On August 18, two separate and seemingly unrelated attacks targeted decentralized finance (DeFi) protocols Exactly and Harbor, as reported by blockchain security firms DeDotFi and PeckShield.
In the attack on Exactly Protocol, on-chain data indicates that approximately 4323.6 ETH, equivalent to around $7.3 million, has been stolen. The hacker executed bridging maneuvers, sending 1,490 ETH to the Ethereum network via the Across protocol and 2 ,832.92 ETH via the Optimism Bridge. Exactly operates as a cryptocurrency lender on the Optimism network. Although the initial report mentioned a theft of more than 7,160 ETH (almost $12 million), it was later revised to reflect the lower amount. The attack targeted the DebtManager peripheral contract within Exactly Protocol, bypassing a license check and siphoning user assets. The team behind the protocol has involved law enforcement and is actively engaging with the attackers in hopes of reclaiming the stolen assets.
In a separate incident, the interchain stablecoin protocol Harbor fell victim to an attack that resulted in fund losses from its stablecoin and vaults holding stOSMO, LUNA, and WMATIC. The precise quantity of stolen crypto assets remains uncertain, and Harbor is currently in the process of tracking the funds and evaluating the overall extent of the losses.
These breaches follow a series of security compromises within the DeFi ecosystem in recent weeks. On July 30, vulnerabilities in three versions of the Vyper programming language led to the theft of over $61 million from Curve Finance's stable pool. Other protocols that have sufficeered attacks in recent days include Earn. Finance, which lost at least $287,000 worth of ETH, and the Zunami protocol, which experienced $2.1 million in losses due to another vulnerability.
