7 Decentralized Finance (DeFi) Protocols Lost $21 Million to Hackers in February

Seven different decentralized finance (DeFi) protocols reportedly lost more than $21 million to hackers in the month of February according to March 5 data from DeFi project aggregator DefiLlama. 

According to DefiLlama, price oracle attacks coupled with unimaginable exploits led to the loss across the seven DeFi protocols. The DeFi project that suffered the heaviest attack was Platypus Finance, losing a whooping $8.5 million funds. 

Reviewing DeFi Protocols vis-a-vis Attacks

Each decentralized finance (DeFi) protocol that suffered attack in February will be examined alongside the funds unaccounted for. 

BonqDAO Lost $1.7 Million

On Feb 1, BonqDAO disclosed to its followers that it suffered an oracle attack, which enabled the exploiter to distort the price of the AllianceBlock (ALBT) token. 

The @BonqDAO is exploited and its price oracle is manipulated to increase the #WALBT price. Here is the example hack tx: https://t.co/YPxXMr2nkf pic.twitter.com/XrzExHY6m1

— PeckShield Inc. (@peckshield) February 1, 2023

The attacker, however, increased the ALBT price before minting large amounts of BEUR. The minted tokens were thereafter swapped for other tokens on Uniswap. 

As a result, the price declined to almost zero leading to the outright liquidation of ALBT troves. 

Orion Protocol Lost $3 million

Barely a day after the attack on BonqDAO, Orio also suffered an attack to the tune of approximately $3 million on Feb. 2 via a reentrancy attack. 

1/ Again, a $3M lesson from the reentrancy bug! The @orion_protocol is hacked due to a reentrancy issue in its core contract: ExchangeWithOrionPool. Both eth/bsc deployment are hacked. Here are the two related hack txs: https://t.co/YvRIRq6T57https://t.co/GbexocEZAo https://t.co/lF13kbMkA8

— PeckShield Inc. (@peckshield) February 3, 2023

It was gathered that the exploiters employed the use of a malicious smart contract to drain funds, which was followed by repeated withdrawal orders. 

dForce Network Lost $3.65 million

DeFi protocol dForce network also reported via a blog post on Feb. 10 that it suffered a reentrancy attack, which led to the loss of $3.65 million.

On Feb 10, our wstETH/ETH Curve vaults on Arbitrum & Optimism were exploited and we immediately paused all vaults. The vulnerability is identified, and the exploit was specific to dForce's wstETH/ETH-Curve vault. Users' funds supplied to dForce Lending and other vaults are SAFE.

— dForce (@dForcenet) February 10, 2023

Meanwhile, the protocol later confirmed that stolen funds were partly recovered after a bounty offer was reached with the hacker having conceded to be a whitehat hacker.

Platypus Finance Lost $8.5 million

It is noteworthy that Platypus Finance also suffered a flash loan attack on Feb. 16, resulting in the loss of $8.5 million being drained from the protocol.

Other decentralized finance protocols attacked in February include: Hope finance lost $1.86 million to hackers, multichain exchange aggregator Dexible lost $2 million, LaunchZone lost $700,000 respectively. 

Given the foregoing, there is a compelling need to raise security standards within the crypto space. Exploitation of vulnerabilities are on the increase and should be stemmed without delay.