defi platform - Pwim.Net

Origin DeFi Protocol Loses $7 Million to Hacker in Security Breach

Origin decentralized finance (DeFi) Protocol has announced that its Origin Dollar (OUSD) stablecoin project has been hacked, resulting in a loss of funds worth $7 million in combined Ethereum and DAI stablecoin cryptocurrency, including $1 million deposited by the company employees and founders.

In its official blog, Mathew Lui, the founder of Origin Protocol, confirmed the incident and said that the cause of the attack was a flash-loan transaction. The attacker used a flash loan and exploited vulnerabilities within OUSD contracts to initiate what is called a “reentrancy attack”, which led to the loss of funds.

The blog said:

“The attack was a reentrancy bug in our contract. The attacker exploited a missing validation check in mint multiple to pass in a fake “stablecoin” under their control, allowing the hacker to exploit the contract with a reentrancy attack in the middle of the mint.”

Origin Protocol said that they have traced the funds and know that the hacker used both renBTC and Tornado Cash (mixers) to wash and move the funds.

The company stated that it is taking exhaustive measures to recover the stolen funds before holding a discussion about a compensation plan for the affected customers. The firm has advised people not to buy OUSD on SushiSwap or Uniswap as those prices do not reflect the token’s underlying assets. Furthermore, the company has left a message requesting the hacker to return the funds and promised not to take legal action against the attacker if he or she returns 100% of the funds.

Lastly, the company has expressed sincere gratitude to the crypto community as it has obtained outpouring assistance from its security experts, DeFi engineers, investors, and others in such trying times.

Flash Loan Attacks Adversely Affecting DeFi Sector

In September this year, Origin Protocol launched OUSD stablecoin backed by deposits of DAI, USDC, and USDT and is designed to serve as a saving account. The OUSD stablecoin enables users to passively earn competitive returns while holding funds in their Original Dollar (OUSD) wallets.

Original Protocol is the latest to suffer from flash loan attacks, which have become common in the DeFi sector. Flash loan is a new emerging service within the DeFi landscape that allows users to instantly borrow funds without the need for collaterals to access the loans. However, criminals try to use borrowed funds to manipulate the DeFi market – commonly identified as flash loan attacks.

Typically, flash loan attacks happen when malicious actors loan funds from the decentralized finance platforms (like Origin Protocol), but use exploits vulnerability within the platform code to escape the loan mechanism and get away with the funds. Some of the DeFi platforms that have experienced massive hacks and loss of funds include Harvest Finance DeFi protocol, Value DeFi platform, and others.

PAID Network DeFi Platform Attacked as Hacker Gains $3 Million Of ETH After Minting $166 Million Of Tokens

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

Someone has exploited PAID Network, a decentralized finance DeFi app, via a vulnerability that allowed him to mint about $100 million worth of Paid tokens and sold most of them.

The unknown person exploited the hack through the contract’s token minting feature and created over 59.4 million PAID tokens worth $166 million at the time of the attack. The attacker then moved on to selling the fraudulently created tokens on Uniswap and successfully sold around 2.5 million PAID tokens for about 2000 ETH worth $3 million.

PAID Network is DeFi cryptocurrency project that uses an Ethereum-based token. Network data indicates that more than 2000 ETH was obtained by the hacker after some of the 59.4 million minted PAID tokens were traded on Uniswap decentralized exchange service.

Etherscan data shows that about 2.5 million PAID tokens were sold over the course of 13 transactions.

The culprit dumped the tokens in the Uniswap market, thus causing the price of PAID tokens to drop by 75% instantly. The flood of the tokens into the market instantly crashed the price of the PAID tokens from $2.80 to 0.40. The hacker’s wallet address still contains more than 56 million PAID tokens worth about $24 million.

It is not clear if it was a hacker or a team responsible for the incident. Paid Network has had many successful audits, but it is strange to see a mint hack on the protocol. The attacker could have potentially accessed the private keys of the company’s team.

PAID Network has said that it is pulling liquidity from the vulnerable contract so that to prevent any further damage. The team also plans to create a new contract to restore token balances. Based on its tweet, PAID Network has promised to publish a comprehensive report regarding the hacking incident soon.

DeFi Hacks Raise Eyebrows

DeFi has become of the fastest growing trends in the cryptocurrency industry. Funds locked in decentralized finance have exponentially grown, but companies offering such services have often become the victims of hacks. The boom of the DeFi market has been leveraged by criminal hackers and money launderers. DeFi protocols are permissionless by design, and this means that they often lack clear regulatory compliance and anyone in any nation is able to access them with little or no KYC information collected.

Consumers are advised to keep vigilant to vulnerabilities, fraud, hacks, attacks, and manipulation risks being witnessed in DeFi projects. DEXes have no way of freezing funds like centralized exchanges. This power lies in the individuals DeFi projects themselves. But if companies don’t take proper steps to ensure the security of smart contracts on which their DeFi projects rely, then DeFi would continue to suffer from consequences resulting from inadequate security and AML.

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:8.0pt;
mso-para-margin-left:0in;
line-height:107%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:”Calibri”,sans-serif;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:”Times New Roman”;
mso-bidi-theme-font:minor-bidi;}

What Is Apeswap.Finance? Complete Guide to New Decentralized Exchange

Apeswap.Finance protocol is a decentralised exchange built on Binance Smart Chain, which provides users with access to all sorts of financial markets from payments, lending, derivatives, staking, tokenised assets to alternative savings and many more.

The DeFi protocol has grown in popularity with the masses because of the enormous opportunities to benefit from what was not possible before.

DeFi is currently the hottest trend within the crypto sector. Apeswap platform thrives on decentralising every aspect of the traditional financial industry, making services like insurance, credit, and others available to all. Such services have not been easily accessible to all society members, particularly those at the lower end and in less developed countries.

With more than 1.7 billion adults unbanked worldwide, access to essential financial services that can empower them has not been possible. That is where Apeswap is thriving to decentralise all financial services using blockchain protocols and crypto tokens.

Apeswap is working on solving problems of their centralised counterparts, including the risk of hacking mismanagement and arbitrary fees and replacing centralised intermediaries in financial applications like derivatives, insurance, and loans.

DeFi Lending and Borrowing

Apeswap provides users with various ways to make profits, investments and engage in multiple activities on the DeFi platform. The majority of such activities rely on the native BANANA cryptocurrency, which serves as the utility token across Apeswap and most of such activities focus on rewarding users in BANANA.

Any investor can buy BANANA native token through the Apeswap platform and lend and borrow other cryptocurrencies, including DAI, ETH, USDC, ZRX, USDT, WBTC, BAT, REP, SAI, and others.

Since DeFi lending is one area that has gained users’ attention, Apeswap has come up with products that give loans to any interested individuals or businesses without intermediaries.

The protocol enables every involved person to earn interest for committing cryptocurrency and allows them to lend and borrow crypto assets.

Such services have become highly important as investors don’t have to spend time, effort and incur costs associated with dealing with traditional financial industry intermediaries.

DeFi Rewards and Earning

Providing potential rewards is one of the areas that has significantly improved the livelihoods of many investors. This continues attracting people to the DeFi sector and boosting the adoption of DeFi protocols.

Apeswap protocol offers various ways for investors to earn and get rewarded within the platform, including staking and locking tokens in its liquidity pool. Yield farming is a lucrative activity where investors commit cryptocurrency to the Apeswap liquidity pool for a given period of time to earn rewards.

The desire to simplify such earning processes for all has led to the birth of Apeswap. The platform offers various DeFi products and makes it easy for users to be rewarded using different assets on different protocols like reputable liquidity pools, staking, and airdrops.

By accessing Apeswap’s native token (BANANA), investors can stake any asset they hold to any desired liquidity pool for rewards.

In the past, investors had to take several steps to achieve such a goal, but with Apeswap, now that is a simple activity. All one needs to do is to convert their cryptocurrency to the BANANA token and then proceed to stake wherever they wish, or they can buy BANANA on the project’s official website and continue from there.

The Apeswap platform also does recommend the best investment options available for users, like where to stake for the best returns. Such recommendations are data-driven through the use of sophisticated algorithms, making them quite accurate.

DeFi Insurance

DeFi is a relatively new market, which is yet to mature. People are still trying to figure out different things there.

For now, the ecosystem provides great rewards. For instance, interests earned from staking and yield farming beat anything offered by institutions like banks by miles.

But with great rewards, there is a significant risk. That is why the Apeswap platform helps users hedge against risks that could exist within smart contracts. Apeswap protects investors’ assets from losing value when farming or staking, besides protection against bug exploits and hacks.

Initial Ape Offerings

Lastly, Initial Ape Offerings allows users to ape into new and upcoming projects. Typically, an Initial Ape Offerings (IAO) is a fundraising activity that Apeswap users could engage in launching new tokens and to bring liquidity to such tokens.

To participate in an IAO is quite simple. All that a user needs to do is to go to Apeswap.Finance/IAP and take a look at different IAOs out there.

Final Thought

DeFi has been a blessing to the blockchain industry and the world at large. While Apeswap serves as a decentralised store of value, it offers decentralised financial instruments that ensure easy transactions and maximise investors’ returns.

Apeswap is easy to use and understand, unlike other platforms. The platform makes swapping and staking even more accessible and better with low swapping fees since it runs on Binance Smart Chain (BSC).

In short, Apeswap is pushing boundaries to create new and exciting ways to engage users. The platform is quickly becoming the best place for investors who are looking to optimise their investments.

Image source: Apeswap.Finance

Crypto Hackers Steal Over $130M from Cream Finance DeFi Platform

Cream Finance decentralized lending platform has been hacked, with attackers stealing more than $130 million worth of funds through a large flash loan attack.

PeckShield blockchain data analytic firm first identified the large flash loan transaction that the hackers used to exploit the Cream Finance platform.

The affected funds were mostly Cream liquidity provider tokens (Cream LP tokens) as well as other Ethereum-based tokens (ERC-20 tokens).

According to blockchain records, the hackers moved $92 million worth of funds into one address while $23 million into another address and also transferred other funds into other addresses. It now appears that the attackers have moved the funds to different wallets.

Following the incident, the price of Cream token plunged, from $152 to $111 in minutes, a 27% drop, according to CoinGecko.

According to the exploit transaction, the attacker left some strange message. They wrote, “gÃTµ Baave lucky, iron bank lucky, cream not. ydev : incest bad, don’t do.” This appears to refer to DeFi lending platforms Aave, Iron Bank, and Cream Finance.

This is the third time Cream Finance has faced a severe hack. In February, Cream Finance lost $37.5 million after hackers took advantage of a vulnerability in instant or flash credits technology.

In August, the primary decentralized finance protocol also lost $18.8 million after unknown hackers drained funds through flash loans exploits by introducing a reentrancy bug to the Amp token. After Cream Finance identified the incident during that time, it stated that the protocol stopped the exploit by pausing supply and borrowing contracts on the Amp token.

During that incident, PeckShield stated that the hacker exploited the Amp token by reborrowing assets during its transfer before updating the first to borrow in 17 separate transactions.

Calls for More Investor Protections

Flash loans allow users to borrow funds without collateral because the lender expects the money to be returned within one transaction block, immediately. However, hackers have used this loophole in DeFi to steal millions of dollars.

As reported by Blockchain.News in August, Poly Network DeFi protocol was attacked and hackers stole $600 million worth of funds from the protocol. This is considered the largest hack in DeFi and cryptocurrency history.

Decentralized Finance (DeFi), which is one of the use cases of blockchain technology, has been on the cusp of major growth. Regulators are aware of this growth and, of late, have been moving to act accordingly.

Frequent hacks like the abovementioned incidents have prompted regulators to call for better consumer protection in the DeFi sector.

In August, US SEC chairman Gary Gensler made it clear that regulation of DeFi platforms and stablecoins is on the SEC’s agenda. During that time, Gensler compared the use of DeFi to the Wild West, emphasizing it needs better investor protection.

Mango Markets Hacker Says He 'Did Nothing Wrong'

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

Avraham Eisenberg, the software coder and crypto trader behind Mango Markets’ $100 million exploit, believes that “profitable traders” like himself attract lots of jealousy and hate from other crypto traders.

In an interview on the Unchained Podcast on Friday, Eisenberg argued that the public is naturally inclined to hate and criticize those who execute profitable arbitrages.

During the interview, Eisenberg described profitable traders like him as people who identify exploitable bugs in codes, alerted the crypto platforms in question, and earned billions from their discovery.

“I think that when there’s any profitable trader, it’s gonna attract some jealousy and some hate, and like you look at some of the stuff people say about Sam, and he’s obviously made billions of dollars with various other profitable trades. He gets lots of hate,” he said.

When asked about his opinion on traders like him, who reveal certain cyber risks facing financial services firms, Eisenberg said it “is okay for them to own their identity since the crypto community members already hate them.”

Eisenberg’s claim is true as successful traders always attract a lot of people, some of which may be very jealous people, by nature.

But his actions are strange. Early this month, he revealed himself to be one of the hackers behind the recent $114 million exploit of decentralized cryptocurrency exchange Mango Markets, and returned $67 million as he defended his actions as an innocent, “highly profitable trading strategy.”

On Tuesday, October 11, DeFi trading platform Mango Market lost about $114 million as a result of the attacker buying a large amount of MNGO tokens, Mango Market’s native digital currency, which allowed him to manipulate the token’s price.

The exploiter then cashed out once the currency’s value inflated threefold, draining all liquidity on the exchange and leaving customers unable to reach funds.

The hacker, who identified himself as Avraham Eisenberg, is an unapologetic person and described the robbery as a “highly profitable trading strategy” that was allowed by Mango’s code—as Mango’s developers did not envision such behaviour. It is as if Eisenberg found a new way to drain millions of dollars from online banking services.

Four days later after the attack, Eisenberg publicly acknowledged his role in the exploit via the Twitter platform. He described all of his actions and his team as legal open market actions, using the protocol as designed, even if the developer team did not “fully anticipate all the consequences of setting parameters the way they are”

Although Mango’s token holders were not pleased by Eisenberg’s view of the situation, they voted to allow him to go away with $47 million so that he’d return the rest of $67 million, which appears to have been enough to keep Mango Market from falling into bankruptcy.

Four days later, Eisenberg disclosed that he created and subsequently rug-pulled a “shitcoin,” called Mango Inu, and therefore drained $250,000 from crypto bots in half an hour. He again claimed he “did nothing wrong.”

Just like the Mango Markets exploit, Twitter crypto community users questioned the morality and legality of the entire action, but Eisenberg argued that he hadn’t broken any laws. His general idea was that he wanted to teach the development team operating such bots a lesson not to trust every emerging project.

The crypto trading platform Mango Market and the shitcoin operation became the latest casualty in the string of attacks that have been targeting DeFi protocols recently, which have lost almost $900 million since mid-September, according to blockchain analytics data.