Reports said that decentralized finance (DeFi) platforms lost over $21 million to hackers throughout February, according to data released by DeFi project aggregator DefiLlama.
It has been reported that according to DeFi-centric data analytics platform DefiLlama, one of the largest in the month was the flash loan reentrancy attack on Platypus Finance, which led to $8.5 million of funds lost.
However, DefiLlama highlighted six other noteworthy hacks in the month, the first being the price oracle attack on BonqDAO on Feb 1. BonqDAO revealed to its followers in a Feb. 1 post that its Bonq protocol was exposed to an oracle attack that allowed the exploiter to manipulate the price of the AllianceBlock (ALBT) token.
The report said that the exploiter increased the ALBT price and minted large amounts of BEUR. The BEUR was then swapped for other tokens on UniSwap. Then, the price was decreased to almost zero, which triggered the liquidation of ALBT troves. Blockchain security firm PeckShield estimated the losses to be around $120 million, however, it was later revealed hackers reportedly only cashed out around $1 million due to a lack of liquidity on BonqDAO.
Likewise, just a day later, decentralized exchange Orion Protocol suffered a loss of around $3 million on Feb. 2 through a reentrancy attack, where attackers used a malicious smart contract to drain funds from a target with repeated withdrawal orders. Orion Protocol CEO Alexey Koloskov confirmed the attack at the time, assuring everyone, "All users' funds are safe and secure."
Thus, he said:
"We have reasons to believe that the issue was not a result of any shortcomings in our core protocol code, but rather might have been caused by a vulnerability in mixing third-party libraries in one of the smart contracts used by our experimental and private brokers."
Source: Cointelegraph