Halborn Logo

// Blog

Month in Review

Month in Review: Top DeFi Hacks of October 2023


Rob Behnke

November 1st, 2023

In October 2023, several DeFi protocols saw multi-million dollar hacks. Additionally, large-scale rug pulls came back into vogue after a few months without one breaking $1 million. These are the major blockchain hacks of October 2023.

The Top DeFi Hacks

In October 2023, four DeFi protocols suffered hacks with values of over $1 million, including:

  • Stars Arena: Stars Arena suffered a classic reentrancy exploit in October 2023. The attackers exploited the vulnerable code to inflate the value of shares and steal about $2.9 million from the protocol.

  • Black Hole (BH) Token: BH Token was the victim of a price manipulation attack in October 2023. The BNB Chain-based token lost an estimated $1.27 million in an exploit that cost the attacker only about $4.16 in fees.

  • Platypus Finance: Like BH Token, Platypus Finance was the victim of a price manipulation attack that allowed the attacker to steal approximately $2.2 million in Staked AVAX and Wrapped AVAX tokens. This attack was the third of its kind against the protocol in a single year, with the latest exploiting code that was not covered by the protocol’s past smart contract audits.

  • Fantom Foundation: Fantom suffered an October 2023 hack in which about $700,000 was stolen from the project itself and another $6.3 million from one of its developers. This incident was unusual in that the developer’s addresses previously belonged to the project — and were labeled as Fantom Foundation addresses in various places — but were “reassigned” to the employee after the organization no longer needed them.

The Top Rug Pulls

After a few months without major rug pulls, several were performed in October 2023. These include:

  • Lucky Star Currency: A Chinese Astrology-themed NFT project, Lucky Star Currency (LSC) suffered a $1.1 million rug pull that the developers claimed was a hack.

  • FSL: The FSL developer performed a rug pull in which they dumped 97 million of their tokens for an estimated $.168 million.

  • Safereum: Safereum’s developers executed a $1.3 million rug pull shortly after completing a presale of the related Safepad token.

Lessons Learned from the Attacks

October’s major hacks exploited a variety of common vulnerabilities. Stars Arena fell victim to reentrancy, and BH Token and Platypus Finance suffered price manipulation exploits. The Fantom Foundation hack, which affected both the company and an address it previously owned, was likely a private key theft.

October also experienced a new resurgence in rug pulls, with several grossing over $1 million for the attacker. For more information about protecting against rug pull attacks, read our blog on the warning signs of exit scams.