The world of crypto is a minefield of hacks, scams, and rug pulls. The maxim “not your keys, not your coins” advises against trusting centralized exchanges but, as today’s news about crypto exchange Deribit and lending protocol Solend shows, neither CeFi nor DeFi is safe from the near-constant efforts of exploiters.
Deribit, an exchange focused on crypto derivatives trading, yesterday lost $28 million in bitcoin, Ethereum, and USDC when its hot wallets were compromised. Assuring that all user losses will be covered, an announcement explained that, “It’s company procedure to keep 99% of our user funds in cold storage to limit the impact of these types of events.”
“Hot” wallets are those which are constantly connected to the internet. In Deribit’s case to facilitate customer withdrawals which have been temporarily suspended following the breach. “Cold” wallets are supposedly much more secure given that, when used correctly, any would-be attackers require physical access to the hardware wallet in order to transfer funds.
The loss to Solana-based “algorithmic, decentralized lending and borrowing protocol” Solend was much smaller, at just over $1 million. The team tweeted that they’d detected an “oracle attack on USDH affecting the Stable, Coin98, and Kamino isolated pools,” resulting in a total of $1.26 million of bad debt.
In a stark similarity to the Mango Markets incident, the prices of collateral assets were manipulated, allowing the attacker to drain Solend’s lending pools against the collateral’s inflated value.
Perhaps this is another “highly profitable trading strategy” from Avraham Eisenberg, the man who admitted to carrying out the last month’s nine-figure heist. A pseudonymous identity has been linked to the hacker’s address, and negotiations are currently ongoing.
“Hacktober” was a record month for crypto thefts
Blockchain security firm Peckshield estimated that October saw $760 million lost to crypto crime. Approximately $100 million has been returned.
Of the dozens of projects exploited, the largest by far was the BNB Bridge incident that saw over half a billion dollars in BNB fraudulently minted. The attacker was only able to move just $127 million to other chains before the BSC network was paused and the assets frozen.