StakingMarketRegulationCryptostake ExplainsUncharted
Black January for DeFi Security: $38.9 Million Lost in Smart Contract Exploits

DeFi security breaches in January

The decentralized finance (DeFi) sector faced a tumultuous start to the year, with Quantstamp, a prominent DeFi security startup, reporting staggering losses due to a variety of cyberattacks. In January alone, exploits including smart contract hacks, key compromises, and scams led to an alarming $38.9 million in losses. Quantstamp's analysis, shared on a major social media platform, paints a grim picture of the current state of Web3 security. 

Quantstamp (@Quantstamp) tweeted: 

“$38.9M has been lost to web3 security incidents so far in January 2024.

 Let's take a look at 5 of the largest smart contract hacks so far.” 

This report serves as a stark reminder of the persistent vulnerabilities plaguing the DeFi space.

Major attacks and their impact

January's DeFi attacks were varied and impactful. Radiant Capital's ordeal began the month with a $4.5 million loss in a flash loan attack, a vulnerability pinpointed by blockchain security firm PeckShield as stemming from a "known rounding issue" in current Compound/Aave codebases. This prompted Radiant to temporarily shut down its USDC pool on Arbitrum, though they assured users that their funds were secure.

Close on Radiant's heels, Gamma Strategies suffered a $6.1 million loss from a similar attack, leading them to temporarily suspend deposits while addressing the code bug. Wise Lending wasn't spared either, losing at least $460,000 to a price oracle manipulation in a flash loan attack.

Socket, a multichain protocol, also fell victim, losing nearly 2,000 ETH (over $4 million), though they managed to recover about half and reimbursed affected users. Goledo Finance's flash loan attack rounded out the month, with $1.7 million stolen and ongoing negotiations with the perpetrator.

Addressing security challenges in DeFi space

The recent spate of DeFi attacks highlights an urgent need for enhanced security measures in the sector. Goledo Finance's situation exemplifies this, with ongoing negotiations after a $1.7 million theft. They've taken proactive steps, freezing the hacker's accounts on centralized exchanges and working closely with law enforcement. To aid in asset recovery, Goledo has also set up a compensation process, inviting affected users to submit claims through a Google form.

Goledo Finance (@GoledoFinance):

 “To initiate the compensation process for asset recovery, we kindly request our users to fill out the Google Form linked below.

️ The form will be open for one week, and we will prioritize compensation for those who submit their claims.

⤵️Form below.”


These incidents underscore the vital importance of robust security protocols and swift response strategies in the DeFi world.