Trusted

Hack Life: Top 4 Biggest Exploits in August and How They Got Access

4 mins
Updated by Geraint Price
Join our Trading Community on Telegram

In Brief

  • Crypto users lost over $263 million worth of cryptocurrency to hacks in August.
  • Contract vulnerabilities became the reason behind many of the hacks.
  • promo

Hack life: Unfortunately, hacks have become such a common occurrence that they are considered a part of everyday life. So much that we now compile monthly overviews of them.

According to one of the most recent reports by a data analysis platform Chainanalysis, vulnerabilities in cross-chain bridge protocols have posed the biggest security threat in the crypto industry; they now represent two-thirds of all hacks.

$263 million and counting

According to a blockchain security firm SlowMist Hacked, users lost around $263 million worth of cryptocurrency to hacks in August.

SlowMist Hacked

SlowMist Hacked stats show that the top 5 ways attacks were executed include contract vulnerabilities, rug pulls, Discord hack, frontend attack, and BGP hijacking.

This August kicked off with one of the most devastating attacks the industry has seen – the Nomad exploit. 

Hack 1: Nomad
Assets stolen: $200 million

The Nomad bridge exploit is a devastating attack that led to $200 million worth of cryptocurrency being stolen from users’ accounts on Aug. 1. What drew even more attention to the hack is the number of attackers involved in the incident – 300 unique addresses. Some of the hackers even tried to impersonate Nomad’s employees to access more funds.

The exploit became possible due to a recent smart contract upgrade. “It turns out that during a routine upgrade, the Nomad team initialized the trusted root to be 0x00. Unfortunately, in this case, it had a tiny side effect of auto-proving every message,” one of the security analysts noted

The platform later established a 10% bounty program, offering the hackers to return 90% of the funds they stole, leaving the 10% to themselves. 

As of now, only $36 million has been returned, while one of the wallets connected to the exploit recently transferred $7.5 million worth of cryptocurrency to an unknown wallet address. 

Hack 2: Acala Network
Assets stolen: $52 million

On Aug. 14, a Twitter user 0xTaysama noticed suspicious activity on a Polkadot (DOT)-based DeFi platform Acala, suggesting that there might be a hack. They also identified a potential reason behind the attack, “a bug in the iBTC/AUSD pool.”

The hacker managed to exploit the bug to mint 1.2 billion aUSD, the native token of the Acala Network. This prompted a 99% fall in the token’s price and consequent depegging, falling to $0.60 and hovering around $0.90.

The platform’s developers said the bug appeared as a result of the misconfiguration of the iBTC/aUSD liquidity pool. The liquidity pool went live earlier on that same day. Acala suspended the protocol shortly after the attack, disabling the transfer of the stolen assets. 

On-chain analysts pointed out that the other users might have used the bug and the attack to steal thousands of dollars in DOT.

Hack 3: Solana
Assets stolen: $5.8 million

Around 8,000 hot mobile wallets fell victim to the attack that drained $5.8 million in SOL, USDC, and others on Aug. 2-3. The wallets connected to the Solana (SOL) ecosystem included TrustWallet, Phantom, and Slope. 

The attackers seemed to have gained access to the users’ signatures, which could indicate some third-party service might have been compromised through a supply chain attack.

Solana developers believe that the hack was initiated in a software popular among network users. 

A vulnerability in a Solana mobile wallet Slope seemed to be the reason behind the hack. According to the official Solana Status Twitter, “this exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure.”

The developers reminded the users about the reliability and security advantages of cold wallets over hot ones to avoid future security vulnerabilities. 

Be[in]crypto reached out to Solana but hasn’t received a response.

Hack 4: ZB.com
Assets stolen: $4.8 million 

Ironically, a crypto exchange that positioned itself as “the world’s most secure digital exchange exchange” and manages over $1 billion in trades on a daily basis was hacked for $4.8 million on Aug. 2.

ZB.Com Latest Victim of a Hot Wallet Hack; Here's What We Know - beincrypto.com

The 20 digital assets, including USDT, MATIC, AAVE, and SHIB, were moved from the exchange and sold shortly after for Ethereum on different decentralized exchanges, PeckShield data shows.

The exchange suspended withdrawals and deposits, first describing it as “temporary maintenance” and then “the sudden failure of some core applications,”  which led many in the community to believe it might be an exit scam. 

Basic Protection

With so many attacks and exploits happening in the industry, it is vital to remember the basic protection steps. These include choosing a cold wallet over a hot one, never revealing a recovery phrase and keeping it in different places in hard copies, using two-factor authentication, being careful and double checking the links and emails before clicking on them.

Got something to say about hacks or anything else? Join the discussion in our Telegram channel. You can also catch us on Tik Tok, Facebook, or Twitter

Top crypto projects in the US | October 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
3Commas 3Commas Explore
Uphold Uphold Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | October 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
3Commas 3Commas Explore
Uphold Uphold Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | October 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

BIC_userpic_Catherine-Ross.jpg
Catherine Ross-Mychka
Before joining be[in]crypto, Catherine worked as a deputy editor in chief at Cointelegraph, editor in chief at Currency.com, and crypto managing editor at Benzinga. She has hosted numerous video shows and international conferences, has moderated over 30 panels and interviewed over 60 crypto entrepreneurs and executives.
READ FULL BIO
Sponsored
Sponsored