The past few weeks have shown that we still have a long way to go in terms of security.
How can we expect retail users to join if even our largest protocols keep getting hacked so easily?
$135M+ have been lost to exploits in October.
@Balancer: Major hack in early November with a total loss of $116.6M.
The attacker exploited a flaw in the manageUserBalance function, where a poorly implemented access control (verifying msg.sender using a user-provided op.sender value) allowed them to impersonate some account owners.
@MoonwellDeFi: Exploit of $1M due to a critical vulnerability in the rsETH/ETH price oracle.
The oracle massively overvalued the wrapped restaked ETH asset (~$5.8M per token instead of ~$3.5K), allowing the attacker to perform repeated flash loans and drain funds.
@MIM_Spell: The hack stemmed from a flaw in the cook function, which executes multiple actions within a single transaction.
The attacker repeatedly used two operations, a borrow action (action 5) that passed solvency checks, followed by an empty update (action 0) that reset control flags bypassing final validations. Around 1.79M $MIM across six addresses were stolen.
@TypusFinance: Lost approximately $3.44M due to a flaw in its custom oracle.
A missing assertion allowed the attacker to manipulate token values and perform swaps at incorrect prices.
@gardenfi: Experienced a major exploit leading to a $10.8M loss.
The attack targeted a vulnerability within one of the protocolâs solvers.
@Paxos: Not a hack, but a critical incident.
Paxos mistakenly minted $300T PYUSD (their regulated stablecoin) because of an internal transfer error, an amount 2.5x the global GDP.
This highlighted the risks of centralized control in stablecoins.
@DIMO_Network: Involved suspicious activity from an admin wallet.
An admin upgraded the proxy contract, withdrew 30M $DIMO tokens, and sold them for roughly $40,000.
@BNBCHAIN: A phishing attack compromised several accounts, leading to about $13,000 in stolen funds.
All victims were later fully reimbursed in USDT.
At this point, itâs understandable why many retail users prefer putting their money into traditional finance.
Yes, itâs centralized, but there are far fewer hacks, and when incidents do happen, insurance or recovery mechanisms often step in.
Still, I havenât lost faith in crypto. I know itâs the future.
But what all of this shows right now is that thereâs still a long road ahead before the average person can feel truly safe entrusting their savings to DeFi.
6,03Â k
39
Le contenu de cette page est fourni par des tiers. Sauf indication contraire, OKX nâest pas lâauteur du ou des articles citĂ©s et ne revendique aucun droit dâauteur sur le contenu. Le contenu est fourni Ă titre dâinformation uniquement et ne reprĂ©sente pas les opinions dâOKX. Il ne sâagit pas dâune approbation de quelque nature que ce soit et ne doit pas ĂȘtre considĂ©rĂ© comme un conseil en investissement ou une sollicitation dâachat ou de vente dâactifs numĂ©riques. Dans la mesure oĂč lâIA gĂ©nĂ©rative est utilisĂ©e pour fournir des rĂ©sumĂ©s ou dâautres informations, ce contenu gĂ©nĂ©rĂ© par IA peut ĂȘtre inexact ou incohĂ©rent. Veuillez lire lâarticle associĂ© pour obtenir davantage de dĂ©tails et dâinformations. OKX nâest pas responsable du contenu hĂ©bergĂ© sur des sites tiers. La dĂ©tention dâactifs numĂ©riques, y compris les stablecoins et les NFT, implique un niveau de risque Ă©levĂ© et leur valeur peut considĂ©rablement fluctuer. Examinez soigneusement votre situation financiĂšre pour dĂ©terminer si le trading ou la dĂ©tention dâactifs numĂ©riques vous convient.