Lately, the DeFi projects have been the favorite target for hackers. So, isn’t really a surprise to hear about new attacks, but maybe this time is a little bit worse than the others. It’s been reported that over $68m in Binance USD (BUSD), Binance Coin (BNB), and Paid tokens (PAID) were siphoned this week from the platforms Meerkat Finance and Paid Network.
The twist in these hacks is that none of them involved flash loans, whose exploits are commonly used by attackers to extract the funds. The first one was directed to Meerkat Finance. This DeFi investment platform was barely debuting on the Binance Smart Chain (BSC) when the supposed hack happened.
The Meerkat’s BNB-BUSD Vault 1 was compromised. According to the reports, the hackers changed the ownership of the smart contract and started to withdraw the funds available there. This way, around $17.67m in BNB and $13.9 in BUSD were robbed. Despite the crisis, shortly after the official webpage and the Twitter account of the project were closed. That’s why numerous users and experts see this attack more as an exit scam.
However, a self-declared developer of the project, dubbed “Jamboo”, appeared hours later in their channel on Telegram. He said the robbery was a “trial” to check the users’ greed and subjectivity. Apparently, the team would be preparing refunds for the victims.
Additionally, is worth mentioning that BSC is kind of centralized. So, withdraw the funds in its native tokens would be highly difficult for the hacker, since Binance can block the compromised coins.
From Meerkat to Paid Network
On the other hand, we also had this week the infinity mining attack on the Paid Network project. This DeFi platform is described as a smart contract program for business. Last Friday, some unknown attacker exploited its mining feature, creating 60 million PAID tokens out of nothing and transferring them to their wallet.
At that time, the value of every PAID token was around $2.8, according to CoinGecko. This means that the hacker extracted over $168m from the platform, which would be the largest DeFi hack to date. However, the PAID token quickly devalued the same day. After a harsh 90% fall, the price now is around $0.3 per token.
Some analysts have been following the trace of the funds, and it seems like the hacker didn’t earn that much with it. They swapped around $3m to Wrapped Ether (WETH), but the rest is still in PAID tokens. The total stolen figure’s been calculated around $37m.
Some users suspect that this may also be an exit scam. Nevertheless, the team quickly declared on Twitter that they’re investigating the issue and will bring more news later. Both of them, Meerkat and Paid, will have to respond to their users soon.
Featured Image by Tima Miroshnichenko / Pexels
Originally published at https://blog.alfa.cash on March 6, 2021.