Halborn Logo

// Blog

Month in Review

Month in Review: Top DeFi Hacks of August 2023


Rob Behnke

September 4th, 2023

Compared to the chaos of July, August 2023 was a relatively quiet month for DeFi hacks and rug pulls. That said, there were several large hacks and thefts that occurred that month.

DeFi Hacks

Several DeFi protocols were exploited due to a range of vulnerabilities in August 2023. Some of the biggest hacks that month included:

  • Steadefi: The Steadefi Protocol was exploited for about $1.1 million. The attacker gained access to the project’s private keys, which granted them access to certain privileged functions and the ability to drain funds from the protocol.

  • Cypher Protocol: An attacker exploited a couple of vulnerabilities in the Cypher Protocol’s smart contracts in August 2023. By exploiting how master and sub-accounts interact, the attacker was able to steal about $1 million from the protocol.

  • Zunami Protocol: The Zunami Protocol’s smart contracts contained a price manipulation vulnerability that was exploited in August 2023. By manipulating the value of the pool and creating slippage, the attacker was able to steal an estimated $2.1 million.

  • Exactly Protocol: The Exactly Protocol was an Optimism-based project that was hacked via a smart contract exploit. Weak validation checks enabled the attacker to drain about $7 million from the protocol.

Rug Pulls

August also had a couple of rug pulls with values over $1 million, including:

  • LayerZero Token: A fake LayerZero token on BSC performed a rug pull. The team stole 4,828 worth about $1 million.

  • Magnate Finance: Magnate Finance was a project hosted on base that was associated with several past rug pulls. The creator extracted an estimated $6.4 million in tokens from the protocol.

Lessons Learned from the Attacks

The August 2023 DeFi hacks were enabled by a wide range of vulnerabilities, including weak validation checks, price manipulation, and business logic errors. These are mostly well-known types of vulnerabilities that could have been found and fixed via a smart contract audit.  In the case of the August rug pulls, several appeared to be obvious scams. 

To learn more about identifying the warning signs of a rug pull, check out our blog on 7 Warning Signs of a Crypto Exit Scam.