Crypto exploiters are turning cuter

Experiences on Streets of DeFi are changing for better

There has been a notable shift in the ways DeFi exploiters have been behaving the recent past. Since the early days of DeFi exploits, exploiters have been able to hack the protocols and run away without a trace of the funds stolen. In the case of some of the biggest hacks like Ronin, Wormhole Finance, Beanstalk and Cream Finance. The community still hasn’t been able to pin point the identity or whereabouts of the attackers. But something is changing.

On 21 Oct, a malicious entity funnelled 30k $OHM from OlympusDAO, a famous bond style rebase project. The attacker did so by exploiting ‘BondFixedExpiryTeller’ parameter in the Olympus DAO smart contract, Pecksheild told. The value of the funds siphon off were valued at $300k. What later came out to be true was that the contract exploited wasn’t even written by OlympusDAO, it was instead written by Bond Protocol and was used for pilot launch of OHM bonds. But what followed after was something that we have been noticing quite regularly in the very recent past. Just hours later, OlympusDAO updated the community, that they were able to reach a common ground in the negotiation with the exploiter and all of the tokens had been returned by the attacker after attacker settled for a bug bounty reward.

What happened with OlympusDAO wasn’t a one off for this week. In fact, something similar happened with Moola Markets Exploit. Moola Markets, a Celo-based lending and borrowing platform was exploited in a similar way like that of Mango markets exploit which was covered last week. The attackers were able to take custody of $8.4M by taking loan of $MOO token on the platform and manipulating price of the token to borrow all other tokens available on the lending platform. Later, Moola Markets communicated about the attack through their official twitter handle and mentioned that they had reached out to Law Enforcement and taken steps to make it difficult to liquidate the funds. Moreover, they mentioned that they were willing to negotiate. What followed was similar to OlympusDAO’s case, attacker returned 93.1% of the stolen assets and donated a portion of the remaining funds to ImpactMarket, a Moola Market depositor that provides financial assistance to under-banked communities globally. While accepting a bug bounty reward.

Recent cases like Mango Markets, OlympusDAO & Moola markets exhibit exploiters newfound inclination to return user funds and accept bug bounty rewards to compensate for their time to discover the bug. Now what is making them inclined to return funds still remains to be unknown, theories range from reasons like: Regulatory bodies watching DeFi in wake of early massive exploits, lack of easy access to crypto mixers like tornado cash, exploiters already sitting on tons of cash etc

But one thing is for sure, all this definitely turns DeFi protocols stronger for the future to come.

Loading...
highlight
Collect this post to permanently own it.
Nmn on Rebuilding Web3 logo
Subscribe to Nmn on Rebuilding Web3 and never miss a post.
#opinion