Vee Finance Exploited for $35M Worth of BTC and ETH

  • The 8805 ETH and 214 BTC that were stolen were collected into a single address, and the attacker is yet to transfer or process them.
  • Vee Finance assured users that the incident occurred in the “pending contract”, and that the assets in its Stable Coin sector remain unaffected.
hacker attack on bitcoins crypto currency web cyber crime vector

Shutterstock

Shortly after launching on the Avalanche network, decentralized finance (DeFi) platform Vee Finance was hit by an exploit that saw around $35 million in BTC and ETH being stolen, the platform said in a blog post on 21 September.

According to the announcement, Vee Finance noticed some suspicious activities on its platform on 20 September, and quickly suspended its contracts alongside its deposit and borrow functions. Despite the effort, the attacker was still able to drain almost 8805 ETH and 214 BTC, worth around $35 million at current prices. The platform said in its blog post:

“We are taking and handling this incident seriously and will do our best to protect the interests of VEE Finance users. We will keep you updated on this matter through our social media and community announcements.”

After investigating, the Vee Finance team found that the attacker had collected all of the stolen tokens into a single address. The team also assured users that the incident only occurred in the “pending contract”, and that the assets in its “Stable Coin sector” — including USDT.e, USDC.e, and DAI.e — were not affected. The Vee Finance team also published a tweet informing the attacker they were ready to launch a bounty program for the bug he had “identified”, imploring him to contact them via email or any other contact he preferred.

Vee Finance, which launched on the Avalanche network on 14 September, is a DeFi lending platform focused on supporting a variety of mining mechanisms, such as liquidity, transaction, and leveraged mining. On Saturday, the platform published a blog post claiming to have surpassed $300 million in total value locked.

The new DeFi exploit happened less than ten days after another Avalanche project, Zabu Finance, was hacked for $3.2 million worth of tokens.

Discussion
Related Coverage
Unibot to Compensate Users Affected by Exploit
  • Popular Telegram bot Unibot, which is used to snipe trades on Uniswap, became a victim of a token approval exploit earlier today, when it was switching to a new router.
  • After confirming the exploit, Unibot assured users that their keys and wallets were safe, and that the project will compensate all affected users.
October 31, 2023, 3:01 PM
unlock

Shutterstock

Balancer Exploited After Giving Warning
  • DeFi protocol Balancer confirmed it was exploited almost a week after disclosing a critical vulnerability affecting several of its boosted pools.
  • The platform did its best to mitigate some of the risks but was unable to pause the affected pools, and an estimated $980,000 in DAI were stolen in an attack.
Zunami Protocol’s Stablecoin Pools Exploited, Suffers $2.1M Loss
  • DeFi yield aggregator Zunami Protocol confirmed that a hacker had attacked its “zStables” pools on Curve Finance using a price manipulation exploit.
  • Security firm PeckShield has estimated that over $2.1 million was lost during the attack, while SlowMist said it had informed Zunami of the vulnerability two months ago.