Rob Behnke
January 2nd, 2024
After a November full of high-value DeFi hacks, attacks slackened significantly in December 2023. A total of 6 hacks with losses over $1 million were performed this month; that said, many barely cross this threshold, creating much lower total losses than the previous month. However, cybercriminals closed out the year with a bang with an $82 million hack of Orbit bridge.
DeFi projects suffered several hacks in December 2023, including these with values over $1 million:
Levana: Levana, a perpetuals-trading platform hosted on the Osmosis blockchain, suffered over $1.1 million in losses over the course of nearly two weeks in December. The attackers took advantage of network congestion and oracles in the project’s oracle to drain value from the platform.
NFT Trader: NFT Trader experienced an exploit of reentrancy vulnerabilities in the project’s old smart contracts. In total, an estimated $3 million in high-value NFTs were stolen.
Flooring Protocol: In December 2023, the Flooring Protocol suffered an exploit of its peripheral/multi-call contract. The exploit netted the attackers an estimated $1.6 million.
INX: INX Digital Company reported in December 2023 that a third-party provider’s servers were compromised by attackers. As a result, attackers were able to perform unauthorized transactions stealing approximately $1.6 million.
Telcoin: Telcoin suffered losses of approximately $1.2 million in December 2023. This attack exploited vulnerabilities in the wallet’s proxy contracts on the Polygon blockchain to steal from users who had not performed transactions in the past.
Orbit Bridge: In the last hours of 2023, hackers stole an estimated $82 million from the cross-chain Orbit Bridge. The attackers took advantage of unauthorized access to the project’s ecosystem to transfer various tokens to a set of attacker-controlled wallets.
Unlike many months, December 2023 consisted largely of hacks exploiting smart contract vulnerabilities. Reentrancy, insecure oracles, and initialization errors featured among the security weaknesses exploited by cybercriminals this month.
Comprehensive security audits are essential for smart contract security, a fact exemplified by the Telcoin hack, where the vulnerable code was outside the scope of past security audits. In other cases, such as NFT Trader, the attackers took advantage of common vulnerabilities in the project’s old contracts.
Halborn has extensive experience in ensuring that smart contracts not only lack vulnerabilities but also implement the desired business logic. To learn more about performing a smart contract audit with Halborn, get in touch.