Greetings!
A relatively quiet week with less than $6M lost to DeFi hacks. Most of the lost funds are due to a single compromise of EigenLayer, where an employee was tricked into sending $5.5M worth of assets to the wrong wallet.
If you ever feel like DeFi security is struggling, just look at the other side of the fence to see how web2 is doing. Not only do key pieces of infrastructure like Verizon and AT&T have government-mandated backdoors, but now we’ve learned that those backdoors themselves were compromised by a Chinese nation-state actor. This is equivalent to the compromise of Bitcoin, Ethereum, and Solana chains all at the same time. Yep, even with hacks that we learn about every day, web3 is doing just fine.
The premium version of the newsletter includes additional details on a few price oracle manipulation hacks involving Fire, Lava Lending, AIZPT, and a function access control issue with EGA token.
To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.
Let’s dive into the news!