A Hacker’s Stolen Funds Liquidated on Venus Protocol
A hacker who stole almost $600 million in BNB last year had over $60 million in collateral liquidated on the decentralized borrowing and lending service Venus Protocol. Security firm PeckShield first reported the liquidation.
Key Points:
- The hacker pledged stolen funds as collateral for a $30 million USDC loan, but a leap in bond yields caused the loan to become undercollateralized.
- The Venus smart contract liquidated three loans worth $148 million after BNB dropped below $220.
- Smart contracts liquidate positions without warning, unlike traditional margin trading, putting the onus on investors to closely monitor their positions.
- The hacker deposited 900,000 BNB ($198 million) as collateral to borrow USDC, USDT, and BUSD stablecoins.
- The BSC Token Hub bridge was hacked, resulting in the theft of $568 million worth of BNB. Similar attacks have been attributed to the North Korean cybercrime group Lazarus.
Poor Cyber Hygiene in DeFi Bridges
Bridges help traders move tokens from one blockchain to another, but they often lack proper security measures. Smart contract audits are not mandatory, leaving vulnerabilities that hackers can exploit.
Key Points:
- Bridge creators are not required to undergo smart contract audits, leading to security flaws.
- Hackers can exploit these flaws to access locked funds.
- The centralized nature of bridges allows for containment of fallout from hacks.
- Binance stopped its Smart Chain and froze $7 million of the stolen funds after the hack.
Hot Take:
The recent liquidation of the hacker’s stolen funds on Venus Protocol highlights the risks and vulnerabilities in the decentralized finance space. While bridges provide convenience for token transfers between blockchains, the lack of mandatory smart contract audits poses significant security threats. Investors must remain vigilant and closely monitor their leveraged or collateralized positions. Bridge creators should prioritize cybersecurity measures to protect user funds and prevent future attacks. The incident serves as a reminder of the importance of robust security practices in the crypto industry.
By
By
By