There have been many cryptocurrency attacks so far right from the inception of Bitcoin, Ethereum, litecoin, and many others, but in this article, we’re going to discuss only 10 of the biggest of such attacks in 2021.
The EasyFi attack was held on the 19th of April which is to date the earliest cyber attack on layer 2 protocol where about $59 million was lost to criminals. The attack was adequately planned and sophisticated where malicious hackers gained remote access to mnemonic keys of the founder’s machine and succeeded in draining the protocol pools of user’s deposits in USDC, Matic, ETH, and more.
The hacker was able to disrupt the EASY token contract and other formal contracts as well. Each of these contracts had about $2.98 million stolen from it but couldn’t be sold at any large exchange except some on DEXes.
EasyFi is a cross-chain layer 2 protocol that runs on 3 blockchain networks, pool contracts over the Binance Smart Chain were not influenced by the attack. The cybercriminal employed renBTC and WBTC to transfer the coins through the dark pool and can’t be traced till now.
In the meantime, the EasyFi network has drafted a compensation plan whose information will be shared with the community anytime soon and they are partnering with forensics professionals to see what can be found, colleagues and units to gain in-depth insights on the attack and trace the suspect.
Uranium Finance cryptocurrency attack occurred some days after that on Mela 2 protocol where around $57 million in asset valuation was lost on Uranium’s protocol due to smart bugs in the protocol/smart contract.
BTC and ETH were withdrawn by a hacker from the Binance Smart Chain blockchain on Wednesday morning. The criminal saw leverage in the vulnerability that was generated on Uranium’s contracts after it made an upgrade some days ago.
After transferring the least required tokens into Uranium’s “pair contract” the hacker siphoned the liquidity pools of various crypto pairs. Pools for BNB and BUSD both lost $18 million in coins. DOT, ADA, USDT, and the exchanges’ token was also stolen from other pools.
The attack on Alpha Finance saw a loss of about $37.5 million to hackers on the 4th of March, 2021. This was one of the biggest flash loan scams that have ever occurred on Saturday morning, based on results by Etherscan.
The team stated that their Homora V2 product was what caused it. Alpha Finance is partnering with Andre Cronje (Defi expert) and Cream Finance to get to the root of the fraud and that the vulnerability had been resolved. The company stated that a prime suspect is still in question.
Markeet Finance Attack
The Meerkat Finance Attack was said to have claimed approximately $32 million in cryptocurrency lost to hackers. It happened on Sunday as a result of “a mistaken liquidity share computation” according to security company PeckShield.
Essentially, this particular attack raises the asset summation of the pool before burning that same number of pool tokens to withdraw a very huge amount of underlying crypto.
What was discovered is that hackers used a particular amount of BNB to overwhelm the pools through an unidentified economic exploit route to take out funds from the pools.
The hack happened just some days after Uranium Finance lost over $50 million to hackers on the 28th of April and a Meerkat Finance Developer, Jamboo said that it was experimental testing of user’s avarice and predilection.
Members of Meerkat’s community quickly labeled the attack as a “rug pull”, a term that refers to when an insider of a development unit takes advantage of a contract with the aid of specialized permissions.
Spartan Protocol Attack
The Spartan Protocol attack occurred on the 2nd of May where approximately $30 million was lost to hackers. The team at Spartan Protocol said the brain behind the economic exploit has still been unidentified (so the real cause is unknown).
This hack is claimed to be the 6th biggest crypto exploit in DeFi history after EasyFi, Uranium Finance, and others.
The Paid Network attack was said to have lost around $27 million during an “infinite mint” hack that transferred PAID token prices going up over 85%. One user stated that the hacker’s wallet simply converted a few of their tokens to wrapped ETH, making others become fast-devaluing PAID tokens.
The hack is alike to that which occurred last year on insurance protocol cover where the team took a caption of holders before the attack and released a new token. Paid Network’s team is now making plans for a snapshot and restoration.
Furucom Protocol attack lost about $14 million in stolen funds to hackers whose address currently has several cryptocurrencies worth in it. The evil exploit seems to be bigger as the criminals have been sending ethereum to Tornado Cash and are alike contextually to the $20 million which struck Pickle Finance a year ago.
During these fraudulent attacks, a criminal develops a contract that sways a protocol into thinking it a part of it, providing access to protocol assets. So, with that, rather than stealing funds from the protocol as in previous exploits, the hacker rather benefited from the possibility of sending the asset of every user who has allowed token permissions to the protocol.
Young Finance Attack –
Young Finance Attack was said to have lost $11 million to hackers due to flash loans.
Social Token Rule Attack
This attack was said to have claimed $ 5.7 million in losses on the 14th of March.
On the 9th of March, $2 million was lost of the Dodo protocol asset to hackers upon exploiting its crowd pools (those created by users). The attack targeted only these V2 Crowdpools: WCRES, ETHA, WSZO, and FUSI.
In the meantime, DODO has deactivated the pool development portal to secure newly-built crowd pools and will now cater to tracking user’s assets accompanied by its security partner.
The DODO protocol attack can be viewed by anyone on Etherscan and it happened just 5 days after Meerkat Finance was hacked. Nevertheless, the loss is still considered to be relatively low.
Way forward, out of cryptocurrency attack?
there are varous ways out of cryptocurrency attack. Among which include avoiding phishing links, using a trusted and secure email, acoid greed an secure your private keys. For more details, read about cryptocurrency wallets here.