On Hacks, Use Cases & Deep dives.
17 Dec 2023 25 minute read 6 comments Arhat
TL;DR Flash loans, unique to the DeFi ecosystem, are uncollateralized and instantaneous loans completed within a single transaction on the blockchain. They use smart contracts for execution and are "atomic," meaning the transaction either fully compl...
16 Aug 2023 2 minute read 38 comments Arhat
Yesterday, my wallet's private key was compromised, and I lost all access to my wallet to an unknown hacker. What hurts more is that I lose all the onchain activity and reputation I've built with this wallet over the years. I must have signed...
10 Aug 2023 3 minute read 0 comments Arhat
Thoughts on MakerDAO's DSR & EDSR. Been looking at the EDSR since it was activated a few days ago, and it seems like it's working. The DAI Savings Rate (DSR) is a feature of MakerDAO that allows users to earn interest by locking their DAI into...
31 Jul 2023 3 minute read 0 comments Arhat
The Curve ecosystem just witnessed a malicious, coordinated attack due to a faulty vyper contract on all affected pools at JPEG'd, Alchemix, and Metronome. A number of pools using Vyper 0.2.15, 0.2.16, and 0.3.0 have been exploited due to a malfuncti...
21 Jul 2023 2 minute read 1 comment Arhat
The Conic Finance exploit was a re-entrancy attack that allowed an attacker to manipulate the price of the $ETH Omnipool and drain over 1,700 ETH, worth over $3.3M. This is how it happened (Refer to the visual below): The attacker used a flas...
12 Jul 2023 1 minute read 0 comments Arhat
Since Shapella, more than 20% of the ETH supply is now locked in the beacon chain, including the activation and exit queues. Also, there has been a net deposit of 4M ETH into the staking contract. However, the daily average of new ETH deposits has s...
8 Jul 2023 4 minute read 0 comments Arhat
Multichain Bridge was exploited for more than $126M. I believe that the hacker initially compromised the Multichain MPC network, then exploited the vulnerability in the Multichain MPC Bridge Contracts. Since it all happened with ease, it raises suspi...
2 Jul 2023 2 minute read 1 comment Arhat
The hack happened because of a smart contract vulnerability in @PolyNetwork2's cross-chain bridge tool. Here's how it might have happened (Refer to the image below): The hacker crafted a malicious parameter containing a fake validator signature and...
2 Jul 2023 1 minute read 0 comments Arhat
Biswap's liquidity pools were exploited by a vulnerability in the "Biswap migration contract" allowing anyone to replace legitimate migration transactions with fake ones. $710,251 was stolen in this attack, including the value of the LP tokens and th...
28 Jun 2023 1 minute read 0 comments Arhat
The attack was made possible due to a flawed oracle exploited to inflate the price of a Balancer LP token on Themis. Here's how it happened (refer to the image below): 1. The hacker initiates a flash loan from Aave v3 and two Uniswap v3 pools to...
