{"id":141978,"date":"2020-12-26T17:07:00","date_gmt":"2020-12-26T14:07:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/roundup-of-crypto-hacks-exploits-and-heists-in-2020\/"},"modified":"2020-12-26T17:07:00","modified_gmt":"2020-12-26T14:07:00","slug":"roundup-of-crypto-hacks-exploits-and-heists-in-2020","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/roundup-of-crypto-hacks-exploits-and-heists-in-2020\/","title":{"rendered":"# Roundup of crypto hacks, exploits and heists in 2020"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a297d6d75902\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a297d6d75902\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/roundup-of-crypto-hacks-exploits-and-heists-in-2020\/#Exchange_hacks_in_2020\" >Exchange hacks in 2020<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/roundup-of-crypto-hacks-exploits-and-heists-in-2020\/#DeFis_2020_hacks_and_exploits\" >DeFi\u2019s 2020 hacks and exploits<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/roundup-of-crypto-hacks-exploits-and-heists-in-2020\/#When_the_Sushi_unrolls\" >When the Sushi unrolls<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/roundup-of-crypto-hacks-exploits-and-heists-in-2020\/#Battle_hardening_DeFi\" >Battle hardening DeFi<\/a><\/li><\/ul><\/nav><\/div>\n<p>&#8220;<strong># Roundup of crypto hacks, exploits and heists in 2020 <\/strong>&#8221;<br \/>\n<img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjAtMTIvZTRmZDBhOTUtNTM1Mi00ZDJiLThjYjYtZjFhZGE1YzU4Y2JjLmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-5a136f3a>Unlike in previous years, crypto <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a> in 2020 has not been dominated by major exchange hacks and million dollar Bitcoin thefts. However, there have still been quite a few and most of them have originated from the nascent decentralized finance sector.<\/p>\n<p>DeFi has been one of the main drivers of crypto market momentum in 2020 and it stands to reason that the emerging financial landscape has been a magnet for scammers and hackers. Largely unaudited smart contracts coupled with cloned code have been a recipe for vulnerabilities and exploits, often resulting in millions of dollars in digital assets being pilfered.<\/p>\n<p>A<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/ciphertrace.com\/half-of-2020-crypto-hacks-are-from-defi-protocols-and-exchanges\/\"> <\/a>CipherTrace <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/ciphertrace.com\/half-of-2020-crypto-hacks-are-from-defi-protocols-and-exchanges\/\">report<\/a> from November 2020 stated that during the first half of the year, DeFi took up 45% of all thefts and hacks resulting in over $50 million lost. That figure rose to 50% of all thefts and hacks in the second half, according to the report. Speaking to Cointelegraph, CipherTrace CEO Dave Jevans warned of a potential regulatory crackdown: \u201cDeFi hacks now make up more than half of all cryptocurrency hacks in 2020, a trend that is attracting attention from regulators.\u201d<\/p>\n<p>He added that of greater concern to regulators is the lack of Anti-Money Laundering compliance: \u201cFunds stolen in the largest hack of 2020 &#8211; the $280 million KuCoin hack &#8211; were laundered using DeFi protocols.\u201d Jevans also believes that 2021 is likely to bring clarity from regulators in terms of what actions DeFi protocols are expected to take to avoid the consequences of a failure to comply with AML, Capture the Flag, and possible sanctions.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Exchange_hacks_in_2020\"><\/span>Exchange hacks in 2020<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The KuCoin hack occurred in late September when exchange CEO, Johnny Lyu, confirmed that the incursion affected the firm\u2019s Bitcoin, Ethereum, and ERC-20 hot wallets, after private keys were leaked.<\/p>\n<p>By early October KuCoin said it had identified suspects and had officially involved law enforcement in the investigation. By mid-November the Singapore based exchange declared that it had recovered 84% of the stolen crypto and resumed full services for the majority of its tradable assets.<\/p>\n<p>There were other exchange hacks this year, but KuCoin was the largest. In February Italian exchange Altsbit lost almost all of its funds in a $70,000 hack, and there have been a couple of other minor crypto exchange breaches. In October 2020, as many as 75 centralized crypto exchanges had closed due to various reasons, hacking being onem.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"DeFis_2020_hacks_and_exploits\"><\/span>DeFi\u2019s 2020 hacks and exploits<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>With billions of dollars pouring into DeFi protocols and yield farms, the emerging landscape became a hotbed for hackers. The first major incursion of 2020 h<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ened on DeFi lending platform bZx in February when two flash loan exploits resulted in the loss of nearly $1 million in user funds. A flash loan is when crypto collateral is borrowed and repaid within the same transaction.<\/p>\n<p>bZx froze operations to prevent further loss, but this generated a wave of criticism from industry observers claiming that it was ultimately a centralized platform after all and could be the \u201cdeath of DeFi.\u201d<\/p>\n<p>Markets crashed in March resulting in a lot of collateral liquidations, especially for Maker\u2019s MKR token, but these were not hacks. The next one of those came the following month when a wrapped version of Bitcoin called imBTC was attacked using something called an ERC-777 token standard reentrancy method. The attacker was able to siphon a Uniswap liquidity pool for all of its value, estimated to be $300,000 at the time.<\/p>\n<p>April also saw Chinese lending platform dForce drained of all its liquidity using the same exploit. The hacker repeatedly increased their ability to borrow other assets and made off with around $25 million in funds.<\/p>\n<p>In June, an exploit was discovered in Bancor\u2019s smart contracts that resulted in the<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/Hex_Capital\/status\/1273474205141491713\"> draining <\/a>of as much as $460,000 in tokens. The DeFi automated market maker stated that they had deployed a new version of the smart contract that had fixed the vulnerability.<\/p>\n<p>Balancer was the next DeFi protocol to get exploited to the tune of $500,000 in wrapped Ether pilfered from its liquidity pools using a well-planned arbitrage attack. A <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/watch-movies-tv-seriess\/\" data-internallinksmanager029f6b8e52c=\"8\" title=\"Watch Movies &amp; TV Series\" target=\"_blank\" rel=\"noopener\">series<\/a> of flash loans and arbitraged token swaps were carried out in an attack on a vulnerability that the Balancer team apparently already knew about.<\/p>\n<p>Not so much a hack as another exploit, but bZx was in the news again in July with a dubious token sale that was manipulated by bots placing buy orders in the same block that marked the start of the token generation event. Almost half a million dollars in price pump profits was captured by the attackers.<\/p>\n<p>DeFi options protocol Opyn was the next victim in August when hackers exploited its ETH Put contracts making off with more than $370,000. The exploit allowed attackers to \u201cdouble exercise\u201d Ethereum Put oTokens and steal the collateral. Opyn recovered around 440,000 in USDC from outstanding vaults using a white hat hack, effectively returning them to Put sellers.<\/p>\n<p>Again, not a direct hack but a code flaw in an unaudited Yam Finance smart contract affected the rebasing of the governance token resulting in a price collapse in mid-August. The protocol was forced to appeal to DeFi whales to save it by voting for a restart as version 2.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"When_the_Sushi_unrolls\"><\/span>When the Sushi unrolls<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The SushiSwap saga began at the end of August and the terms \u201cvampire mining\u201d\u2019 and \u201crug pull\u201d were coined. The anonymous protocol cloner and administrator known as \u201cChef Nomi\u201d sold $8 million worth of SUSHI tokens causing the token price to collapse. A few days later, the protocol was rescued by FTX exchange CEO Sam Bankman-Fried, who was handed control by a consortium of DeFi whales through a multi-signature smart contract. Eventually all the funds were returned to the developer fund.<\/p>\n<p>The rug pulls, or \u201cpump and dumps\u201d as they were termed during the previous altcoin boom in 2017, continued with a number of DeFi clones such as Pizza and Hotdog. Token prices for these food farms surged and collapsed within hours and sometimes even minutes.<\/p>\n<p>In mid-October, hordes of \u201cdegenerate farmers,\u201d or degens as they were termed, piled money into an unaudited and unreleased smart contract from DeFi protocol Yearn Finance founder Andre Cronje. The Eminence Finance contract lost $15 million when it was hacked within hours of Cronje posting teasers about the new \u201cgaming multiverse\u201d on <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">twitter<\/a>. The hacker returned around $8 million but kept the rest, which prompted the disgruntled traders to initiate legal action against the Yearn team over lost funds.<\/p>\n<p>In late October, a sophisticated flash loan arbitrage attack on the Harvest Finance protocol resulted in the loss of $24 million in stablecoins in around seven minutes. The attack sparked debate as to whether these exploitations of the design of the system can be considered as hacks.<\/p>\n<p>November was a particularly painful month for Akropolis which had to \u201cpause the protocol\u201d as hackers made off with $2 million in DAI stablecoin. The Value DeFi protocol lost $6 million in an all too common flash loan exploit, yield generating stablecoin project Origin Dollar was exploited for $7 million, and Pickle Finance suffered a $20 million collateral loss in a sophisticated \u201c\u2018evil jar&#8221; exploit.<\/p>\n<p>One that broke the mold of exploiting the system was a personal attack on an individual in mid-December. Nexus Mutual DeFi protocol founder Hugh Karp lost $8 million from his MetaMask wallet when a hacker managed to infiltrate his computer, spoofing a transaction. These types of attacks are <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">general<\/a>ly less common as they involve some degree of social engineering.<\/p>\n<p>The last reported flash loan attack of the year, so far, was an $8 million incursion on Warp Finance on December 18. <\/p>\n<p>Many retail traders and investors have also fallen foul to phishing attempts and Ledger hardware wallet owners have also been targeted in 2020 after the personal information of some 272,000 Ledger buyers was hacked.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Battle_hardening_DeFi\"><\/span>Battle hardening DeFi<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The majority of smart contract and flash loan exploits in 2020 will serve to battle-harden the emerging financial ecosystem as it develops. New and smarter DeFi protocols are likely to emerge next year, but, as always, scammers, hackers and cybercriminals will also up their <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/game\/\" data-internallinksmanager029f6b8e52c=\"7\" title=\"Game\" target=\"_blank\" rel=\"noopener\">game<\/a> in an attempt to stay ahead.<\/p>\n<p>A huge dose of vigilance and attention is needed to delve into the current world of DeFi, but it has come a very long way in such a short period of time, and the decentralized financial landscape of the future is constantly evolving.<\/p>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more News articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/roundup-of-crypto-hacks-exploits-and-heists-in-2020\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# Roundup of crypto hacks, exploits and heists in 2020 &#8221; Unlike in previous years, crypto news in 2020 has not been dominated by major exchange hacks and million dollar Bitcoin thefts. However, there have still been quite a few and most of them have originated from the nascent decentralized finance sector. DeFi has been&#8230;<\/p>\n","protected":false},"author":1,"featured_media":141979,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/s3.cointelegraph.com\/uploads\/2020-12\/e4fd0a95-5352-4d2b-8cb6-f1ada5c58cbc.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74867,74894,74882,71101],"class_list":["post-141978","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-altcoin","tag-blockchain","tag-hacks","tag-scams"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/141978","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=141978"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/141978\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/141979"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=141978"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=141978"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=141978"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}