Crypto News- Decentralized Finance (DeFi) security startup Quantstamp has recently revealed the most vulnerable smart contract protocols that suffered significant losses due to exploits and cyberattacks in the month of January.
Quantstamp, a leading player in DeFi security, disclosed on a popular social media platform that malicious actors, utilizing various tactics such as smart contract hacks, key compromises, and scams, led to a staggering total loss of $38.9 million in January.
DeFi Security Breach Update: Quantstamp Registers 38.9 Million Dollars in January Losses
One of the victims, Radiant Capital, encountered losses amounting to $4.5 million early in January, falling victim to a flash loan attack. PeckShield, a blockchain security firm, identified a ‘known rounding issue’ in the Compound/Aave codebase as the root cause of the problem. To address this vulnerability, Radiant Capital temporarily halted its USD Coin pool on Arbitrum, assuring users that their funds were secure. Operations resumed after a thorough investigation.
Shortly after the Radiant Capital attack, Gamma Strategies faced a similar fate with a flash loan attack on January 4, resulting in a code bug that allowed attackers to siphon $6.1 million from Gamma’s public-facing vaults. To rectify the situation, Gamma temporarily suspended deposits and patched the vulnerability.
Wise Lending experienced a flash loan attack on January 12, leading to a loss of at least $460,000. The exploit involved manipulating the price oracle used by Wise Lending and marked the second attack on the protocol in six months. The Web3 lending app lost 170 Ether but assured users that steps were taken to address the issue.
On January 16, Socket, a multichain protocol, fell victim to a security breach caused by a vulnerability in user verification input. This allowed hackers to steal nearly 2,000 ETH, valued at over $4 million. Fortunately, Socket managed to recover 1,032 ETH (approximately $2.3 million) and reimbursed all affected users as part of its fund restoration plan.
Goledo Finance faced a security breach reminiscent of Gamma’s exploit, involving a flash loan attack resulting in the theft of $1.7 million. As of January 28, negotiations with the perpetrator are ongoing, and Goledo has offered a reward for the return of the funds. The lending protocol announced that the hacker’s accounts on centralized exchanges were frozen. Goledo is currently assessing the extent of the loss to formulate a recovery strategy, and local law enforcement has been briefed on the situation.