Venus Protocol, IoTeX, and SOF Token Exploits: $6.65M Lost to Design Flaws, Key Compromise, and Broken Token Logic
0x0d9 lost $180K after empty signature arrays bypassed authorization checks. YieldBlox lost $10M when a low-liquidity oracle allowed an attacker to inflate collateral prices and overborrow. Holdstation lost $462K after a compromised developer key enabled a malicious contract upgrade. Three different failures — access control, oracle design, and key security — combined to cause over $10.6M in losses.
In Brief
Venus Protocol lost $2M due to a price manipulation attack.
IoTeX lost $4.4M after a compromised admin key enabled a malicious contract upgrade.
SOF Token lost $249K after a flawed burn logic inflated token price during swaps.
Hacks Analysis
Venus Protocol | Amount Lost: $2M
On March 15th, the Venus Protocol exploit on the BSC resulted in a $2M loss. The root cause of the exploit was a supply cap bypass combined with price manipulation of the THE contract. The protocol allowed direct token transfers (“donations”) to the vToken contract, which increased collateral value without enforcing the supply cap. The attacker gradually deposited 53.2M THE over 9 months (exceeding the 14.5M cap), and artificially inflated the exchange rate by 3.8x. This allowed the attacker to leave the protocol in $2M bad debt.
Exploited Contract (on BNB): 0xF4C8E32EaDEC4BFe97E0F595AdD0f4450a863a11
On February 21st, the IoTeX ioTube bridge exploit in the Ethereum mainnet resulted in a $4.4M loss. The root cause was a compromised validator admin key. The attacker gained ownership of the Validator contract and upgraded it to a malicious implementation. This new logic bypassed all signature verification and validation checks. The attacker then minted 410M CIOTX and gained control over bridge reserves. Using this access, they withdrew multiple assets from the TokenSafe contract.
On February 14th, the SOF Token exploit on the BSC resulted in a $249K loss. The root cause of the exploit was a flawed burn mechanism in the private _update() function. This function burned SOF tokens and called sync() before calculating the swap output. Because the pool synced before pricing, the SOF token price got artificially inflated. The attacker swapped SOF tokens, repaid the flash loads and made a profit.
Exploited Contract (on BNB): 0xaeb414d0a64dfca14fd41b28efc78f437008df42
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Follow-up: Conduct a follow-up review to ensure that the remediation steps were effective and that the smart contract is now secure.
Follow-up: Conduct a follow-up review to ensure that the remediation steps were effective and that the smart contract is now secure.
In Brief
Remitano suffered a $2.7M loss due to a private key compromise.
GAMBL’s recommendation system was exploited.
DAppSocial lost $530K due to a logic vulnerability.
Rocketswap’s private keys were inadvertently deployed on the server.
Hacks
Hacks Analysis
Huobi | Amount Lost: $8M
On September 24th, the Huobi Global exploit on the Ethereum Mainnet resulted in a $8 million loss due to the compromise of private keys. The attacker executed the attack in a single transaction by sending 4,999 ETH to a malicious contract. The attacker then created a second malicious contract and transferred 1,001 ETH to this new contract. Huobi has since confirmed that they have identified the attacker and has extended an offer of a 5% white hat bounty reward if the funds are returned to the exchange.
