$9 400 000 USD

DECEMBER 2020

GLOBAL

COVER PROTOCOL

DESCRIPTION OF EVENTS

Cover is "A peer-to-peer coverage market - A platform where you can buy coverage on anything." "COVER Protocol allows DeFi users to protect against smart contract risk. It stabilizes the turbulent DeFi space by instilling confidence and trust between protocols and their users. At the core of Cover Protocol are the fungible cover tokens. Fungible cover tokens are created when a user deposits collateral into a Cover smart contract. Each Cover contract specifies the protocol to be covered (ie Curve), the preferred collateral (ie DAI), the amount to deposit, and then the expiration date of coverage."

 

"The decentralized finance (DeFi) insurance project Cover Protocol was hacked earlier Monday in an infinite printing scheme, causing the price of the COVER token to plunge. Hours later, Grap.Finance, a “white hat hacker” claimed responsibility for the attack via their Twitter account, saying all funds had been returned."

 

"A hacker has exploited a bug in the incentives smart contract of Cover Protocol. This has allowed the hacker to get away with 11,761 COVER tokens, worth $3.62 million at press time."

 

"COVER (formerly known as SAFE) fell ~90% when an infinite mint loophole was uncovered and exploited, causing the total supply of tokens to increase by 48 quadrillion percent, from 84,477 to 40,796,131,214,802,600,000."

 

"The attackers managed to exploit a bug in the Cover’s incentive contract called infinite mining bug’." "They successfully discovered a process that gave them COVER tokens as rewards. They then staked, unstaked, and restaked LP tokens in rapid succession." "Nansen, an analyst group focused on Ethereum wallets revealed that the exploiter managed to carry on his exploits for over 2 hours and all of the $2 million stolen funds were minted token."

 

"Banteg, Yearn Finance’s core developer, commented on Twitter, saying that they are investigating the issue. Yearn Finance entered into a merger with Cover protocol on Nov.28. Binance has halted trading and deposits of Cover Protocol as well."

 

"“The 4350 ETH that has been returned by the attacker will also be handled through a snapshot to the LP token holders. We are still investigating,” according to the project’s Twitter account." "After claiming responsibility for the hack, the attacker sent a message telling Cover Protocol to “take care of your own shit.”"

 

"The Cover protocol has now come up with a compensation plan to refurbish those who were impacted by the exploit a couple of days ago. The team behind the defi insurance protocol released a medium post informing traders that the refurbishment plans would be based on the snapshot of block 11541218 which is the block before the first exploit took place."

 

"We will use the snapshot to calculate each user’s ownership percentage of all outstanding COVER-ETH LP tokens and distribute the ETH proportionally. We have received a total of 4,441.8 (4,350 + 1 + 90.8) ETH. The final distribution will be the total amount of ETH returned by exploiters to the dev multi-sig."

Cover protocol is a market for insurance, allowing you to protect your assets on other platforms against loss.

 

Except that the protocol itself got hacked, and there was nobody to insure it. Luckily, the firm which had conducted the breach owned up to it and gave the money back.

HOW COULD THIS HAVE BEEN PREVENTED?

The decentralized finance space is still new and developing.

 

It is essentially impossible to prove that a smart contract is secure. More secure storage of funds involve multi-signature offline storage.

 

Check Our Framework For Safe Secure Exchange Platforms

Rekt - Leaderboard (May 13)
Rekt - Cover - REKT (May 16)
Cover Protocol Attack Perpetrated by White-Hat - All Funds Returned, Hacker Claims (May 18)
COVER Hack: Cover Protocol and Binance Announce Compensation Plan for Hack Victims | Headlines | News | CoinMarketCap (May 18)
@CoverProtocol Twitter (May 18)
Cover Protocol Hacker Makes Off With Millions, Binance Halts Token Trading | Crypto Briefing (May 18)
Cover Protocol (May 18)
COVER Hack: Cover Protocol and Binance Announce Compensation Plan for Hack Victims (May 18)
@sassal0x Twitter (May 18)
Breaking: Hyped Defi Project COVER Protocol Exploited, Hacker Mints Unlimited COVER Token (May 18)
Hacker Returns Stolen Funds to Cover Protocol - The Chain Bulletin (May 18)
Cover Protocol Exploit Takes a Bizzare Turn, Hacker Returns All The Funds With an Important Message (May 18)
COVER Hack: Cover Protocol and Binance Announce Compensation Plan for Hack Victims - Crypto World News (May 18)
@GrapFinance Twitter (May 19)
Attacker mints more than 1 quintillion tokens in DeFi Cover Protocol hack | Cryptonary (May 19)
Messari - Bitcoin & crypto price, news, charts, and research (May 19)
CipherTrace Cryptocurrency Crime and Anti-Money Laundering Report 2020 (Jun 20)
SlowMist Hacked - SlowMist Zone (May 18)
Blockchain Hacks: 2020 | $15 billion lost, how can we mitigate hacks in 2021? | CertiK Foundation Blog (Jul 23)
Comprehensive List of DeFi Hacks & Exploits - CryptoSec (Jan 8)
DeFi protocol Cover exploited, attackers minted at least 40 quintillion tokens (Jan 9)
https://mobile.twitter.com/guronghuieric/status/1343672295857016832 (Jan 10)
https://mobile.twitter.com/certik_io/status/1343730470962536448 (Jan 10)
https://mobile.twitter.com/certikorg/status/1343584463171825664 (Jan 10)
@amanusk_ Twitter (Jul 24)

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.