In a recent series of attacks, two prominent DeFi protocols, Exactly and Harbor, have fallen victim to hackers. Exactly protocol was exploited for approximately $7.3 million, while Harbor’s losses are still being estimated. The attacks, which occurred separately and seemingly unrelated, have raised concerns about the security of the DeFi ecosystem. These incidents follow a string of recent security breaches in the DeFi space, highlighting the urgent need for enhanced security measures to protect users’ assets. Despite these challenges, DeFi continues to grow and evolve, attracting attention as a promising avenue for financial innovation.
DeFi protocols targeted in separate attacks
A fresh round of attacks targeted the DeFi ecosystem on August 18, with two protocols, Exactly and Harbor, being exploited in unrelated incidents. These attacks have raised concerns about the security of decentralized finance platforms and highlight the need for robust security measures in the DeFi space.
Fresh attacks on Aug. 18
On August 18, both DeDotFi and PeckShield, blockchain security firms, reported separate attacks on DeFi protocols. Exactly and Harbor were the targets of these attacks, which occurred independently and without any direct connection between them.
Exactly protocol exploited for $7.3 million
Exactly Protocol suffered a significant attack, resulting in the theft of 4,323.6 ETH, equivalent to approximately $7.3 million at the time. The hackers exploited the DebtManager periphery contract, bypassing the permit check and executing a malicious deposit function to steal assets deposited by users.
Initial reports suggested that over 7,160 ETH had been stolen, amounting to nearly $12 million. However, subsequent investigations revised the exact amount to $7.3 million. Exactly Protocol has filed a police report and is actively trying to communicate with the attackers in hopes of retrieving the stolen assets.
To facilitate the theft, the hackers used the Across Protocol to bridge 1,490 ETH and transferred another 2,832.92 ETH to the Ethereum network via the Optimism Bridge. These bridges allowed the hackers to move the stolen ETH to different blockchains or networks, making it challenging to track and recover the funds.
Harbor’s loss of funds
In another attack, the interchain stablecoin protocol Harbor fell victim to an exploit resulting in the loss of funds from various vaults, including stable-mint, stOSMO, LUNA, and WMATIC. At present, the exact amount of stolen crypto assets remains unclear, and Harbor is working diligently to trace the funds and estimate the total losses incurred.
Increasing security incidents in DeFi ecosystem
These recent attacks on Exactly and Harbor are part of a concerning trend of security incidents plaguing the DeFi ecosystem. In the past few weeks alone, several high-profile attacks have taken place, raising questions about the security and resilience of DeFi protocols.
For instance, a vulnerability in the Vyper programming language led to the theft of over $61 million from stablecoin pools on Curve Finance. Similarly, Earn.Finance suffered a compromise that resulted in the theft of approximately $287,000 worth of ETH. Another protocol, Zunami, also experienced a significant loss of $2.1 million in a separate exploit.
These incidents highlight the urgent need for enhanced security measures, audits, and proactive vulnerability management in the DeFi ecosystem. As the popularity and value locked in DeFi protocols continue to grow, malicious actors are increasingly targeting these platforms, making it crucial for developers and users to prioritize security.
DeDotFi and PeckShield report separate attacks on DeFi protocols
The recent attacks on Exactly and Harbor were brought to light by DeDotFi and PeckShield, two well-known blockchain security firms. These firms play a crucial role in detecting and analyzing security vulnerabilities and incidents in the DeFi space.
Their expertise and continuous monitoring of blockchain networks enable them to identify and report potential threats and attacks promptly. By collaborating with DeFi protocols and offering their insights, DeDotFi and PeckShield contribute to the overall security and resilience of the DeFi ecosystem.
Exactly and Harbor targeted in unrelated attacks
Although Exactly and Harbor were both targeted in attacks on August 18, there is no evidence suggesting a direct connection between the two incidents. These attacks occurred independently, underscoring the widespread nature of security threats in the DeFi space.
It is essential to note that DeFi protocols face unique challenges when it comes to security. The decentralized and open nature of these platforms attracts both legitimate users and malicious actors. As a result, protocols must constantly adapt and improve their security measures to mitigate the risks associated with operating in a decentralized environment.
4,323.6 ETH stolen from Exactly Protocol
Exactly Protocol, a prominent crypto lender on the Optimism network, was the victim of a significant theft. The attackers managed to steal 4,323.6 ETH, which, at the time, was worth nearly $7.3 million. The stolen funds were transferred using various methods to different blockchains and networks, making it difficult to trace and recover them.
The initial reports suggested that over 7,160 ETH had been stolen, amounting to almost $12 million. However, after a thorough review, the exact amount was revised to $7.3 million. Exactly Protocol’s team has taken immediate action by filing a police report and attempting to communicate with the attackers in the hope of retrieving the stolen assets.
This attack targeted the DebtManager periphery contract within Exactly Protocol. The attacker exploited a vulnerability to bypass the permit check and execute a malicious deposit function. This allowed them to access and steal assets deposited by users, resulting in the substantial loss suffered by Exactly Protocol.
Hackers bridged 1,490 ETH using Across Protocol
As part of the attack on Exactly Protocol, the hackers utilized the Across Protocol to bridge 1,490 ETH. This bridge enabled them to transfer the stolen funds to another blockchain or network, further complicating the recovery process.
Cross-chain bridges like Across Protocol offer interoperability between different blockchains, allowing for the seamless transfer of assets. While they have legitimate use cases within the DeFi ecosystem, these bridges can also be exploited by malicious actors to obfuscate their tracks and make it challenging to trace stolen funds.
The hackers’ ability to bridge the stolen ETH demonstrates the sophistication and adaptability of cybercriminals operating in the DeFi space. As the DeFi market continues to grow, it is crucial for developers and security experts to stay ahead of these threats and implement proactive security measures.
Zunami Protocol loses $2.1 million in another exploit
The recent wave of attacks on DeFi protocols also affected Zunami Protocol, which suffered a loss of $2.1 million in a separate exploit. This incident underscores the severity and frequency of security incidents in the DeFi ecosystem.
Zunami Protocol, like other DeFi platforms, faces the constant challenge of securing its smart contracts and infrastructure. The decentralized nature of these protocols, while offering numerous benefits, also introduces vulnerabilities that can be exploited by hackers.
These attacks serve as a reminder for DeFi developers and users to prioritize security at every level. Rigorous auditing, code reviews, and vulnerability management should be integral parts of the development process to minimize the risk of successful attacks.
In conclusion, the recent attacks on DeFi protocols Exactly and Harbor highlight the urgent need for enhanced security measures in the ecosystem. Blockchain security firms such as DeDotFi and PeckShield play a vital role in detecting and reporting such incidents. The theft of funds from Exactly Protocol and the exploit targeting Harbor underline the ongoing security challenges faced by DeFi platforms. As the DeFi space continues to grow and attract value, the industry must proactively address vulnerabilities and strengthen its security infrastructure to safeguard user funds.
