Quantstamp reports $38.9M lost in DeFi attacks in January


Decentralized finance (DeFi) security startup Quantstamp has identified the top five smart contract protocols that suffered the most losses from exploits and hackers in January.

In a post on social media platform X, Quantstamp highlighted that the actions of bad actors using various attack methods like smart contract hacks, key compromises and scams resulted in total losses of $38.9 million in January.

Radiant Capital faced $4.5 million in losses in early January in a flash loan attack. Blockchain security firm PeckShield identified the issue as caused by a “known rounding issue” in the current Compound/Aave codebase.

The DeFi lender halted its USD Coin (USDC) pool on Arbitrum to fix the problem. Radiant clarified that user funds were secure, and operations resumed after an investigation.

Gamma Strategies also faced a flash loan attack on Jan. 4, hours after the Radiant attack, resulting in a code bug that enabled attackers to siphon $6.1 million from Gamma’s public-facing vaults. To address the issue, Gamma temporarily halted deposits, fixing the vulnerability.

Wise Lending suffered a loss of at least $460,000 in a flash loan attack on Jan. 12. The exploit involved manipulating the price oracle used by Wise Lending and marked the second attack on the protocol in six months. The Web3 lending app was drained of 170 Ether (ETH).

Related: Unwanted emails from Patreon? Crypto users say it might be a phishing scam

On Jan. 16, Socket, a multichain protocol, experienced a security breach due to a vulnerability in user verification input. This allowed hackers to steal nearly 2,000 ETH, valued at over $4 million. However, Socket recovered 1,032 ETH (approximately $2.3 million) and reimbursed all affected users as part of its plan to restore user funds.

Goledo Finance experienced a security breach similar to Gamma’s exploit, involving a flash loan attack resulting in the theft of $1.7 million.On Jan. 28, Negotiations with the perpetrator are still ongoing, and Goledo has announced a reward for the return of the funds.

The lending protocol announced that the hacker’s accounts on centralized exchanges were frozen. Goledo is evaluating the extent of the loss to formalize a recovery strategy, and local law enforcement has been briefed on the situation.

The Goledo team has set out its compensation process for user asset recovery. The team provided a Google form for users to submit their claims.

Magazine: DeFi’s billion-dollar secret: The insiders responsible for hacks