3 Most Infamous Hacks in DeFi History

3 Most Infamous Hacks in DeFi History

3 Most Infamous Hacks in DeFi History

3 Most Infamous Hacks in DeFi History

3 Most Infamous Hacks in DeFi History

Read Time: 4 minutes

DeFi has been a dynamic component of the cryptocurrency industry with approx $80 billion in assets locked into protocols in March 2021. As the saying goes, however, problems accumulate where the money is.

Projects in DeFi have been forgery and scams, and the loose bolt in such activities have been badly constructed smart contracts. This becomes evident if you look into the scams in the recent months.

Poly Network attack

Developed to address the interoperability of blockchains, Poly Network grew rapidly and locked up around one billion US dollars worth of crypto assets. However, stakeholders were left in shock when more than $600 million USD of cryptocurrency was stolen in a single attack. This left the protocol’s assets under management (AUM) more than cut in half.

For the success of the hack, the perpetrators owned thanks to a vulnerability in the smart contract used in the protocol for cross-chain asset transfers. The hackers substituted their own wallet address for the address normally used by the smart contract. The modus operandi was replicated across Polygon, Ethereum and BSC blockchains to get hold of cryptocurrencies, leaving tens of thousands of protocol users out in the cold.

Security team at Poly Network was able to dig down to email, IP, and other details of the hackers. Under pressure, they returned a large chunk of the stolen stuff! But all protocols aren’t that lucky.

PancakeBunny attack

In May 2021, the PancakeBunny protocol faced an attack when hackers made a booty of crypto assets worth $45 million. They used a flash loan exploit for the purpose. Worse, hackers exchanged BUNNY tokens for Binance coins, making the price of BUNNY tokens sink to $6 from $146.

Worse, another attack followed in quick succession. Despite the attack, the developers at Bunny Finance failed to prevent the attack on PolyBunny, the company’s Polygon blockchain fork. The attackers minted $2.1 million worth of POLYBUNNY. Price of POLYBUNNY tokens sank to $2 from $10.

The flash loan involves a smart contract that allows anyone to borrow and repay in a single transaction. They manipulated the price of BNB using a vulnerability in BNB-USDT liquidity pool of PancakeBunny, successfully minting almost seven million BUNNY in a six-stage process.

BurgerSwap attack

On 28 May 2021, BurgerSwap on the BSC blockchain suffered a flash loan attack. Hackers stole $7.2M in 14 transactions. Again, the culprit was a flash loan exploit.

What attackers did was to create their own fake coin (non-standard BEP-20 tokens) and created a new trading pair with $BURGER. Using $WBNB routing, hackers re-entered BurgerSwap through fake coins and manipulated reserves in the pair’s contract, triggering the price to change and making their money.

The role of contract

DeFi projects are self-governed by smart contracts, so any failure becomes a major concern for stakeholders. A smart contract involves an array of software codes designed to automate execution and settlement. It is this layer which makes automation in blockchain protocols a reality. Smart contracts have a defined start and end events, based on an event that is happening externally.

Most Read – What not to Forget when Auditing smart contracts in DeFi

Multiparty signature controls access to the contract. Access to external and internal data sources triggers the execution of terms. Smart contracts can access the distributed databases where the assets are stored. They also contain embedded information on ownership of assets and parties involved.

Why making smart contracts really smart is so important

Smart contracts are the mind and soul of DeFi protocols. Protocols behave exactly the way the smart contracts powering them are programmed. A bug could result in huge losses to the protocol. Worse, it might lead to an irreversible shutdown.

The onus of making flawless smart contracts is on the developers. Contract design flaws lead to bugs which might be severe, medium, or moderate. Developers should be able to create contracts that are secure and function as expected. There should be no backdoors that the hackers can take advantage of. Once the contract is full of cryptocurrency, unscrupulous elements might try to drain the contract.

The role of audits

Smart contract audits are imperative to discover errors, loopholes and security vulnerabilities in the code and suggest improvements. While blockchains are practically a secure ecosystem, a poorly written smart contract creates a vulnerability. Developers cannot be trusted fully for creating flawless contracts for two reasons.

First, it is not humanly possible for a single developer or a team of them to ensure all parameters regarding vulnerabilities are met. Secondly, developers may deliberately leave a backdoor to drain the contract at the time of their choice. To negate both these hindrances, a thorough audit is required.

Security auditing of smart contracts involves a thorough analysis of the code running the application with the objective of correcting design issues, errors in the code, or security vulnerabilities. You need to zero in on a security audit firm that you can trust with the audit. The process typically involves the steps like Agreeing on a set of specifications, Executing tests, Running automated execution tools, Manual analysis of the code, and Report creation.

Wrapping up

Hacks such as Poly Network, PancakeBunny, and BurgerSwap underline how critical smart contract auditing is for the success of a blockchain project. Audits help discover errors, issues, and security vulnerabilities, helping to plug the loopholes before any damage is done.


Blockchain for dog nose wrinkles' Ponzi makes off ~$127M🐶

Project promised up to 150% returns on investment in 100 days, raising about 166.4 billion South Korean won — or about $127 million — from 22,000 people.

Latest blogs for this week

Transforming Assets: Unlocking Real-World Asset Tokenization

Read Time: 7 minutes In the blockchain, real-world assets (RWAs) are digital tokens that stand for tangible and conventional financial assets, including money, raw materials, stocks, and bonds. As
Read More

Blockchain’s Privacy Frontier: zk-STARKs vs zk-SNARKs Explained

Read Time: 7 minutes Introduction  In 2022, Epic Games CEO Tim Sweeney expressed that zero-knowledge proofs (ZKPs) would be a crucial aspect of blockchain technology in the future. ZKPs
Read More

Web3 Security Essentials: Understanding and Protecting Unique Identifiers

Read Time: 9 minutes Web3 has transformed our identities into vital components of online interactions, transactions, and connections. Unique Identifiers (UIDs) address privacy, security, and data control challenges, securing
Read More

Navigating Smart Contract Risks and Best Practices

Read Time: 9 minutes The concept of decentralization in DeFi may mask the real risks that both experienced and new investors might encounter. Smart contracts, critical to DeFi platforms,
Read More

What Is Nakamoto Consensus? The Mechanism That Powers Bitcoin  

Read Time: 7 minutes Introduction Imagine a lively market where diverse people trade things and services, relying on trust and openness. The key challenge is to secure the integrity
Read More

NFT Security 101: Common Vulnerabilities and Major NFT Hacks

Read Time: 6 minutes According to statista.com projections, the non-fungible token (NFT) market is expected to experience significant growth in terms of both revenue and user engagement. The NFT
Read More

Radiant Capital Hack Analysis

Read Time: 7 minutes Decoding the Radiant Capital Heist: A Comprehensive Analysis of the $4.5 Million Cyberattack Summary On January 3, 2024, Radiant Capital, a cross-chain lending protocol on
Read More

Demystifying Shared Sequencing

Read Time: 7 minutes Introduction  In the rapidly evolving sphere of blockchain technology, a significant spotlight has been cast on Layer 2 scaling solutions, particularly as a response to
Read More
Scroll to Top

Become a Quiffiliate!
Join our mission to safeguard web3

Sounds Interesting, Right? All you have to do is:


Refer QuillAudits to Web3 projects for audits.


Earn rewards as we conclude the audits.


Thereby help us Secure web3 ecosystem.

Total Rewards Shared Out: $200K+