The decentralized finance (DeFi) protocols Exactly and Harbor were recently compromised in two separate and seemingly unrelated attacks. On-chain data disclosed by blockchain security firms DeDotFi and PeckShield displays an alarming loss of 4323.6 ETH from Exactly Protocol, amounting to nearly $7.3 million. The attackers utilized the Across Protocol and Optimism Bridge networks to successfully bridge the stolen ETH to the Ethereum network.
Precisely positioned as one of the crypto lenders on the Optimism network, Exactly Protocol is grappling with these unsettling losses. Initially, there were reports of an alarming 7160 ETH being stolen to the tune of $12 million. This figure was later contradicted and replaced with a smaller amount. According to Exactly, the DebtManager periphery contract was the attacker’s prime target. The attacker leveraged a malicious market contract address, bypassed the permit check and executed a malicious deposit function to seize assets deposited by users. The protocol proactively filed a police report and is leaning into efforts at communicating with the attackers in a bid to salvage the stolen assets.
Harbor, the interchain stablecoin protocol, also confessed to falling victim to an attack that raided its stable-mint, stOSMO, LUNA, and WMATIC vaults. The exact amount stolen from Harbor is shrouded in uncertainty, as the company continues to trace the lost funds and calculate the incurred losses.
Ironically, these unpleasant incidents mirror a repeat pattern of security disruptions across the DeFi ecosystem in past weeks. A striking example is the Vyper programming language instability on July 30 that resulted in over $61 million worth of stable pools on Curve Finance being siphoned. The series of unfortunate events also includes the Earn.Finance compromise with at least $287,000 worth of ETH stolen, and Zunami Protocol’s $2.1 million losses due to an exploit.
There’s an intriguing parallel between these rising security incidents and the potential boost in security that blockchain technology could bring to financial transactions. Blockchain has been lauded as a solution to mitigate the risk of fraud, hacking, and unauthorized transactions. Its transparent, decentralized nature reduces the chance of meddling or influence from any single entity.
However, as showcased by these attacks on Exactly and Harbor, blockchain isn’t immune to exploitation. It’s a sobering reminder that technology, in all its advancement, doesn’t completely rule out the inevitability of human greed and the pursuit of vulnerability for illicit gain. For app developers and users across the space, these attacks underline the need for tight security protocols and a relentless guard against potential exploits. This critical balance between tremendous potential and threat is at the heart of the blockchain conundrum.
Source: Cointelegraph