In April, a hacker attacked the dForce DeFi protocol. At the time of the theft, the amount was almost $25 million.
As it turned out, he took advantage of the vulnerability of the imBTC token of the ERC-777 standard and a critical vulnerability in the smart contracts of the platform Lendf.me responsible for updating user balances. In addition to the damage caused by dForce, the hacker withdrew all tokens from Lendf.me (291 imBTC or $2 million at the time of the attack).
However, the attacker made a fatal (for him) mistake — inadvertently disclosed his identification data by contacting decentralized exchanges directly without using the distributed IPFS file system.
As a result, Singapore law enforcement officers became interested in the hacker and he had to return all the stolen funds.
Harvest Finance: “engineering error” at a cost of almost $20 million (damage — $19.8 million)
In October, an attacker stole $19.8 million from the Harvest Finance platform. It took him seven minutes to withdraw funds. Later, the hacker returned $2.47 million. The developers promised to distribute them among users and set a reward of $ 1 million for assistance in returning funds.