Hacker Weekend: DeFi Vulnerabilities Exposed as Exactly and Harbor Suffer Separate Hacks

Two decentralised platforms, Exactly and Harbor, encountered separate breaches over the weekend.

These incidents, part of a series of recent security breaches, bring attention to the vulnerabilities that can emerge in the relatively new and experimental realm of DeFi.

Exactly, a credit market running on the Optimism network, faced an unexpected challenge.

The breach saw hackers exploiting a flaw in Exactly's smart contracts.

A report from PeckShield revealed an ongoing attack on X (formerly Twitter).

The attackers successfully made away with approximately 4,323.6 Ether (ETH), valued at approximately $7.3 million during the breach.

To achieve this, they employed the Across Protocol to take 1,490 ETH and utilized the Optimism Bridge for 2,832.92 ETH, shifting the stolen assets to the Ethereum network.

Simultaneously, DeFi platform Harbor also became a victim of an attack on the same day.

The interchain stablecoin protocol confirmed the breach and disclosed losses from its stable-mint and vaults containing stOSMO, LUNA, and WMATIC.

The exact extent of the stolen assets remains uncertain, as Harbor actively investigates the funds and assesses the scale of the impact.

Exactly's vulnerability related to the DebtManager periphery contract.

The attackers exploited a malicious market contract address, bypassing permit checks and executing a malicious deposit function.

While the motives behind these attacks are not yet clear, it is evident that the substantial liquidity available within bridge protocols like Exactly and Harbor make them an attractive target for hackers.

This recent series of DeFi breaches is part of an ongoing pattern of security incidents affecting the ecosystem.

Coinlive previously reported how a vulnerability in the Vyper programming language led to a substantial theft of over $24 million from stable pools on Curve Finance.

Zunami Protocol, also faced losses amounting to $2.1 million.