Hashing Bits

Ape Rocket Finance - Bondly Finance - THORChain - PolyBunny - T-Mobile

15th July:

Ape Rocket Finance, a DeFi yield farming aggregator suffered two flashloan attacks, also known as quick loan attack on BSC and its Polygon fork at 4:30 AM UTC and 8:00 AM UTC resulting in $1.26 Million loss in crypto assets. The two attacks were carried out using AAVE on Polygon and PancakeSwap on BSC. In both the cases, large amounts were borrowed, the DAI - MATIC LP vault and in the second the CAKE vault. Since a large amount of money was deposited, the hacker held more than 99% of the funds in these two vaults. Large amounts of money were sent to the vault contract (flash loan). Hacker called functions from these vaults and an anomalously high number of tokens were minted as these CAKE generated were far greater than the reality. After performing the attack, funds were returned and the hacker sold his generated tokens which resulted in a quick price crash. Ape Rocket Finance team has planned compensation to the ones affected which can be found here

Bondly Finance, a popular DeFi project in the Polkadot ecosystem, was hacked after an attacker exploited an infinite mint bug and dumped 373 Million BONDLY tokens. As a result, BONDLY price crashed 60%. Community suspects it as a rug-pull since the owner minted the tokens. 

16th July:

THORChain, a decentralised cross-chain transaction protocol was hacked due to a bug in Bifrost, a DeFi protocol that connects Polkadot and different PoS blockchains. ETH Bifrost was recently updated to allow the router to ‘wrap’ by smart contracts. Attacker used this vulnerability to exploit the underlying THORChain router. Estimated loss is around 4,000 ETH and $5 Million. A detailed attack explanation can be found here

17th july:

PolyBunny, PancakBunny’s Polygon version was a victim of flatsloan attack again when an attacker minted 2,136,672.9746569423 polyBUNNY and sold. The project suspended all Sushi vaults. Estimated loss is $2,402,462.


16th July:

A crypto-investor accused and filed a lawsuit against T-Mobile, a mobile communications carrier for insufficient customer data protection resulting in the loss of 1.6 BTC through a SIM card fraud.