The DeFi systems can't seem to catch a break as yet another round of attacks causes a multi-million loss.
Exactly and Harbor, Decentralized finance protocols, were hacked in two seemingly separate attacks.
According to blockchain security companies DeDotFi and PeckShield, the attacks took place on August 18th. Reportedly, hackers stole approximately $7.3m (4323.6 ETH) from Exactly, while there’s still no estimation from Harbor.
Did you know?
Subscribe - We publish new crypto explainer videos every week!
Blockchain Transaction Easily Explained! (Animated)
Additionally, the hackers used Across Protocol and Optimism Bridge to bridge 1490 ETH and 2,832.92 ETH, respectively.
Initial reports predicted that hackers got away with more than $12m (7160 ETH), but the stolen amount was halved by subsequent investigation. Exactly then temporarily paused their protocol but resumed activity on August 19th.
In a tweet, Exactly explained that “the DebtManager periphery contract was manipulated. The attacker passed in a malicious market contract address, bypassing the permit check.”
In a separate message, Exactly reassured its user base that “the hack affected only users who engaged with the peripheral contract (DebtManager).”
The protocol identified attackers’ addresses on the Optimism network and stated they are “trying to communicate with the attackers to return the stolen assets.” The company promised to disclose the details of the attack in a post-mortem report. Currently, the protocol remains functional.
This attack was accompanied by another exploit against a DeFi protocol, Harbor. The company stated the hack resulted in “a drain on a portion of the funds sitting in the stable-mint and stOSMO, LUNA and WMATIC vaults.”
The team was sparse with details but is asking for community support to help track down the funds.
The crypto industry is no stranger to exploits and hacks. Last month, Curve Finance experienced an exploit in its stable pools, losing $47m. And crypto payment provider Alphapo lost close to $60m due to a security breach.