Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you the most significant developments from the past week.
The past week in DeFi was dominated by exploits and hacks, with three DeFi platforms losing nearly $39 million. Alphapo’s hot wallets were exploited for over $32 million, Era Lend was drained for $3.4 million, and the decentralized finance protocol Conic Finance was exploited for almost $3.5 million.
In better news, the DeFi ecosystem was buzzing with developments in zero-knowledge-proof (ZK-proof) scaling solutions as the layer-2 sector heats up despite the bear market.
The exploits and bearish market condition took their toll on DeFi protocols, with the total value locked in DeFi protocols seeing a significant drop over the past week.
Alphapo hot wallets hacked for over $31 million
Crypto payment platform Alphapo had roughly $31 million drained from its Ether (ETH), TRON (TRX) and Bitcoin (BTC) hot wallets, security experts reported on July 22. Since the amount of Bitcoin stolen is uncertain, the figures may be even higher.
According to on-chain sleuth ZachXBT, the funds have been stolen on the Ethereum network, then swapped for ETH before being bridged to the Avalanche and Bitcoin blockchains. DeDotFi’s security team said a leak of private keys may have caused the hack. Investigations are still in progress.
Era Lend on zkSync exploited for $3.4 million in reentrancy attack
The lending zkSync lending app, Era Lend, has been exploited for $3.4 million in crypto, according to a July 25 report from blockchain security firm CertiK. The attacker used a “read-only reentrancy attack” to drain the funds, which is an attack that interrupts a multistep process and then causes it to continue after a malicious action has been performed. Specifically, a “read-only” reentrancy does not update the state of a contract.
According to the report, the attacker drained funds in two transactions using the externally owned account 0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a. The attacker relied on a vulnerability in “the callback and _updateReserves function” to manipulate a contract into reporting old values that had not yet been updated.
Zero-knowledge tech development heats up amid bear market
ZK-proofs are cryptographic methods allowing one party to prove to another party that something is true without revealing any sensitive underlying private…
Click Here to Read the Full Original Article at Cointelegraph.com News…