Truebit acknowledged the hack and urged users not to interact with the vulnerable smart contract.
Truebit exploited for over $26 million
A bug in a smart contract belonging to the Ethereum-based Truebit project allowed an attacker to steal 8,535 ETH (~$26.4 million). The thief targeted one of the project's older contracts — deployed in 2021 — which contained a bug in which the price calculation to mint sufficiently large quantities of the protocol's TRU token would overflow, erroneously allowing people to mint large amounts of TRU for next to nothing. The exploiter took advantage of this by minting TRU and swapping it for ETH, ultimately causing the TRU token price to crash 99.9%. Another subsequent attack saw around $300,000 more drained from the project.
Unleash Protocol exploited for $3.9 million
Unleash Protocol, a project promising to allow creators to register their intellectual property on the blockchain, has been exploited for around $3.9 million. An attacker was able to gain administrative access, despite the project's governance system ostensibly being protected by a multisignature wallet. They then deployed a new smart contract, which allowed them to siphon assets from the project. The attacker then bridged the funds to ETH and laundered them via the Tornado Cash cryptocurrency mixer.
Flow blockchain exploited for $3.9 million
The Flow blockchain suffered an exploit in which an attacker was able to mint a large number of wrapped FLOW tokens, which they then swapped to tokens on other blockchains. Ultimately around $3.9 million was stolen, and the FLOW token dramatically plunged in price.
Some crypto exchanges, such as Upbit and Bithumb, halted withdrawals and deposits for FLOW after the exploit was discovered. Flow later confirmed the exploit, and said that validators "executed a coordinated halt" of the network to shut down the attack.