Malicious actors are employing advanced techniques such as smart contract hacks and key compromises to exploit vulnerabilities in DeFi protocols. According to a recent report from Quantstamp, a DeFi security startup, the nascent ecosystem has suffered significant losses, totaling $38.9 million due to security incidents.
These attacks have continued with relentless frequency, targeting various DeFi projects. Radiant Capital, a multi-chain lending protocol, was among the earliest victims, losing 1,900 ETH (approximately $4.5 million) to an attacker who exploited a timing window and a known rounding issue in the Compound / Aave codebase.
Shortly thereafter, Gamma, a liquidity management protocol, fell prey to a devastating attack, resulting in losses of around $6.18 million. Despite having multiple deposit protections, a misconfiguration in the price movement threshold allowed attackers to manipulate prices and mint a significant number of LP tokens.
Wise Lending, another prominent player, suffered a flash loan attack that led to losses of at least $460,000. The onslaught continued with Socket, an interoperability protocol, which was exploited due to a vulnerability in a newly added module, resulting in a theft of approximately $3.3 million from users.
Goledo Finance, a lending protocol in the Conflux ecosystem, also faced exploitation, resulting in a loss of 7.9 million CFX (about $1.7 million). The initial investigation suggested yet another flash loan attack, underscoring the persistent security threats confronting DeFi platforms.