News

DeFi Bloodbath: January Saw $38.9 Million Lost to Hacks, Scams and Flash Loan Attacks, According To Quantstamp

$38.9 million was stolen across five major DeFi hacks, scams, and flash loan attacks in January 2024.

Jim Haastrup

Key Insights

  • $38.9 million was stolen across five major DeFi hacks, scams, and flash loan attacks in January 2024.
  • Four out of five incidents involved attackers manipulating prices or exploiting vulnerabilities with flash loans.
  • Radiant Capital, Gamma Strategies, Wise Lending, Socket, and Goledo Finance all suffered losses.
  • Exploited vulnerabilities included rounding issues, public-facing vault code flaws, price oracle manipulation, and user verification input weaknesses.
  • These issues highlight the ongoing security challenges in DeFi and the need for greater protective measures

In 2023, a whopping $1.1 billion was stolen overall from Defi protocols, with 33 hacks in July alone, according to Chainalysis.

In 2022, the year before that, the figure was even crazier, with $3.2 billion stolen overall.

This new year, it appears that something similar is happening again.

We have only just scaled through January, and nearly $40 million has been wiped from the market across five major incidents.

Nearly $40 million wiped

Quantstamp analyzed the hacking landscape across five major thefts for January 2024, and here are all the findings:

Radiant Capital: A Flash Loan Attack

The first victim of a flash loan attack in 2023 was the DeFi lender Radiant Capital. By the time the hack was over, Radiant Capital had been hacked for $4.5 million on January 2.

Radiant Capital hacked for $4.5 million

In this hack, the attacker was able to empty the Radiant Capital pool by taking advantage of a "known rounding issue" in the Compound/Aave software.

By so doing, they were able to manipulate the price of USDC on Arbitrumusing flash loans, allowing them to withdraw more USDC than they had deposited.

In the end, Radiant Capital got in touch with PeckShield and was able to assure their customers that their funds were secure.

After resolving the issue and compensating the impacted users, Radiant Capital was able to continue operating.

Gamma Strategies: A Flash Loan Attack

A flash loan attack hit Gamma Strategies, a DeFi asset management platform, on January 4, less than a few days after the Radiant Capital event.

According to reports, the hacker was able to take advantage of a flaw in Gamma's public-facing vault code by using a flash loan.

In the end, they ran off with $6.18 million worth of Ether (ETH), and several other tokens.

Gamma strategies' hack

Gamma Strategies informed its customers of the incident and promptly stopped accepting payments and withdrawals.

A third-party auditor was also called in to examine its code and locate the vulnerability. Gamma Strategies compensated the impacted users, rectified the error, and then resumed operation.

Wise Lending: A Flash Loan Attack (Exploiting a Price Oracle)

On 12 January, less than a few days after the Gamma hack, Wise Lending got hit by a similar Flash Loan attack, that drained 170 ETH (around $460,000 at the time) from its wallets.

The attack on Wise Lending

In detail, the attacker used a flash loan to manipulate the price oracle that powers Wise Lending, artificially inflating the price of ETH and stealing all of that money.

In the end, Wise Lending had to contact Chainlink to integrate its price feeds, before resuming operations and reimbursing its affected users.

Socket: A User Verification Input Hack

Hackers took another approach to stealing funds for the first time on 16 January, when it came to hacking Socket, a multichain protocol.

The hackers took advantage of a vulnerability in its user verification input.

The Socket hack

In detail, the hacker was able to get past the protocol's verification process and somehow gain access to the Socket smart contract.

In the end, they made away with nearly 2,000 ETH, valued at over $4 million.

Socket was quick to identify the source of the problem, notify its users and contact the hacker for negotiations.

The hacker cooperated with Socket, returning 1,032 ETH (approximately $2.3 million) and allowing the protocol to reimburse its affected users.

Goledo Finance: A Flash Loan Attack

Finally, we have Goledo Finance, a DeFi lending protocol with another dlash loan attack.

The hack on Goledo saw $1.7 million stolen on 28 January, just last week.

The hack on Goledo finance

In detail, the hacker used a flash loan attack to get through to a bug in Goledo's vaults. Once they got in, the hacker wiped the vault, stealing ETH and several other cryptocurrencies.

Goledo Finance also promptly announced that it had been hacked, and got through to the hacker for negotiations.

At the time of writing (considering how the attack is still fresh), negotiations are ongoing, and Goledo Finance is making plans on how to recover the funds, reimburse its users and involve law enforcement.

Overall in DeFi Security

The incidents in January show that the Defi space has a long way to go in terms of security.

Quantstamp warns users to exercise caution when it comes to interacting with DeFi protocols and to only use platforms that have been audited and verified by reputable security firms.

Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.