Filament Finance lost $572K to price manipulation on Sei.
WebKey was targeted in a $737K arbitrage attack.
Venus suffered a $716K loss due to inflated exchange rates.
Hacks Analysis
Filament Finance | Amount Lost: $572K
On April 6, the Filament Finance exploit on the Sei network resulted in a $572K loss due to a price manipulation attack. The attacker set up multiple contracts to place large, fake orders and artificially inflated the token price. The attacker then created leveraged positions using minimal collateral. Finally, the attacker placed fake sell orders to crash the prices, leaving their previous leveraged positions undercollateralized. This triggered self-liquidation at favorable rates and allowed the attacker to make a profit.
One of Multiple Transactions (Sei): 0x3bc6f9a1d51e1afa57a25de570c3e628de3efe56e4765d2c7d2769f049b2e9dc
WebKey | Amount Lost: $737K
On March 14, the WebKey exploit on the BSC resulted in a $737K loss. The root cause of the exploit was the misconfigured currentSaleInfo parameter in the buy() function, which had been set by the WebKey operator earlier. The currentSaleInfo parameter contained a fixed low _price value, which enabled the attacker to buy wkeyDao tokens at artificially low prices and sell at higher market prices on DEXs.
Exploited Contract (on BSC): 0xc39c54868a4f842b02a99339f4a57a44efc310b8
On February 27, the Venus exploit on zkSync resulted in a $716K loss due to a price manipulation attack. The attacker first borrowed 2,100 WETH flash loan from Aave and deposited it as collateral on Venus to borrow 466,000 wUSDM. The attacker then transferred wUSDM to a second wallet, used it as collateral, and repeated to borrow an additional 2,167,431 wUSDM. Lastly, the attacker donated 439,560.48 USDM to the wUSDM contract and inflated the exchange rate from 1.067 to 1.7641, which allowed the attacker to make a profit.
Transaction (on zkSync): 0x35a0172fb6bd450ceb29aa67dc85221826dfd0b7528375400b4ccf15c1eed0d8
