is “seriously undervalued”, but it is getting stronger and stronger
Svlook