Nemo Protocol exploited for $2.4 million
The Nemo Protocol on the Sui blockchain suffered a $2.4 million exploit. The defi yield infrastructure protocol acknowledged the theft shortly after, explaining they had paused the protocol smart contracts as they investigated the theft. It appears the thief was able to manipulate a price oracle, siphoning $2.4 million in USDC from the project. They then bridged the funds from Arbitrum to Ethereum.
Venus Protocol user exploited for $13.5 million
A user of the Venus Protocol borrowing and lending platform was successfully phished by an attacker who gained access to their account and drained $13.5 million in stablecoins and wBETH. The user signed a malicious transaction, approving the attacker's address for token withdrawals.
Venus paused the protocol as they investigated the theft. The project then proposed a vote to force liquidation of the attacker's wallet and recover the stolen funds.
Bunni decentralized exchange exploited for $8.4 million
The Bunni decentralized exchange was exploited for approximately $8.4 million across the Unichain Ethereum layer 2 network and the Ethereum mainnet. Bunni acknowledged the theft and paused the protocol shortly after the attack.
BetterBank exploited, some funds returned
The PulseChain-based defi project BetterBank was exploited by an attacker who took advantage of a vulnerability that allowed them to mint arbitrary tokens, some of which they then swapped for ETH. The attacker later returned around $2.7 million of the stolen assets, having cashed out around $1.4 million.
The vulnerable smart contract had been audited by cybersecurity firm Zokyo, which claimed they had flagged the issue during an audit. BetterBank responded by claiming that the auditors had either not identified or failed to communicate the true severity of the flaw.
Bitcoiner socially engineered out of $91 million
A bitcoin holder reportedly fell for a social engineering attack after receiving communications from scammers posing as customer support for a crypto exchange and hardware wallet provider, according to crypto sleuth zachxbt. The thieves stole 783 BTC (~$91 million), which they then transferred through the Wasabi mixer to complicate tracing.