DeFi Protocols Suffer Over $24M in Recent Exploits

- The IoTeX bridge exploit was a result of a compromised private key, which gave the attacker administrative control over the bridge's contracts on Ethereum. This method of attack, targeting operational security rather than smart contract code, has become increasingly common, accounting for a significant portion of funds stolen from bridges. The attacker not only drained existing funds but also minted an additional $4 million in CIOTX and $4.5 million in CCS tokens. - In the YieldBlox incident, the attacker manipulated the price of the USTRY stablecoin from approximately $1.05 to over $100 in a single transaction. This was possible due to low liquidity in the USTRY/USDC market on Stellar's exchange, which the attacker exploited to borrow against the artificially inflated collateral. Although the attacker bridged most of the stolen USDC to Ethereum, Stellar validators were able to freeze about 48 million of the stolen XLM, representing a majority of the funds in that currency. - The Blend lending market exploit on the Blast L2 was also an oracle manipulation attack, similar to the YieldBlox incident. The Blast L2 itself has faced security scrutiny since its launch, with concerns raised about its reliance on third-party protocols like Lido and MakerDAO for yield generation and the security of its multisig contract. - Cross-chain bridges are a frequent target for hackers, with over $2.8 billion lost to bridge attacks in recent years. The core vulnerability lies in their architecture, which often concentrates large amounts of value in a few contracts controlled by a small number of keys. - The practice of offering a "white hat" bounty to the attacker in exchange for the return of the remaining funds has become a common crisis response strategy in DeFi. Both the IoTeX and YieldBlox teams extended such offers to the hackers. - The price of IoTeX's native token, IOTX, dropped by as much as 22% in the immediate aftermath of the exploit. Trading volume surged over 500% as some investors panic-sold while others saw a trading opportunity. Major exchanges like Binance and Upbit temporarily suspended IOTX-related transactions as a precautionary measure. - The YieldBlox exploit highlights the risks associated with oracles that rely on markets with low liquidity. The Reflector oracle, which was manipulated in the attack, accurately reported the market price, but the lack of trading activity and liquidity made that price susceptible to extreme manipulation. - This series of exploits occurs at a time when AI-driven security tools are showing promise in detecting DeFi vulnerabilities. Some reports claim that specialized AI can now detect up to 92% of real-world DeFi exploits, signaling a potential shift in the security landscape.