Month in Review: Top DeFi Hacks of August 2023

Several DeFi protocols were exploited due to a range of vulnerabilities in August 2023. Some of the biggest hacks that month included:

• Steadefi: The Steadefi Protocol was exploited for about $1.1 million. The attacker gained access to the project’s private keys, which granted them access to certain privileged functions and the ability to drain funds from the protocol.

• Cypher Protocol: An attacker exploited a couple of vulnerabilities in the Cypher Protocol’s smart contracts in August 2023. By exploiting how master and sub-accounts interact, the attacker was able to steal about $1 million from the protocol.

• Zunami Protocol: The Zunami Protocol’s smart contracts contained a price manipulation vulnerability that was exploited in August 2023. By manipulating the value of the pool and creating slippage, the attacker was able to steal an estimated $2.1 million.

• Exactly Protocol: The Exactly Protocol was an Optimism-based project that was hacked via a smart contract exploit. Weak validation checks enabled the attacker to drain about $7 million from the protocol.

August also had a couple of rug pulls with values over $1 million, including:

• LayerZero Token: A fake LayerZero token on BSC performed a rug pull. The team stole 4,828 worth about $1 million.

• Magnate Finance: Magnate Finance was a project hosted on base that was associated with several past rug pulls. The creator extracted an estimated $6.4 million in tokens from the protocol.

The August 2023 DeFi hacks were enabled by a wide range of vulnerabilities, including weak validation checks, price manipulation, and business logic errors. These are mostly well-known types of vulnerabilities that could have been found and fixed via a smart contract audit.  In the case of the August rug pulls, several appeared to be obvious scams. 

To learn more about identifying the warning signs of a rug pull, check out our blog on 7 Warning Signs of a Crypto Exit Scam.