In 2023, a whopping $1.1 billion was stolen overall from Defi protocols, with 33 hacks in July alone, according to Chainalysis.
In 2022, the year before that, the figure was even crazier, with $3.2 billion stolen overall.
This new year, it appears that something similar is happening again.
We have only just scaled through January, and nearly $40 million has been wiped from the market across five major incidents.
Quantstamp analyzed the hacking landscape across five major thefts for January 2024, and here are all the findings:
The first victim of a flash loan attack in 2023 was the DeFi lender Radiant Capital. By the time the hack was over, Radiant Capital had been hacked for $4.5 million on January 2.
In this hack, the attacker was able to empty the Radiant Capital pool by taking advantage of a "known rounding issue" in the Compound/Aave software.
By so doing, they were able to manipulate the price of USDC on Arbitrumusing flash loans, allowing them to withdraw more USDC than they had deposited.
In the end, Radiant Capital got in touch with PeckShield and was able to assure their customers that their funds were secure.
After resolving the issue and compensating the impacted users, Radiant Capital was able to continue operating.
A flash loan attack hit Gamma Strategies, a DeFi asset management platform, on January 4, less than a few days after the Radiant Capital event.
According to reports, the hacker was able to take advantage of a flaw in Gamma's public-facing vault code by using a flash loan.
In the end, they ran off with $6.18 million worth of Ether (ETH), and several other tokens.
Gamma Strategies informed its customers of the incident and promptly stopped accepting payments and withdrawals.
A third-party auditor was also called in to examine its code and locate the vulnerability. Gamma Strategies compensated the impacted users, rectified the error, and then resumed operation.
On 12 January, less than a few days after the Gamma hack, Wise Lending got hit by a similar Flash Loan attack, that drained 170 ETH (around $460,000 at the time) from its wallets.
In detail, the attacker used a flash loan to manipulate the price oracle that powers Wise Lending, artificially inflating the price of ETH and stealing all of that money.
In the end, Wise Lending had to contact Chainlink to integrate its price feeds, before resuming operations and reimbursing its affected users.
Hackers took another approach to stealing funds for the first time on 16 January, when it came to hacking Socket, a multichain protocol.
The hackers took advantage of a vulnerability in its user verification input.
In detail, the hacker was able to get past the protocol's verification process and somehow gain access to the Socket smart contract.
In the end, they made away with nearly 2,000 ETH, valued at over $4 million.
Socket was quick to identify the source of the problem, notify its users and contact the hacker for negotiations.
The hacker cooperated with Socket, returning 1,032 ETH (approximately $2.3 million) and allowing the protocol to reimburse its affected users.
Finally, we have Goledo Finance, a DeFi lending protocol with another dlash loan attack.
The hack on Goledo saw $1.7 million stolen on 28 January, just last week.
In detail, the hacker used a flash loan attack to get through to a bug in Goledo's vaults. Once they got in, the hacker wiped the vault, stealing ETH and several other cryptocurrencies.
Goledo Finance also promptly announced that it had been hacked, and got through to the hacker for negotiations.
At the time of writing (considering how the attack is still fresh), negotiations are ongoing, and Goledo Finance is making plans on how to recover the funds, reimburse its users and involve law enforcement.
The incidents in January show that the Defi space has a long way to go in terms of security.
Quantstamp warns users to exercise caution when it comes to interacting with DeFi protocols and to only use platforms that have been audited and verified by reputable security firms.
Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.