Weekly DeFi Roundup: Ledger Wallet Breach and Other Major Incidents
Summary:
This article recaps significant events in the Decentralized Finance (DeFi) sector during the past week. A security vulnerability in the Ledger hardware wallet connection library was exploited, putting the decentralized application (DApp) ecosystem at risk and causing a loss of over $650,000. A much larger sum could have been stolen due to the extensive scope of the attack. Other significant incidents include a $1.4 million loss by DeFi protocol Yearn.finance due to a multisignature scripting error and a $2.7 million exploit suffered by the OKX decentralized exchange (DEX). The article ends with a summary of the DeFi market, showing a bullish trend for the top 100 DeFi tokens.
Welcome to Finance Redefined, the go-to guide for vital updates in the world of decentralized finance (DeFi) โ a uniquely curated newsletter bringing you noteworthy advancements from the past seven days. In an unexpected series of incidents, DeFi witnessed a significant security breach on Dec. 14; a malicious perpetrator manipulated a flaw in the Ledger hardware wallet connection library, endangering the whole decentralized application (DApp) sphere. Renowned on-chain analysts, alongside DApps such as MetaMask and SushiSwap, recommended that users avoid transactions with their wallets altogether. To address the issue, Ledger promptly introduced a patch, but not before a substantial $650,000 was drawn from numerous accounts by the intruder. Given the potential scope of the attack, the stolen sum could have been notably more significant.
The party responsible for the infiltration of the Ledger Connect, commonly referred to as the 'Ledger Hacker,' extracted at least $484,000 from several Web3 applications, on Dec. 14. The hacker achieved this by convincing unsuspecting Web3 users to authorize harmful token transactions, as reported by Blockchain protection platform, Cyvers. As per various public declarations, the nefarious activity originated during the morning of Dec. 14, with the criminal exploiting a phishing trick to breach the computer system of a former Ledger staff member, therefore gaining access to their privileged javascript account.
In the aftermath of the security breach, several prominent decentralized applications including SushiSwap, Revoke. cash, Zapper, Balancer, and Phantom, which all utilize Ledger's connection, were subsequently compromised. Remarkably, Ledger was able to replace the malevolent file with the correct version, less than three hours after recognizing the breach. Ledger advises clients to proceed with caution, urging them to "Always Clear Sign." It emphasized that only the data shown on the Ledger screen can be considered authentic and safe. If discrepancies are noticed between one's Ledger and their computer or phone screens, users should terminate transactions promptly.
A separate incident occurred with DeFi protocol Yearn.finance, where it requested the return of a substantial $1.4 million, following a multisignature scripting error that substantially drained their Treasury funds. The mistake was responsible for the complete transfer of 3,794,894 lp-yCRVv2 tokens from Yearn's Treasury, according to a GitHub post by Yearn's contributor "dudesahn" on Dec. 11.
The OKX decentralized exchange (DEX) also endured a costly exploit on Dec. 13, losing $2.7 million in cryptocurrency. A leak in the private key of the proxy admin owner was said to be at fault. The security firm SlowMist Zone announced on X (previously Twitter) that OKX DEX had encountered a complication. The issue ensued following an upgrade to the DEX proxy contract to a new implementation contract by the proxy admin owner on Dec 12, 2023.
This week's DeFi market data shows a bullish trend for the top 100 DeFi tokens by market capitalisation, as revealed by Cointelegraph Markets Pro and TradingView. The majority of tokens traded were in profit, and the total value locked in DeFi protocols exceeded $60 billion.
We appreciate you joining us for this week's overview of the most influential DeFi news. Keep a lookout for our next weekly instalment, detailing the ever-evolving happenings of this rapidly progressing sector.
Published At
12/15/2023 11:25:00 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.