Major hacks and scams during August 2021

Scams are in abundance in the cryptocurrency markets, thanks to a lack of regulation, a massive rally in bitcoin, and the anonymity of digital currency, which has created a fertile ground for hackers and scammers.

In the fourth quarter of 2020 and the first quarter of 2021, consumers lost over $82 million to crypto scams, according to the Federal Trade Commission, which is more than ten times the amount lost in the same six-month period the previous year.

Scammers have taken advantage of crypto enthusiasts through hacks, memecoins, ICOs, multi level marketing, and pump and dump schemes, to name a few. This article will look at some of the August 2021 scams and frauds in order to give the reader a thorough view of the cryptocurrency market’s underbelly.

This post is not intended to scare you away from investing in virtual currencies. Its purpose is to ensure that we are aware of the crypto wolves we are dealing with and be extra cautious while entering what we refer to as the “wild, wild west” of finance.

Crypto heists in August 2021

Poly Network Hack

The Poly Network is a cross-chain protocol that allows users to transfer tokens between blockchains such as Ethereum, Bitcoin, and Polygon.

On 10th August 2021, Hackers stole roughly $600 million in Bitcoin from a protocol known as PolyNetwork, which allows users to swap tokens across several blockchains, possibly the most significant theft in the history of decentralized finance. The criminal took advantage of Poly Network’s software flaw to move the monies to their own accounts.

In an unexpected twist, the Poly Network hacker did not flee with the looted funds. Instead, they initiated contact with the targeted group, promising to repay all payments. Except for $33 million in Tether (USDT), which were locked by the issuers, the hacker returned nearly all the money.

It’s one of the strangest cryptocurrency stories we’ve heard in a long time. The heist was believed to be the largest ever crypto theft, surpassing the estimated $450 million worth of Bitcoin stolen from Tokyo-based Mt. Gox in 2014 and the $534.8 million stolen from Japanese digital currency exchange Coincheck in a 2018 hack. However, the magic of private key helped Poly Network reclaim control of the $610 million in assets affected by the hack ( the frozen $33 million USDT were released and returned later).

DeFi fraud has reached new heights as a result of the Poly Network intrusion. This hack shows that, while the wider crypto sector has improved its hacker defenses, the DeFi sector remains particularly vulnerable. The growing number of DeFi hacks raises concerns about security and how to keep crypto-assets safe. People have no one to turn to when their cash is stolen because no institution oversees cryptocurrencies. Therefore, DeFi users need to be protected from losses caused by decentralized exchange failures, smart contract hacks, and other typical forms of victimization.

The Liquid Hack

Exchanges like Liquid are an important element of the burgeoning cryptocurrency industry. Their websites let individuals purchase and sell digital currency such as ETH and BTC.

The security of exchanges, on the other hand, is debatable.

A hack on August 19 2021 resulted in a loss of about $100 million for Liquid (Japanese cryptocurrency exchange). According to Elliptic (a blockchain analytics company), the hackers got their hands on around $97 million in cryptocurrency (assets in the warm wallets) and $45 million in tokens were changed to Ethereum through decentralized exchanges like SushiSwap and Uniswap, which are blockchain-based platforms that do not require intermediaries. It’s the second significant cryptocurrency heist in less than a week after Poly Network’s hack.

The Bilaxy Exchange Hack

On August 28, the Bilaxy cryptocurrency exchange (a Seychelles-based crypto exchange) was hacked, resulting in the loss of 295 ERC-20 tokens (in the hot wallets). Tether (USDT), USD Coin (USDC), Uniswap (UNI), and other tokens were compromised. Despite the fact that the exchange is lesser known, the hack could be one of the largest in the sector. The exchange did not divulge the scope of the breach, but numerous sources estimate that hackers stole roughly $450 million in digital assets. The attacker gained access to roughly 1 billion HOGE tokens in the Bilaxy hack, according to Hoge Financial, an Ethereum-based decentralized finance platform. The single drained HOGE token has a fiat worth of roughly $22 million.

Cybercriminals have traditionally targeted cryptocurrency exchanges and wallet platforms. Since the beginning of Bitcoin, the sector has been under threat; however, there are no serious steps taken to preserve the security of centralized and decentralized platforms.

The xToken hack

On August 29, 2021, hackers uncovered a vulnerability in the smart contracts for xToken’s xSNX product, exposing the decentralized financial project to yet another attack. A few hours later, the project released that the malicious actor used a flash loan from the dYdX decentralized exchange (DEX) to carry out the attack, which cost 25,000 ETH (approximately $81 million).

They then utilized the Ether as collateral to borrow 1.5 million Synthetix governance tokens (SNX) through Aave, a popular decentralized money market protocol, and Bancor, a pooled liquidity token exchange. The attacker possesses roughly 6.5 million sUSD and has artificially reduced the value of SNX on Kyber (by making a considerable deposit).

Security audits were performed on the xToken contracts about a year ago, but the code was just added in the last three months. This emphasizes the significance of conducting a security audit prior to deploying any new code.

The Cream Finance Hack

Cream Finance allows users to loan and speculate on cryptocurrency price fluctuations, has been hacked on 30 August 2021, and more than $29 million in cryptocurrency assets has been stolen.

A flash loan hack hit the decentralized lending system CREAM Finance on August 30, 2021. From the protocol’s vaults, the attackers took 2804.96 ETH and 462,079,976 AMP tokens. The term “flash loan” refers to an Ethereum blockchain contract (script) that allows Cream Finance users to take out short-term loans from the company’s money and then repay them at a later date.

The CREAM attacker used a reentrancy flaw in how CREAM implemented AMP into its protocol. AMP is a crypto asset that is used as payment collateral for stablecoins. The ERC-777 token standard is implemented by the AMP protocol, which allows for reentrancy. Reentrancy attacks occur when a flaw in these contracts allows an attacker to withdraw funds in a loop before the original transaction is accepted or denied, or the funds must be returned. Cream Finance claims that reentrancy on the AMP token contract cost the platform 418,311,571 AMP.

This hack emphasizes the significance of conducting a thorough risk analysis for all code in a DeFi project. This attack was made possible by AMP’s integration with CREAM, and it didn’t happen sooner because there wasn’t enough AMP in the protocol to make it worthwhile. For security reasons, a comprehensive security audit of all proposed contract revisions and integrations is required in the future.

Crypto ecosystem risks: Coverage might be the solution

While DeFi protocols have shown incredible ingenuity and have the potential to permanently change how financial services are offered and obtained such as asset lending and borrowing, it is still a relatively new business, and its smart contract coding and security are far from being perfect.

Safety in an unregulated space

The cryptocurrency ecosystem is highly unregulated, security is almost an afterthought, and many platforms fail to implement their underlying technical base. Moreover, many platforms keep running buggy contracts (scripts) that can be easily abused by anyone with knowledge of programming languages like C and C++, and cryptography explains this trend of hackers targeting DeFi platforms.

To protect the DeFi users from hacks and scams, decentralized coverage (alternative to insurance) exists to safeguard consumers from financial losses if a DeFi protocol’s coding defects allow users’ funds to be lost. The primary goal of DeFi coverage is to return trust to the community from insurers while maintaining contract integrity and removing any kind of risk like technical risk (in the case of Polygon Network). This shift would imply that what a trusted person used to accomplish is now accomplished through equally trustworthy approaches. Above all, with the support of special incentives or cost savings, that autonomous code will operate for the mutual advantage of each participant and community member.

Protect your holdings with Bright Union

Decentralized insurance is also immutable, transparent, and allows for the liquidation of crypto-backed assets. Bright Union emerges as a significant player in the crypto coverage market at this point. The platform will serve as an aggregator and an accelerator for DeFi coverage. For crypto users seeking the best crypto risk coverage products to protect their holdings, the aggregator provides a much-needed layer of transparency and ease. This will be a significant added value in the current fragmented market with substantial variances between platforms and goods. Users may compare and buy crypto coverages as DeFi subscribers. Stablecoins or matured currencies can be staked on the platform to offer coverage.

About Bright Union

Bright Union is building the world’s leading aggregator and accelerator for DeFi crypto risk markets. Our mission is to make the crypto risk markets work, giving investors the ability to seamlessly enjoy coverage on their exposure. On our Decentralized Crypto Coverage Platform, our community can compare and buy coverage, stake and earn by covering the community, and last but not least, join the Bright Union staking pool.

Be Bright — Join the Union

Mainnet is launching soon! Receive announcements by joining the community.

🌍 Check out the website.

🧠 Learn More: Read more in the Litepaper.

🤝 Bright Union Community: Discuss Bright by joining Telegram.

🗞️ Get the latest news: Follow our twitter @BrightUnion.

📸 Follow us on Instagram

💎 Become a Bright Union Ambassador and win 5000 Bright Tokens, worth of $500! Participate in the Bright Union Ambassador Program.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store