Three DeFi protocols were hacked and drained of $115 million yesterday, marking one of the most devastating 24-hour periods in DeFi’s recent history.
Mango Markets, Stax, and Rabby Swap were relieved of $112 million, $2.36 million, and $200,000 respectively. Decentralized exchange aggregator ParaSwap was also reported to have been hit but has since denied the rumors.
Yesterday’s hacks have added to an already bad month for DeFi. Transit swap, a multi-chain decentralized aggregator lost ~$21 million a week ago when a bug was exploited in its smart contract, and on October 7, Binance’s BSC Token Hub was exploited for two million BNB, worth over $580 million.
So, how did the three most recent attacks go down?
The Solana-based platform, which focused on trading perpetual futures and margin, lost $112 million.
On Tuesday, a hacker apparently manipulated Mango Markets’ collateral to take out a loan of $116 million that essentially drained the platform of its liquidity. FTX is investigating the matter after online sleuths noticed the hacker used the exchange. Mango Markets has offered a bug bounty if the funds are returned.
Temple DAO’s Stax
The DeFi protocol, which offers yields on deposits, lost $2.36 million (1,831 ETH) yesterday.
The hacker exploited a flaw in Temple DAO’s Stax contract system which was meant for switching old stakes to newer contracts using the migrate stake function. According to blockchain security firm Paladin, the contract and the vulnerability that allowed the attack were deployed for over 100 days before someone took advantage.
The auditor also described the hack as “one of the most trivial exploits at scale in a while.”
The open-source browser plugin, which allows users to make transfers between different chains was reportedly exploited for $200,000.
The decentralized exchange aggregator, which offers users the option to exchange various crypto tokens, was reportedly exploited and it was claimed that funds were stolen on multiple chains. However, ParaSwap quickly shut down claims of a DeFi hack.