Biggest Blockchain Heists

You must be wondering what does Blockchain Heist even means when everybody claims that this space of Blockchain is one of the most secure places. Well, Blockchain Heist means when someone unlawfully hacked or finds a loophole in blockchain data structure and stole all the cryptocurrency. There are potential risks in everything, in Blockchains too. The blockchain is considered to be malware proof but it still requires regular monitoring so that everything works smoothly. In past, we’ve seen many malware attacks on Individuals as well as in big corporations, no one’s entirely safe from this. What we can do is to innovate this space and create a complete malware-proof system where no one literally no one can even think about taking your financial assets. To secure blockchain, implementation requires critical steps such as monitoring, analysis and threat prevention. Modern tools can help streamline the process of securing blockchain technology more effectively.

So, In this article, we’ll discuss the biggest Blockchain Heists that happened till now.

• Lendf.me/Uniswap Hack — Lendf.me, a decentralized lending platform, suffered a blockchain attack in April 2020. Hackers exploited vulnerabilities in the underlying structure of Ethereum, stealing approximate $24.5 million from the lender. The second company, Uniswap, was using theLendf.me protocol and was also affected. It is estimated that Uniswap lost between$300,000 and $1.1 million in the blockchain hack. Silicon Angle reports that the attack on Uniswap exploited ERC777, an underlying technology on the Ethereum blockchain, and launched a “reentrancy” attack. “That attack exploits a function that makes an external call to another untrusted contract before it resolves any effects, allowing an attacker to take over control flow of the smart contract.” Lendf.me was victimized further through the second reentrancy. Attackers will continue to come up with new ways of exploiting blockchain technology. Smart contracts are often deployed over the blockchain — but these contracts can be vulnerable to a reentrancy attack. Identifying functions that may be untrustworthy can help prevent reentrancy attacks. Following best practices for mitigating the risks of potentially vulnerable functions which underlie blockchain structures is key. Maintaining oversight across enterprise blockchain technologies is a necessary checkpoint. Reentrancy attacks can occur when functions are compromised; implementing content security policies can help reduce the risk of function-based attacks on smart contracts.
• KuCoin Hack — In September 2020, Singapore-based KuCoin suffered one of the most costly hacks in cryptocurrency history. The theft of $281 million was attributed to an attack which resulted in malicious actor(s) gaining access to private keys for hot wallets — allowing them to seize control of various digital currencies. At the time, KuCoin was one of the most active cryptocurrency exchange platforms, handling averages of $100 million daily. Coin Desk says that, “One or more hackers obtained the private keys to the centralized exchange’s hot wallets, gaining control over vast quantities of bitcoin, ether, tron (TRX), XRP, stellar (XLM) and various ERC-20 tokens, among others. KuCoin immediately moved to freeze all wallets and disable services.” As Coin Desk reported further: KuCoin CEO Johnny Lyu said one or more hackers obtained the private keys to the exchange’s hot wallets. KuCoin transferred what was left in them to new hot wallets, abandoned the old ones, and froze customer deposits and withdrawals, Lyu said. Ensuring private keys are being stored properly is a critical element to securing hot wallets, which can be connected to the internet. This is another area where monitoring, assessment, and policy implementation can be beneficial.
• Pickle Finance Hack — Pickle Finance lost nearly half of its value to a cyber-attack in October 2020. Some $20 million in DAI was drained from a Pickle wallet. As CoinDesk reports, the company launched in September and released their new cDAI jar technology with the goal of “maximizing returns from DAI deposited on the decentralized lending protocol Compound.” This new strategy was then exploited by malicious actors; Pickle Finance states, “This was a very complicated attack and involved many components of the Pickle protocol.”A report from Cointips, explains that a malicious actor created a set of their own smart contracts (or “bad” jars) with similar features to existing Pickle Jars. They were then able to swap funds between “bad” jars and “good” jars, skating off with a cool $20 million. Blockchain is the underlying structure behind typical smart contract technology. Implementing security policies for enterprise blockchain security provides a framework for monitoring, assessment and risk mitigation.
• Trezor Hack — In September of 2020, a Ransome attack was launched against Trezor’s passphrase handling. Trezor is a hardware wallet available for computers and mobile devices. As Benma’s Blog explains: It is important that the hardware wallet validates any input it receives from the computer. In this case, the passphrase should be confirmed with the user on the device before using it to derive the seed. The Trezor and KeepKey did not do this in the case of the passphrase entered on the computer. As a consequence, a malicious wallet modifying data transferred via USB could send an arbitrary fake passphrase to the Trezor / KeepKey, and hold any coins received in this wallet hostage. The passphrase entered by the user could simply be ignored, and the actual passphrase used would be only known to the attacker. In this instance, an attack can be launched and go unnoticed; the wallet will function as per usual until the victim user is blocked from accessing their funds. After blocking user access, the attacker can then demand a ransom. These kinds of attacks can be launched against multiple users — and the attacker can “lie in wait” until enough coins have accrued in users’ wallets. An attacker can create dummy passphrases that are given to unsuspecting users until the wallet has enough value to be held for ransom. This is another area where policy implementation, monitoring, and assessment can help mitigate risk.
• Poly Network Hack — One of the biggest hacks in cryptocurrency happened in August 2021, Hackers stole $600M and later returned it. Poly Network operates on the Binance Smart Chain, Ethereum, and Polygon blockchains. Tokens are swapped between the blockchains using a smart contract that contains instructions on when to release the assets to the counterparties. One of the smart contracts that Poly Network uses to transfer tokens between blockchains maintains large amounts of liquidity to allow users to efficiently swap tokens, according to crypto intelligence firm CipherTrace. Poly Network tweeted on Tuesday that a preliminary investigation found the hackers exploited a vulnerability in this smart contract. According to an analysis of the transactions tweeted by Kelvin Fichter, an Ethereum programmer, the hackers appeared to override the contract instructions for each of the three blockchains and diverted the funds to three wallet addresses, digital locations for storing tokens. These were later traced and published by Poly Network. The attackers stole funds in more than 12 different cryptocurrencies, including ether and a type of bitcoin, according to blockchain forensics company Chainalysis. A person claiming to have perpetrated the hack said they had spotted a “bug,” without specifying, and that they wanted to “expose the vulnerability” before others could exploit it, according to digital messages posted on the Ethereum network published by Chainalysis
• Harvest Finance Hack — Another decentralized finance giant, Harvest Finance, was a victim of malicious cyber activity in October 2020. An attacker drained some $25 million from the platform’s finance pools, using an Ethereum obfuscation platform known as Tornado Cash in an attempt to disappear some of the funds that were withdrawn. In addition to this loss, Harvest Finance’s TVL suffered a significant drop in value — going from $1 billion to $673 million. Following the attack, investors pulled $350 million from the site. A report by coindesk said the attack comes after DeFi analyst Chris Blec claimed Harvest Finance’s administrators held an “admin key that can drain funds” locked in the protocol’s contracts. It’s unclear at this stage in the exploit what role the admin key or the anonymous team behind the protocol have to do with the sudden drain in assets. According to a report from bitcoin, the attacker later returned $2.5 million of the stolen funds. To launch their exploit, the malicious actor “manipulated prices on one money lego (curve y pool) to drain another money lego [farm USDT (fUSDT), farm USDC (fUSDC)], many times. The attacker then converted the funds to renBTC and exited to bitcoin.”