$39 Million Drained in DeFi by Malicious Actors in January 2024: Quantstamp

According to a recent report by Quantstamp, a DeFi security startup, a staggering $38.9 million has been lost to security incidents in the nascent ecosystem.

Malicious actors continued to launch a barrage of attacks utilizing sophisticated methods such as smart contract hacks, key compromises, and scams.

• Quantstamp highlighted that one of the earliest blows came with the attack on Radiant Capital, a multi-chain lending protocol, which saw a loss of 1,900 ETH, translating to around $4.5 million.
• Exploiting a timing window and a known rounding issue in the Compound / Aave codebase, the hacker made off with a substantial sum, leaving the platform and its users reeling, as reported earlier.

🚨$38.9M has been lost to web3 security incidents so far in January 2024 🚨

Let’s take a look at 5 of the largest smart contract hacks so far ⬇️

— Quantstamp (@Quantstamp) January 30, 2024

• Not long after, the liquidity management protocol Gamma fell victim to a devastating attack, resulting in a loss of approximately $6.18 million.
• Despite having multiple deposit protections, a misconfiguration in the price movement threshold opened the door for attackers to manipulate prices and mint a significant number of LP tokens.
• Wise Lending, another prominent player, was targeted in a flash loan attack, leading to a loss of at least $460,000.
• The onslaught continued with Socket, an interoperability protocol, which succumbed to exploitation of a vulnerability in a newly added module, allowing attackers to pilfer approximately $3.3 million from users.
• Next up was Goledo Finance, a lending protocol within the Conflux ecosystem, which was exploited, resulting in a loss of 7.9 million CFX, equivalent to roughly $1.7 million.
• The preliminary investigation pointed to yet another flash loan attack, highlighting the persistent threat faced by DeFi platforms.