WEB3-DMM-BITCOIN-2024

On July 18, 2024 Indian exchange WazirX lost approximately $230M (about $234.9M) from a Safe (Gnosis) 4-of-6 multisig wallet held under a custody arrangement with Liminal (five WazirX keys plus one Liminal key). The attack was a blind-signing exploit: signers reviewed benign transaction details in the manipulated Liminal interface while the payload actually signed differed, authorizing a delegatecall (function selector 0x804e1f0a) that overwrote slot0 of the Safe proxy and repointed its implementation to an attacker-controlled contract (0xef279c2ab14960aa319008cbea384b9f8ac35fc6). Once the proxy pointed to attacker logic the wallet was fully controlled without further keys, and it was drained. The theft was attributed to North Korea's Lazarus Group, later confirmed in a joint statement by the US, South Korea and Japan in January 2025. Funds were laundered via Tornado Cash; victims are being repaid through a court-approved restructuring (resumed October 2025, BitGo custody) rather than direct recovery.

On December 14, 2023 a former Ledger employee was phished, giving the attacker access to their npmjs account, whose access had not been revoked at offboarding. The attacker published malicious versions (1.1.5, 1.1.6, 1.1.7) of the @ledgerhq/connect-kit npm package in which the library's normal export was replaced with a malicious Drainer class. Because thousands of dApps load Connect Kit dynamically via a CDN script tag rather than a pinned local bundle, the poisoned package was served automatically to every visitor, injecting a fake WalletConnect modal that prompted users to sign asset-draining transactions; the drainer logic was the off-the-shelf Angel Drainer service. Affected front ends included SushiSwap, Zapper and Revoke.cash. The malicious package was live for roughly five hours (active draining under two hours) and Ledger deployed a clean version 1.1.8 about 40 minutes after notification, with around $600K stolen.

On June 24, 2022, Harmony's Horizon bridge was exploited for approximately $99.7 million. The Ethereum-side bridge was secured by a 5-validator multisig configured at a low 2-of-5 threshold, so compromising just two keys gave full control of the funds. Per Harmony's post-mortem the private keys were not stored in plaintext but were doubly encrypted via a passphrase and a key management service, with no single machine holding multiple plaintext keys; the attacker nonetheless breached Harmony's hot signing infrastructure and was able to access and decrypt several keys, including those used to sign the unauthorized transfers, because the decryption capability lived within reach of the compromised environment. With two decrypted keys meeting the threshold, the attacker signed and confirmed the drain across 11 transactions (the 2 refers to the signature threshold, not the transaction count). The FBI and Elliptic attributed the theft to North Korea's Lazarus Group (APT38); the stolen assets were swapped to Ether and laundered through Tornado Cash and later RAILGUN.

Signature replay occurs when a signed message lacks binding context (nonce, chainId, or an EIP-712 domain separator), so a signature valid for one execution can be re-submitted on another call or another EVM chain. The canonical 2022 case is the Optimism/Wintermute loss of 20,000,000 OP tokens disclosed June 9, 2022: Wintermute provided a Gnosis Safe address deployed on Ethereum mainnet but not on Optimism. Because the Gnosis Safe factory's original deployment transaction used a pre-EIP-155 signature, its hash covered only six RLP fields (nonce, gasPrice, gas, to, value, data) and omitted chainId, so anyone could rebroadcast the identical signed transaction on Optimism. An attacker replayed that deployment to recreate the factory and Safe at the same counterfactual address on L2, gained control of the contract account before the rightful owners, and swept the 20M OP. The same low-level flaw appears in application contracts that ecrecover a digest missing nonce/chainId, letting one signed approval be replayed repeatedly.

A frontend hijack leaves the on-chain contracts untouched but replaces the Web2 surface serving the dApp UI with a wallet-drainer clone, so no Solidity audit can catch it. The recurring pattern: attackers take over the domain registrar or DNS provider account (or a CDN/tag-manager account), repoint the domain to a cloned site, and prompt visitors to sign malicious token approvals, EIP-2612 permit signatures, or transfers. Curve Finance was hit twice: on August 9-10, 2022 its curve.fi domain was DNS-hijacked via a compromised nameserver and drained ~$570K in USDC/DAI; and again around May 12, 2025 at the registrar level, after which Curve permanently migrated to curve.finance and announced an ENS move (Convex Finance and Resupply, which depend on Curve's data feeds, suffered dependency-driven outages but were not themselves compromised). In July 2024 a mass wave hit DeFi domains registered through Squarespace, whose forced migration off Google Domains stripped 2FA: Compound's frontend redirected to an Inferno Drainer clone and 100+ protocols were exposed (Celer blocked its takeover via domain monitoring). Ambient Finance's domain was hijacked through stolen registrar credentials on October 17, 2024. Most recently, on April 14, 2026 attackers used forged identity documents to social-engineer the registrar into handing over DNS control of CoW Swap's swap.cow.fi and cow.fi domains, redirecting users to a pixel-perfect drainer clone for about 90 minutes; over $1M was taken in roughly three hours, including 219 ETH (~$750K) from a single wallet, while CoW's contracts, backend APIs, and solver network were untouched. The same bucket includes CDN-account injections (KyberSwap's September 2022 Cloudflare/Google Tag Manager compromise, ~$265K) and BGP route hijacks that swap signed bundles for drainer code.

On September 2, 2025 Bunni, a liquidity manager built on Uniswap v4, was drained of roughly $8.4 million across Ethereum and Unichain (USDC, USDT, and weETH/ETH) through a rounding error in its withdrawal accounting amplified by flash loans. Bunni's Liquidity Distribution Function (LDF) tracks an 'idle balance' that is rebalanced on every swap, and the withdraw path rounded that balance in the wrong direction under specific conditions. The attacker flash-borrowed millions in USDT and executed a precisely sized sequence of swaps that pushed the pool's spot price back and forth across tick boundaries, triggering the faulty rounding repeatedly; each cycle let them withdraw more tokens than they burned in liquidity (in the USDC/USDT pool the idle balance fell 85.7% while liquidity fell only 84.4%, and that gap was the leak). The bug was application-specific accounting math, not an oracle or price-feed flaw. Unable to fund a secure relaunch, the Bunni team announced on October 23, 2025 that it was permanently shutting down, leaving withdrawals open and relicensing v2 from BUSL to MIT.