3 Most Infamous Hacks in DeFi History

3 Most Infamous Hacks in DeFi History

3 Most Infamous Hacks in DeFi History

3 Most Infamous Hacks in DeFi History

3 Most Infamous Hacks in DeFi History

Read Time: 4 minutes

DeFi has been a dynamic component of the cryptocurrency industry with approx $80 billion in assets locked into protocols in March 2021. As the saying goes, however, problems accumulate where the money is.

Projects in DeFi have been forgery and scams, and the loose bolt in such activities have been badly constructed smart contracts. This becomes evident if you look into the scams in the recent months.

Poly Network attack

Developed to address the interoperability of blockchains, Poly Network grew rapidly and locked up around one billion US dollars worth of crypto assets. However, stakeholders were left in shock when more than $600 million USD of cryptocurrency was stolen in a single attack. This left the protocol’s assets under management (AUM) more than cut in half.

For the success of the hack, the perpetrators owned thanks to a vulnerability in the smart contract used in the protocol for cross-chain asset transfers. The hackers substituted their own wallet address for the address normally used by the smart contract. The modus operandi was replicated across Polygon, Ethereum and BSC blockchains to get hold of cryptocurrencies, leaving tens of thousands of protocol users out in the cold.

Security team at Poly Network was able to dig down to email, IP, and other details of the hackers. Under pressure, they returned a large chunk of the stolen stuff! But all protocols aren’t that lucky.

PancakeBunny attack

In May 2021, the PancakeBunny protocol faced an attack when hackers made a booty of crypto assets worth $45 million. They used a flash loan exploit for the purpose. Worse, hackers exchanged BUNNY tokens for Binance coins, making the price of BUNNY tokens sink to $6 from $146.

Worse, another attack followed in quick succession. Despite the attack, the developers at Bunny Finance failed to prevent the attack on PolyBunny, the company’s Polygon blockchain fork. The attackers minted $2.1 million worth of POLYBUNNY. Price of POLYBUNNY tokens sank to $2 from $10.

The flash loan involves a smart contract that allows anyone to borrow and repay in a single transaction. They manipulated the price of BNB using a vulnerability in BNB-USDT liquidity pool of PancakeBunny, successfully minting almost seven million BUNNY in a six-stage process.

BurgerSwap attack

On 28 May 2021, BurgerSwap on the BSC blockchain suffered a flash loan attack. Hackers stole $7.2M in 14 transactions. Again, the culprit was a flash loan exploit.

What attackers did was to create their own fake coin (non-standard BEP-20 tokens) and created a new trading pair with $BURGER. Using $WBNB routing, hackers re-entered BurgerSwap through fake coins and manipulated reserves in the pair’s contract, triggering the price to change and making their money.

The role of contract

DeFi projects are self-governed by smart contracts, so any failure becomes a major concern for stakeholders. A smart contract involves an array of software codes designed to automate execution and settlement. It is this layer which makes automation in blockchain protocols a reality. Smart contracts have a defined start and end events, based on an event that is happening externally.

Most Read – What not to Forget when Auditing smart contracts in DeFi

Multiparty signature controls access to the contract. Access to external and internal data sources triggers the execution of terms. Smart contracts can access the distributed databases where the assets are stored. They also contain embedded information on ownership of assets and parties involved.

Why making smart contracts really smart is so important

Smart contracts are the mind and soul of DeFi protocols. Protocols behave exactly the way the smart contracts powering them are programmed. A bug could result in huge losses to the protocol. Worse, it might lead to an irreversible shutdown.

The onus of making flawless smart contracts is on the developers. Contract design flaws lead to bugs which might be severe, medium, or moderate. Developers should be able to create contracts that are secure and function as expected. There should be no backdoors that the hackers can take advantage of. Once the contract is full of cryptocurrency, unscrupulous elements might try to drain the contract.

The role of audits

Smart contract audits are imperative to discover errors, loopholes and security vulnerabilities in the code and suggest improvements. While blockchains are practically a secure ecosystem, a poorly written smart contract creates a vulnerability. Developers cannot be trusted fully for creating flawless contracts for two reasons.

First, it is not humanly possible for a single developer or a team of them to ensure all parameters regarding vulnerabilities are met. Secondly, developers may deliberately leave a backdoor to drain the contract at the time of their choice. To negate both these hindrances, a thorough audit is required.

Security auditing of smart contracts involves a thorough analysis of the code running the application with the objective of correcting design issues, errors in the code, or security vulnerabilities. You need to zero in on a security audit firm that you can trust with the audit. The process typically involves the steps like Agreeing on a set of specifications, Executing tests, Running automated execution tools, Manual analysis of the code, and Report creation.

Wrapping up

Hacks such as Poly Network, PancakeBunny, and BurgerSwap underline how critical smart contract auditing is for the success of a blockchain project. Audits help discover errors, issues, and security vulnerabilities, helping to plug the loopholes before any damage is done.


Blockchain for dog nose wrinkles' Ponzi makes off ~$127M🐶

Project promised up to 150% returns on investment in 100 days, raising about 166.4 billion South Korean won — or about $127 million — from 22,000 people.

Latest blogs for this week

Understanding Fuzzing and Fuzz Testing: A Vital Tool in Web3 Security

Read Time: 5 minutes When it comes to smart contracts, ensuring the robustness and security of code is paramount. Many techniques are employed to safeguard these contracts against vulnerabilities
Read More

How EigenLayer’s Restaking Enhances Security and Rewards in DeFi

Read Time: 7 minutes Decentralized finance (DeFi) relies on Ethereum staking to secure the blockchain and maintain consensus. Restaking allows liquid staking tokens to be staked with validators in
Read More

ERC 404 Standard: Everything You Need to Know

Read Time: 7 minutes Introduction Ethereum has significantly shaped the crypto world with its introduction of smart contracts and decentralized applications (DApps). This has led to innovative developments in
Read More

DNS Attacks:  Cascading Effects and Mitigation Strategies

Read Time: 8 minutes Introduction DNS security is vital for a safe online space. DNS translates domain names to IP addresses, crucial for internet functionality. DNS ensures unique name-value
Read More

EIP-4844 Explained: The Key to Ethereum’s Scalability with Protodanksharding

Read Time: 7 minutes Introduction  Ethereum, the driving force behind dApps, has struggled with scalability. High fees and slow processing have limited its potential. They have kept it from
Read More

QuillAudits Powers Supermoon at ETH Denver!

Read Time: 4 minutes Calling all the brightest minds and leaders in the crypto world! Are you ready to build, connect, and innovate at the hottest event during ETH
Read More

Decoding the Role of Artificial Intelligence in Metaverse and Web3

Read Time: 7 minutes Introduction  Experts predict a transformative shift in global software, driven by AI and ML, marking the dawn of a new era. PwC predicts AI will
Read More

Transforming Assets: Unlocking Real-World Asset Tokenization

Read Time: 7 minutes In the blockchain, real-world assets (RWAs) are digital tokens that stand for tangible and conventional financial assets, including money, raw materials, stocks, and bonds. As
Read More
Scroll to Top

Become a Quiffiliate!
Join our mission to safeguard web3

Sounds Interesting, Right? All you have to do is:


Refer QuillAudits to Web3 projects for audits.


Earn rewards as we conclude the audits.


Thereby help us Secure web3 ecosystem.

Total Rewards Shared Out: $200K+