Lending Protocol 'Blend' on Blast Exploited for Over $10M
The lending market Blend, operating on the Blast L1/rollup, has suffered a major exploit with hackers draining more than $10 million from the protocol. The incident highlights the persistent security risks associated with deploying complex DeFi applications on new blockchain networks. It is expected to renew calls for more rigorous third-party audits and bug bounties for protocols on emerging chains.
- A significant security incident on the Blast network involved the GameFi project Munchables, which was exploited for $62.5 million due to a rogue developer. The funds were ultimately returned without a ransom being paid. - The first major rug pull on the Blast network involved a gambling project called RiskOnBlast, which absconded with approximately $1.3 million from over 750 users. The official Blast X (formerly Twitter) account had promoted the project, raising concerns about project vetting. - Blast was founded by Tieshun Roquerre, also known as "Pacman," who is the founder of the popular NFT marketplace Blur. Roquerre is a notable figure in the crypto space, having dropped out of high school, attended MIT, and received a Thiel Fellowship. - The launch of the Blast network was met with public criticism from one of its main investors, Paradigm. The venture capital firm's Head of Research, Dan Robinson, expressed disapproval of the one-way bridge and the three-month lock-up of user funds, stating it set a bad precedent. - Security concerns have been raised by developers regarding Blast's architecture, particularly its initial reliance on a 3-of-5 multisignature wallet to secure user deposits before the mainnet was fully operational. - While the prompt refers to a "Blend" protocol exploit on Blast, a recent, similarly named incident occurred on the Stellar network. In that exploit, the lending protocol Blend lost over $10.8 million due to oracle price manipulation, a common attack vector for DeFi lending platforms. - The resolution of the Munchables hack highlighted the centralized aspects of the Blast network. The ability to freeze the stolen funds was a key factor in their recovery, showcasing a trade-off between decentralization and the ability to intervene in exploits. - Lending protocols are a frequent target of DeFi exploits, accounting for a significant number of attacks and value lost. These platforms are vulnerable to various attack methods, including flash loans, oracle manipulation, and smart contract bugs.
