AI & Machine Learning

Web3 Development

NFT & Metaverse

Blockchain Development

Blockchain Solutions

Products

Get in Touch
arrow-left Back to ‘Today at Nextrope Blog’

Smart Contract Attacks: The Most Memorable Blockchain Hacks of All Time

Paulina Lewandowska

30 Dec 2022
<strong><noscript><img class=

Due to their ability to automate financial procedures and transactions, smart contracts have the potential to completely change the way we conduct business. They are not impervious to security flaws, though, as is the case with other technologies. There have been a number of smart contract hacks in the past that have caused large losses and damaged the community's confidence. The most famous smart contract hacks ever will be covered in this article, along with the lessons that may be drawn from them. These incidents—from the DAO hack to the Bancor hack—have had a long-lasting effect on the blockchain sector and serve as reminders of the value of properly safeguarding smart contracts.

Table of Contents

The DAO hack

A decentralized venture capital fund for the cryptocurrency and decentralized technology industries was one of the goals of the Decentralized Autonomous Organization, or DAO. Its decentralized architecture was designed to cut expenses while giving investors more power and access. The DAO was designed to run decentralized, relying on the collective judgment of its investors.

A flaw in the coding of The DAO, a smart contract on the Ethereum blockchain, was found by a hacker on June 17, 2016. This gave the attacker the ability to ask the contract to send money to them repeatedly, leading to the theft of 3.6 million ETH, which was then valued at about $70 million. Due to two flaws in the contract's architecture, the exploit was made possible: a mechanism that first transmitted the ETH and then modified the internal token balance was not designed to account for the possibility of repeated calls.

A flaw in the coding of The DAO, a smart contract on the Ethereum blockchain, was found by a hacker on June 17, 2016. This gave the attacker the ability to ask the contract to send money to them repeatedly, leading to the theft of 3.6 million ETH, which was then valued at about $70 million. Due to two flaws in the contract's architecture, the exploit was made possible: a mechanism that first transmitted the ETH and then modified the internal token balance was not designed to account for the possibility of repeated calls.

The Veritaseum hack

A cryptocurrency called Veritaseum was introduced in 2017. A cyberattack at Veritaseum in April 2018 cost the company the equivalent of $8.4 million in cryptocurrencies.

The Veritaseum cryptocurrency's smart contract had a flaw that allowed for the hack to take place. By using a reentrancy attack, the flaw allowed an attacker to siphon money from the Veritaseum smart contract. In a reentrancy attack, an attacker can run a smart contract's function repeatedly before the state of the contract is changed, allowing the attacker to remove money from the contract before the state is updated to reflect the withdrawal.

The Veritaseum attack served as a reminder of the value of properly protecting smart contracts as well as the possible dangers of employing them. It also emphasized the necessity of rigorous testing and auditing of smart contracts to make sure they are safe and without flaws.

The Bancor hack

On the Ethereum blockchain, the Bancor network is a decentralized exchange that enables users to purchase and sell a range of different cryptocurrencies. The Bancor network was hacked in July 2018, and as a result, about $12 million worth of cryptocurrency was lost.

The hack was conducted by taking advantage of a weakness in the smart contract that controlled the Bancor network. Due to a vulnerability, an attacker was able to take over the Bancor contract and steal money from it. In order to stop more losses, the Bancor team was able to react to the attack promptly and halt trading on the site.

The Bancor attack served as a reminder of the value of properly protecting smart contracts as well as the possible dangers of employing them. It also emphasized the necessity of rigorous testing and auditing of smart contracts to make sure they are safe and without flaws.

Hacks in DEFI

Decentralized finance (DeFi) projects benefit greatly from smart contracts since they enable automated, self-executing financial processes and transactions. They are used to speed up, confirm, and enforce contract negotiations and performance.

Because smart contracts can be used to enable a variety of financial transactions and handle large quantities of money, smart contract security is crucial in DeFi projects. If a smart contract is not adequately protected, attackers may leverage its flaws to steal money from it or engage in other forms of contract manipulation. Users of the DeFi project may suffer large losses as a result, and the initiative's credibility and dependability may be harmed.

The bZx hack

A decentralized finance (DeFi) platform called bZx enables users to utilize smart contracts to borrow and lend cryptocurrency. bZx experienced two different attacks in February 2020 that took use of holes in its smart contracts.

On February 14, 2020, a hacker used a flaw in the bZx smart contract to steal about $6 million worth of cryptocurrency. This was the first theft. On February 18, 2020, a fresh vulnerability in the bZx smart contract was used by a different hacker to steal an additional $350,000 worth of cryptocurrency.

The bZx hacks were caused by flaws in the bZx smart contracts, which let attackers take advantage of them and steal money from them. The intrusions served as a reminder of the value of properly protecting smart contracts as well as the possible dangers of employing them. To ensure the security and lack of vulnerabilities in their smart contracts, DeFi projects must thoroughly test and audit them.

The Harvest Finance hack

The Harvest Finance hack was a security issue that happened in October 2020. An attacker used a smart contract weakness to steal cryptocurrencies valued at about $24 million. A decentralized finance (DeFi) technology called Harvest Finance enables users to generate yield by supplying liquidity to various financial marketplaces.

The hack happened when a perpetrator drained funds from the Harvest Finance smart contract by taking advantage of a flaw in it. Due to a vulnerability, the attacker was able to alter the contract and withdraw money from it without setting off the security features. The Harvest Finance team was able to stop trading on the platform to stop more losses after the hack was identified many hours after it happened.

The Akropolis hack

The Akropolis decentralized finance (DeFi) platform was attacked on November 12, 2020, when a protocol flaw resulted in the loss of about 2,030,841.0177 DAI from the impacted YCurve and sUSD pools. The problem was caused by a bug in the platform's SavingsModule smart contract's handling of the deposit logic, which gave the attacker the ability to create a significant number of pool tokens without the support of valued assets. This happened because the protocol did not correctly impose reentrancy protection on the deposit logic and validate supported tokens. Users of the Akropolis platform experienced severe disruption and losses as a result of the Smart Contract Hacks.

Conclusion - Smart Contract Hacks

One cannot stress the significance of properly safeguarding smart contracts. Smart contracts are capable of handling large quantities of value and a variety of financial activities. If a smart contract is not properly secured, it may cause consumers to suffer large losses and jeopardize the project's legitimacy and dependability.

Because of this, it is crucial that smart contracts undergo extensive testing and auditing. Smart contracts can be made secure and fault-free with the aid of testing and auditing. It is an essential stage in the creation process and can aid in safeguarding the security of blockchain projects and ensuring their smooth operation.

Tagi

Most viewed

Never miss a story

Stay updated about Nextrope news as it happens.

You are subscribed

Aethir Tokenomics – Case Study

Kajetan Olas

22 Nov 2024
Aethir Tokenomics – Case Study

Authors of the contents are not affiliated to the reviewed project in any way and none of the information presented should be taken as financial advice.

In this article we analyze tokenomics of Aethir - a project providing on-demand cloud compute resources for the AI, Gaming, and virtualized compute sectors.
Aethir aims to aggregate enterprise-grade GPUs from multiple providers into a DePIN (Decentralized Physical Infrastructure Network). Its competitive edge comes from utlizing the GPUs for very specific use-cases, such as low-latency rendering for online games.
Due to decentralized nature of its infrastructure Aethir can meet the demands of online-gaming in any region. This is especially important for some gamer-abundant regions in Asia with underdeveloped cloud infrastructure that causes high latency ("lags").
We will analyze Aethir's tokenomics, give our opinion on what was done well, and provide specific recommendations on how to improve it.

Evaluation Summary

Aethir Tokenomics Structure

The total supply of ATH tokens is capped at 42 billion ATH. This fixed cap provides a predictable supply environment, and the complete emissions schedule is listed here. As of November 2024 there are approximately 5.2 Billion ATH in circulation. In a year from now (November 2025), the circulating supply will almost triple, and will amount to approximately 15 Billion ATH. By November 2028, today's circulating supply will be diluted by around 86%.

From an investor standpoint the rational decision would be to stake their tokens and hope for rewards that will balance the inflation. Currently the estimated APR for 3-year staking is 195% and for 4-year staking APR is 261%. The rewards are paid out weekly. Furthermore, stakers can expect to get additional rewards from partnered AI projects.

Staking Incentives

Rewards are calculated based on the staking duration and staked amount. These factors are equally important and they linearly influence weekly rewards. This means that someone who stakes 100 ATH for 2 weeks will have the same weekly rewards as someone who stakes 200 ATH for 1 week. This mechanism greatly emphasizes long-term holding. That's because holding a token makes sense only if you go for long-term staking. E.g. a whale staking $200k with 1 week lockup. will have the same weekly rewards as person staking $1k with 4 year lockup. Furthermore the ATH staking rewards are fixed and divided among stakers. Therefore Increase of user base is likely to come with decrease in rewards.
We believe the main weak-point of Aethirs staking is the lack of equivalency between rewards paid out to the users and value generated for the protocol as a result of staking.

Token Distribution

The token distribution of $ATH is well designed and comes with long vesting time-frames. 18-month cliff and 36-moths subsequent linear vesting is applied to team's allocation. This is higher than industry standard and is a sign of long-term commitment.

  • Checkers and Compute Providers: 50%
  • Ecosystem: 15%
  • Team: 12.5%
  • Investors: 11.5%
  • Airdrop: 6%
  • Advisors: 5%

Aethir's airdrop is divided into 3 phases to ensure that only loyal users get rewarded. This mechanism is very-well thought and we rate it highly. It fosters high community engagement within the first months of the project and sets the ground for potentially giving more-control to the DAO.

Governance and Community-Led Development

Aethir’s governance model promotes community-led decision-making in a very practical way. Instead of rushing with creation of a DAO for PR and marketing purposes Aethir is trying to make it the right way. They support projects building on their infrastructure and regularly share updates with their community in the most professional manner.

We believe Aethir would benefit from implementing reputation boosted voting. An example of such system is described here. The core assumption is to abandon the simplistic: 1 token = 1 vote and go towards: Votes = tokens * reputation_based_multiplication_factor.

In the attached example, reputation_based_multiplication_factor rises exponentially with the number of standard deviations above norm, with regard to user's rating. For compute compute providers at Aethir, user's rating could be replaced by provider's uptime.

Perspectives for the future

While it's important to analyze aspects such as supply-side tokenomics, or governance, we must keep in mind that 95% of project's success depends on demand-side. In this regard the outlook for Aethir may be very bright. The project declares $36M annual reccuring revenue. Revenue like this is very rare in the web3 space. Many projects are not able to generate any revenue after succesfull ICO event, due to lack fo product-market-fit.

If you're looking to create a robust tokenomics model and go through institutional-grade testing please reach out to contact@nextrope.com. Our team is ready to help you with the token engineering process and ensure your project’s resilience in the long term.

Tagi

Nextrope Partners with Hacken to Enhance Blockchain Security

Miłosz

21 Nov 2024
Nextrope Partners with Hacken to Enhance Blockchain Security
Location: Gdynia, Poland
Date: November 12, 2024

Nextrope announces a strategic partnership with Hacken, a renowned blockchain security auditor. It marks a significant step in delivering reliable decentralized solutions. After several successful collaborations resulting in flawless smart contract audits, the alliance solidifies the synergy between Nextrope's innovative blockchain development and Hacken's top-tier security auditing services. Together, we aim to set new benchmarks, ensuring that security is an integral part of blockchain technology.

Strengthening Blockchain Security

The partnership aims to fortify the security protocols within blockchain ecosystems. By integrating Hacken's comprehensive security audits with Nextrope's cutting-edge blockchain solutions, we are poised to offer unparalleled security features in our projects.

"Blockchain security should never be an afterthought"

"Our partnership with Hacken underscores our dedication to embedding security at the core of our blockchain solutions. Together, we're building a safer future for the industry."

said Mateusz Mach, CEO of Nextrope

About Nextrope

Nextrope is a forward-thinking blockchain development house specializing in creating innovative solutions for businesses worldwide. With a team of experienced developers and blockchain experts, Nextrope delivers high-quality, scalable, and secure blockchain applications tailored to meet the unique needs of each client.

About Hacken

Hacken is a leading blockchain security auditor known for its rigorous smart contract audits and security assessments. With a mission to make the industry safer, Hacken provides complex security services that help companies identify and mitigate vulnerabilities in their applications.

Looking Ahead

As a joint mission, both Nextrope and Hacken are committed to continuous innovation. We look forward to the exciting opportunities this partnership will bring and are eager to implement a more secure blockchain environment for all.

For more information, please contact:

Nextrope

Hacken

Join us on our journey to deliver top-notch blockchain tech and a safer future for the industry!

Tagi