Recent DeFi Attacks: Exactly Protocol and Harbor Hit Hard

What Happened on August 18?

On August 18, the DeFi community was rocked by two unconnected exploits targeting Exactly Protocol and Harbor. These incidents, unveiled by blockchain security firms DeDotFi and PeckShield, shed light on the vulnerabilities within decentralized finance protocols.

The Exactly Protocol Breach

Exactly Protocol, a crypto lender operating on the Optimism network, experienced a significant theft of 4,323.6 Ether (ETH), valued at roughly $7.3 million at the time. Initially, reports indicated over 7,160 ETH was taken, but this number was later adjusted downward. The exploit was traced back to a manipulative attack that involved a rogue market contract address which allowed the hacker to access user deposits without proper permission checks.

How Did They Get Away With It?

The attackers used a malicious market contract, executing a deposit function that let them pilfer user assets directly. “Approximately $7.3M were stolen,” the protocol confirmed. Not only are they filing police reports, but they’re also attempting to reach out to the perpetrators to see if they could persuade them to return the loot. Talk about an unusual negotiation tactic!

Harbor’s Harrowing Encounter

In a second, concurrent incident, the interchain stablecoin protocol Harbor faced its own crisis as assets stored in various vaults like stOSMO, LUNA, and WMATIC were compromised. Although the full extent of the damages is still being assessed, it serves as another glaring reminder of the frailty of even the most trusted DeFi platforms.

DeFi’s Ongoing Security Struggles

These breaches are part of an alarming trend in the DeFi space. Just weeks prior, a vulnerability in the Vyper programming language led to the loss of over $61 million from Curve Finance. Not to be left behind, Earn.Finance and Zunami Protocol also reported losses adding to the growing list of unfortunate exploits.

What Can We Learn?

As DeFi continues to grow, so do the risks associated with it. Users and developers alike must remain vigilant, implementing better security protocols and conducting thorough audits of their platforms. After all, in the world of decentralized finance, prevention is far better than a police report.