On March 18, Voltage Finance, a decentralized finance (DeFi) platform, suffered the second exploit. This event resulted in an incredible loss of $322,000. This incident comes after an exploit in March of 2022, when the platform was drained of $4.67 million. The attacker from the original exploit has funneled nearly $182,000 worth of Ether (ETH) through Tornado Cash. This popular cryptocurrency mixer has been used to facilitate anonymous transactions.
As blockchain security firm CertiK reported, attackers took advantage of a “default callback function” in 2022. This was a crafty approach they employed to drain dollars. Following the initial attack, Etherscan marked the attacker’s address. Then the exchanges were tipped off and told to prevent any transactions that tried to originate from it.
According to Voltage Finance, the March 18 exploit was caused by a vulnerability in Simple Staking pools that they were using. They provided the attacker with a $50,000 bounty if they agreed to return the stolen funds. The complete postmortem report, released by Voltage Finance on March 20, goes into greater detail about the incident.
Voltage Finance may have found a developer associated with the Simple Staking pools. This person is the one who likely facilitated the March exploit.
While we haven’t confirmed if he is the hacker, as a precaution, we revoked his access immediately and filed police reports to collaborate with law enforcement and centralized exchanges. - Voltage Finance
Even with these serious and repeated security breaches, Voltage Finance remains up and running. In a separate incident, the hacker behind the $7.5 million exploit of KiloEx returned all stolen funds, totaling over $18 million in returned assets.
Removing one big hack, April’s crypto losses totaled $34 million, a 21% increase compared to March.
