According to blockchain security firms DeDotFi and PeckShield, decentralized finance protocols Exactly and Harbor were exploited in separate attacks on August 18th. The attack on Exactly resulted in a theft of 4323 ETH, equivalent to nearly $7.3 million, while the amount stolen from the Harbor protocol has not been disclosed yet. The increasing number of attacks on DeFi protocols in the past month is drawing attention.
Software Vulnerability Comes at a High Cost
On-chain data reveals that approximately 4323.6 Ethereum, valued at around $7.3 million at the time of writing, was stolen from Exactly. The hackers then bridged 1490 ETH through Across Protocol and 2,832.92 ETH through Optimism Bridge onto the Ethereum network.
Exactly is one of the crypto asset borrowing and lending platforms on the Optimism network. Initial reports indicated that approximately 7160 ETH, valued at around $12 million, was stolen. However, the report was later revised to state that a smaller amount was lost. According to Exactly, the attacker targeted the DebtManager contract:
“The attacker bypassed permission controls and passed a malicious market contract address, executing a malicious deposit function to steal the deposited assets. Approximately $7.3 million was stolen in this attack.”
The team stated on their official Twitter account that the protocol has prepared a police report and is attempting to communicate with the attackers to retrieve the stolen assets.
Increasing DeFi Attacks in the Past Month
In another security incident, interchain stablecoin protocol Harbor announced that it fell victim to an attack causing the loss of funds in stable-mint, as well as stOSMO, LUNA, and MATIC vaults. The amount of stolen crypto assets remains unknown at the time of writing. It is said that Harbor is working to trace the funds and estimate the total losses.
These attacks follow a series of security incidents in the DeFi ecosystem in recent weeks. On July 30th, a security vulnerability in three versions of the Vyper programming language led to the theft of over $61 million from the stable pools in Curve Finance. Other protocols that have been compromised in recent days include Earn Finance, where at least $287,000 worth of ETH was stolen, and Zunami Protocol, which suffered a loss of $2.1 million due to another vulnerability.
