I lost millions of dollars! Native network hack exposes DeFi security gap

I lost millions of dollars! Native network hack exposes DeFi security gap appeared first on Coinpedia Fintech News

The recent breach at Grand Base, which resulted in over $2 million in losses, highlights the vulnerabilities of networks like Base. In the fast-moving world of decentralized finance (DeFi), where innovation meets risk, understanding such breaches is important.

Grand Base, known for its ability to transfer assets across multiple chains, fell victim to a complex cyberattack, exposing major flaws in the Base network.

Let's take a look at what went wrong.

Breach Investigation

The stealthy hack, achieved by gaining control of the private keys, resulted in mined GP tokens being dumped on the market, causing a 99% drop in the token price and a massive drop that severely affected the overall stability of the protocol. This exploit, which resulted in a loss of over $2 million, demonstrates the need to introduce stronger security measures and stricter restrictions in the DeFi environment.

After the attack occurred, the project team acted quickly, urging the community to increase security measures and promising to resolve the issue.

#CertiKInsight @grandbase_fi It was revealed through a Telegram channel that the distributor's wallet was compromised and used to mint GB tokens.

This incident caused the token price to drop by over 99%.

525 ETH (~$1.7 million) connected to your Ethereum wallet. pic.twitter.com/A0w1OmsKJG

— CertiK Alert (@CertiKAlert) April 15, 2024

ZachXBT, an on-chain investigator who identifies suspicious transactions and fraudulent activity, served as a whistleblower by providing valuable information about transactions on the Base blockchain.

Depending on the Zach's XBT ResearchIrregular transfers of huge asset values ​​were detected and this created some dangling threads that were used to exploit and infiltrate the network.

Community Alert: The group of con artists who stole 8 Figs, along with Magnate, Kokomo, Lendora, Solfire, and more, are back with a new project in Blast. @Leaperfinance

Last week they began funding approximately $1 million of funds laundered from previous lugs to addresses in Blast, adding liquidity… pic.twitter.com/yqRKvZuuye

— ZachXBT (@zachxbt) April 14, 2024

Phishing scams can be very damaging.

In addition to the hack, there was a recent attack on the Base network with a series of phishing scams, resulting in a loss of more than $2 million in 24 hours.

Scam Sniffer reported Victim of a horrific phishing scam lost $1.2 million in AERO tokens. Meanwhile, fraudulent ERC20 permits were signed by others, resulting in the loss of $846,610 worth of $DEGEN tokens.

Another victim lost $1.2 million in AERO to a phishing scam 6 hours ago.

In the last 24 hours, the primary chain suffered nearly $2 million in phishing losses. https://t.co/JdNxoxc0Pk pic.twitter.com/TzK20TK4DF

— Scam Sniffer | Web3 Scam Prevention (@realScamSniffer) April 11, 2024

BASE network vulnerability disclosure

Weaknesses in the base layer design itself provide attackers with room to maneuver, so they target these points. A notable risk is the complex data transfer protocol that allows interactions between blockchains to occur.

The functionality of these protocols creates an additional attack surface for hackers who are always on the lookout for loopholes and coding errors in smart contracts.

Moreover, this system has flaws not only at the underlying network but also at the design level of the Ethereum Virtual Machine (EVM). EVM, also known as a runtime environment for smart contracts on Ethereum and other compatible chains, has built-in constraints around its design that attackers can leverage to their advantage.

Despite the strengths of the EVM architecture, if smart contract code is not properly managed, both stack overflows and underflows and reentrancy attacks can occur.

Likewise, EVMs do not have built-in security features that can deter some attacks related to integer overflows or unauthorized access control. Smart contract developers who design the functionality of a smart contract must have sound security practices in place to address vulnerabilities, but errors or omissions in the coding can make the design unstable.

building a better future

As the situation calmed down, the message became clear. Security measures need to be strengthened to prevent future attacks. Enhanced protocols and thorough auditing help protect your digital assets from unauthorized access and malicious activity.

The Grand Base DeFi attack serves as a reminder of the importance of resilience and vigilance in the DeFi world. As we work to strengthen decentralized finance, prioritizing security is essential to protecting digital assets and securing the future of finance.