A fresh round of attacks targeted the DeFi ecosystem on Aug. 18, with Exactly protocol
exploited for nearly $7.3 million, while Harbor’s team is still estimating the amount stolen.
Decentralized finance (DeFi) protocols Exactly and Harbor were exploited on Aug.
18 in two separate — and apparently unrelated — attacks, according to blockchain security firms DeDotFi and PeckShield.
On-chain data reveals 4,323.6 Ether
worth nearly $7.3 million at the time of writing, had been stolen from Exactly Protocol.
The hackers then bridged 1,490 ETH using the Across Protocol and 2,832.92 ETH to the Ethereum network via Optimism Bridge.
Exactly is one of the crypto lenders on the Optimism network. Initial reports mentioned over 7,160 ETH stolen, worth nearly $12 million, but were later revised to a smaller amount.
The attacker targeted the DebtManager periphery contract, according to Exactly:
“The attacker passed in a malicious market contract address, bypassing the permit check, and executed a malicious deposit function to steal assets deposited by users. Approximately $7.3M were stolen.“
إقرأ أيضا:How to build a crypto portfolio without spending any money or time trading
The protocol filed a police report and is trying to communicate with the attackers to return the stolen assets, its team noted on X (formerly Twitter).
In another security incident, the interchain stablecoin protocol Harbor being the victim of an attack that led to the loss of funds sitting on its stable-mint, as well as stOSMO, LUNA
and WMATIC vaults. At the time of writing, the amount of crypto assets stolen
remains unclear. Harbor is said to be working on tracing funds and estimating the total losses.
إقرأ أيضا:North Korean hackers have stolen $2B of crypto since 2018: ReportThe attacks follow a number of security incidents across the DeFi ecosystem
over the past few weeks. On July 30, a vulnerability in three versions of the Vyper programming language
from stablecoin pools on Curve Finance. Other protocols compromised
in the past days include worth of ETH stolen, in addition toby Zunami Protocol in another exploit.
