DeFi Protocols Exactly and Harbor Attacked in Separate Hacks
DeFi Exactly And Harbor Protocols Were Separately Attacked
On August 18, decentralized finance (DeFi) platforms Exactly and Harbor suffered separate attacks, as reported by blockchain security firms DeDotFi and PeckShield.
The exploits resulted in the theft of 4,323.6 Ether (ETH), equivalent to almost $7.3 million at the time, from Exactly Protocol. The hackers then moved 1,490 ETH through the Across Protocol and 2,832.92 ETH to the Ethereum network via Optimism Bridge.
Exactly Protocol operates as a crypto lender on the Optimism network. Although initial reports indicated around 7,160 ETH (nearly $12 million) was stolen, this figure was later adjusted. The attacker targeted the DebtManager contract by exploiting a malicious market contract address, evading the permit check, and executing a harmful deposit function. The protocol filed a police report and aims to communicate with the attackers for the return of the assets.
In a separate incident, interchain stablecoin protocol Harbor fell victim to an attack that resulted in losses from its stable-mint and various vaults containing stOSMO, LUNA, and WMATIC. The exact amount stolen remains unknown, and Harbor is actively tracing funds and assessing the extent of the losses.
Prior DeFi incidents include a vulnerability in the Vyper programming language leading to the theft of over $61 million from Curve Finance’s stablecoin pools, as well as losses suffered by Earn.Finance and Zunami Protocol, totaling at least $287,000 and $2.1 million, respectively.