Decentralized finance (DeFi) security startup Quantstamp has identified the top five smart contract protocols that suffered the most losses from exploits and hackers in January.
Quantstamp, in a post on social media platform X, highlighted that the actions of malicious actors using various attack methods such as smart contract hacks, key compromises, and scams resulted in a total loss of $38.9 million in January.
Radiant Capital faced $4.5 million in losses in early January due to a flash loan attack. Blockchain security firm PeckShield identified the issue as a “known rounding issue” in the current Compound/Aave codebase.
To address the problem, Radiant halted its USD Coin (USDC) pool on Arbitrum and conducted an investigation to ensure the security of user funds. Operations resumed after the issue was fixed.
Gamma Strategies also experienced a flash loan attack on January 4, shortly after the Radiant attack. The attack resulted in a code bug that allowed hackers to siphon $6.1 million from Gamma’s public-facing vaults. Gamma temporarily halted deposits to fix the vulnerability.
Wise Lending suffered a loss of at least $460,000 in a flash loan attack on January 12. The exploit involved manipulating the price oracle used by Wise Lending and marked the second attack on the protocol in six months. The Web3 lending app lost 170 Ether (ETH) in the attack.
On January 16, Socket, a multichain protocol, experienced a security breach due to a vulnerability in user verification input. This allowed hackers to steal nearly 2,000 ETH, valued at over $4 million. However, Socket managed to recover 1,032 ETH (approximately $2.3 million) and reimbursed all affected users as part of its plan to restore user funds.
Goledo Finance also experienced a security breach similar to Gamma’s exploit, resulting in the theft of $1.7 million through a flash loan attack. Negotiations with the perpetrator are still ongoing, and Goledo has announced a reward for the return of the funds. The lending protocol has frozen the hacker’s accounts on centralized exchanges and is evaluating the extent of the loss to develop a recovery strategy. Local law enforcement has also been informed of the situation.
The Goledo team has established a compensation process for user asset recovery and provided a Google form for users to submit their claims.