Cover Protocol Hack: Difference between revisions
(Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/coverprotocolhack.php}} thumb|Cover ProtocolCover protocol is a market for insurance, allowing you to protect your assets on other platforms against loss. Except that the protocol itself got hacked, and there was nobody to insure it. Luckily, the firm which had conducted the breach owned up to it and gave the money back. This is a global/international case not involvin...") |
No edit summary |
||
| Line 1: | Line 1: | ||
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/coverprotocolhack.php}} | {{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/coverprotocolhack.php}} | ||
{{Unattributed Citations}} | |||
[[File:Coverprotocol.jpg|thumb|Cover Protocol]]Cover protocol is a market for insurance, allowing you to protect your assets on other platforms against loss. | [[File:Coverprotocol.jpg|thumb|Cover Protocol]]Cover protocol is a market for insurance, allowing you to protect your assets on other platforms against loss. | ||
| Line 6: | Line 7: | ||
This is a global/international case not involving a specific country. | This is a global/international case not involving a specific country. | ||
<ref name="rekt-513" /><ref name="rektnews-691" /><ref name="coindesk-692" /><ref name="coinmarketcap-693" /><ref name="coverprotocoltwitter-694" /><ref name="cryptobriefing-695" /><ref name="coverprotocol-696" /><ref name="coingape-697" /><ref name="sassal0xtwitter-698" /><ref name="coingape-699" /><ref name="chainbulletin-700" /><ref name="coingape-701" /><ref name="crywnews-702" /><ref name="grapfinancetwitter-703" /><ref name="cryptonary-704" /><ref name="messari-705" /><ref name="ciphertrace-1152" /><ref name="slowmisthacked-678" /><ref name="certik-1776" /><ref name="cryptosec-5385" /><ref name="theblockcrypto-5422" /><ref name="guronghuierictwitter-5462" /><ref name="certikiotwitter-5463" /><ref name="certikorgtwitter-5464" /><ref name="amanusktwitter-8743" /> | |||
== About Cover Protocol == | == About Cover Protocol == | ||
| Line 41: | Line 43: | ||
Don't Include: | Don't Include: | ||
* Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed. | * Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed. | ||
* Anything that wasn't reasonably knowable at the time of the event. | * Anything that wasn't reasonably knowable at the time of the event. | ||
| Line 63: | Line 64: | ||
|- | |- | ||
|December 28th, 2020 12:00:00 AM | |December 28th, 2020 12:00:00 AM | ||
| | |Main Event | ||
| | |Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. | ||
|- | |- | ||
| | | | ||
| Line 76: | Line 73: | ||
== Total Amount Lost == | == Total Amount Lost == | ||
The total amount lost | The total amount lost has been estimated at $9,400,000 USD. | ||
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie? | How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie? | ||
| Line 87: | Line 84: | ||
== Total Amount Recovered == | == Total Amount Recovered == | ||
The total amount recovered has been estimated at $3,696,000 USD. | |||
What funds were recovered? What funds were reimbursed for those affected users? | What funds were recovered? What funds were reimbursed for those affected users? | ||
| Line 100: | Line 97: | ||
== References == | == References == | ||
[https://rekt.news/leaderboard/ Rekt - Leaderboard] (May 12) | <references><ref name="rekt-513">[https://rekt.news/leaderboard/ Rekt - Leaderboard] (May 12, 2021)</ref> | ||
[https://rekt.news/cover-rekt/ Rekt - Cover - REKT] (May 15) | <ref name="rektnews-691">[https://rekt.news/cover-rekt/ Rekt - Cover - REKT] (May 15, 2021)</ref> | ||
[https://www.coindesk.com/cover-protocol-attack-perpetrated-by-white-hat-all-funds-returned-hacker-claimsa Cover Protocol Attack Perpetrated by White-Hat - All Funds Returned, Hacker Claims] (May 17) | <ref name="coindesk-692">[https://www.coindesk.com/cover-protocol-attack-perpetrated-by-white-hat-all-funds-returned-hacker-claimsa Cover Protocol Attack Perpetrated by White-Hat - All Funds Returned, Hacker Claims] (May 17, 2021)</ref> | ||
[https://coinmarketcap.com/headlines/news/cover-hack-cover-protocol-binance-compensation-plan-hack-victim/ COVER Hack: Cover Protocol and Binance Announce Compensation Plan for Hack Victims | Headlines | News | CoinMarketCap] (May 17) | <ref name="coinmarketcap-693">[https://coinmarketcap.com/headlines/news/cover-hack-cover-protocol-binance-compensation-plan-hack-victim/ COVER Hack: Cover Protocol and Binance Announce Compensation Plan for Hack Victims | Headlines | News | CoinMarketCap] (May 17, 2021)</ref> | ||
[https://twitter.com/CoverProtocol/status/1343581331448586245 @CoverProtocol Twitter] (May 17) | <ref name="coverprotocoltwitter-694">[https://twitter.com/CoverProtocol/status/1343581331448586245 @CoverProtocol Twitter] (May 17, 2021)</ref> | ||
[https://cryptobriefing.com/cover-protocol-hacker-million-binance-halts-token-trading/ Cover Protocol Hacker Makes Off With Millions, Binance Halts Token Trading | Crypto Briefing] (May 17) | <ref name="cryptobriefing-695">[https://cryptobriefing.com/cover-protocol-hacker-million-binance-halts-token-trading/ Cover Protocol Hacker Makes Off With Millions, Binance Halts Token Trading | Crypto Briefing] (May 17, 2021)</ref> | ||
[https://www.coverprotocol.com/ Cover Protocol] (May 17) | <ref name="coverprotocol-696">[https://www.coverprotocol.com/ Cover Protocol] (May 17, 2021)</ref> | ||
[https://coingape.com/cover-hack-cover-protocol-binance-compensation-plan-hack-victim/ COVER Hack: Cover Protocol and Binance Announce Compensation Plan for Hack Victims] (May 17) | <ref name="coingape-697">[https://coingape.com/cover-hack-cover-protocol-binance-compensation-plan-hack-victim/ COVER Hack: Cover Protocol and Binance Announce Compensation Plan for Hack Victims] (May 17, 2021)</ref> | ||
[https://twitter.com/sassal0x/status/1343554690181566464 @sassal0x Twitter] (May 17) | <ref name="sassal0xtwitter-698">[https://twitter.com/sassal0x/status/1343554690181566464 @sassal0x Twitter] (May 17, 2021)</ref> | ||
[https://coingape.com/cover-becomes-latest-defi-protocol-to-get-exploited-price-crashes-by-77-within-an-hour/ Breaking: Hyped Defi Project COVER Protocol Exploited, Hacker Mints Unlimited COVER Token] (May 17) | <ref name="coingape-699">[https://coingape.com/cover-becomes-latest-defi-protocol-to-get-exploited-price-crashes-by-77-within-an-hour/ Breaking: Hyped Defi Project COVER Protocol Exploited, Hacker Mints Unlimited COVER Token] (May 17, 2021)</ref> | ||
[https://chainbulletin.com/hacker-returns-stolen-funds-to-cover-protocol/ Hacker Returns Stolen Funds to Cover Protocol - The Chain Bulletin] (May 17) | <ref name="chainbulletin-700">[https://chainbulletin.com/hacker-returns-stolen-funds-to-cover-protocol/ Hacker Returns Stolen Funds to Cover Protocol - The Chain Bulletin] (May 17, 2021)</ref> | ||
[https://coingape.com/cover-protocol-exploit-takes-a-bizzare-turn-hacker-returns-all-the-funds-with-an-important-message/ Cover Protocol Exploit Takes a Bizzare Turn, Hacker Returns All The Funds With an Important Message] (May 17) | <ref name="coingape-701">[https://coingape.com/cover-protocol-exploit-takes-a-bizzare-turn-hacker-returns-all-the-funds-with-an-important-message/ Cover Protocol Exploit Takes a Bizzare Turn, Hacker Returns All The Funds With an Important Message] (May 17, 2021)</ref> | ||
[https://crywnews.com/altcoins/cover-hack-cover-protocol-and-binance-announce-compensation-plan-for-hack-victims/ COVER Hack: Cover Protocol and Binance Announce Compensation Plan for Hack Victims - Crypto World News] (May 17) | <ref name="crywnews-702">[https://crywnews.com/altcoins/cover-hack-cover-protocol-and-binance-announce-compensation-plan-for-hack-victims/ COVER Hack: Cover Protocol and Binance Announce Compensation Plan for Hack Victims - Crypto World News] (May 17, 2021)</ref> | ||
[https://twitter.com/GrapFinance/status/1343555258316804101 @GrapFinance Twitter] (May 18) | <ref name="grapfinancetwitter-703">[https://twitter.com/GrapFinance/status/1343555258316804101 @GrapFinance Twitter] (May 18, 2021)</ref> | ||
[https://www.cryptonary.com/attacker-mints-more-than-1-quintillion-tokens-in-defi-cover-protocol-hack/ Attacker mints more than 1 quintillion tokens in DeFi Cover Protocol hack | Cryptonary] (May 18) | <ref name="cryptonary-704">[https://www.cryptonary.com/attacker-mints-more-than-1-quintillion-tokens-in-defi-cover-protocol-hack/ Attacker mints more than 1 quintillion tokens in DeFi Cover Protocol hack | Cryptonary] (May 18, 2021)</ref> | ||
[https://messari.io/asset/cover-protocol/profile Messari - Bitcoin & crypto price, news, charts, and research] (May 18) | <ref name="messari-705">[https://messari.io/asset/cover-protocol/profile Messari - Bitcoin & crypto price, news, charts, and research] (May 18, 2021)</ref> | ||
[https://ciphertrace.com/wp-content/uploads/2021/01/CipherTrace-Cryptocurrency-Crime-and-Anti-Money-Laundering-Report-012821.pdf CipherTrace Cryptocurrency Crime and Anti-Money Laundering Report 2020] (Jun 19) | <ref name="ciphertrace-1152">[https://ciphertrace.com/wp-content/uploads/2021/01/CipherTrace-Cryptocurrency-Crime-and-Anti-Money-Laundering-Report-012821.pdf CipherTrace Cryptocurrency Crime and Anti-Money Laundering Report 2020] (Jun 19, 2021)</ref> | ||
[https://hacked.slowmist.io/en/?c=ETH%20DApp SlowMist Hacked - SlowMist Zone] (May 17) | <ref name="slowmisthacked-678">[https://hacked.slowmist.io/en/?c=ETH%20DApp SlowMist Hacked - SlowMist Zone] (May 17, 2021)</ref> | ||
[https://www.certik.org/blog/blockchain-hacks-2020-15-billion-lost-how-can-we-mitigate-hacks-in-2021 Blockchain Hacks: 2020 | $15 billion lost, how can we mitigate hacks in 2021? | CertiK Foundation Blog] (Jul 22) | <ref name="certik-1776">[https://www.certik.org/blog/blockchain-hacks-2020-15-billion-lost-how-can-we-mitigate-hacks-in-2021 Blockchain Hacks: 2020 | $15 billion lost, how can we mitigate hacks in 2021? | CertiK Foundation Blog] (Jul 22, 2021)</ref> | ||
[https://cryptosec.info/defi-hacks/ Comprehensive List of DeFi Hacks & Exploits - CryptoSec] (Jan 8) | <ref name="cryptosec-5385">[https://cryptosec.info/defi-hacks/ Comprehensive List of DeFi Hacks & Exploits - CryptoSec] (Jan 8, 2022)</ref> | ||
[https://www.theblockcrypto.com/post/89368/defi-protocol-cover-exploited-attackers-minted-at-least-40-quintillion-tokens DeFi protocol Cover exploited, attackers minted at least 40 quintillion tokens] (Jan 9) | <ref name="theblockcrypto-5422">[https://www.theblockcrypto.com/post/89368/defi-protocol-cover-exploited-attackers-minted-at-least-40-quintillion-tokens DeFi protocol Cover exploited, attackers minted at least 40 quintillion tokens] (Jan 9, 2022)</ref> | ||
[https://mobile.twitter.com/guronghuieric/status/1343672295857016832 https://mobile.twitter.com/guronghuieric/status/1343672295857016832] (Jan 10) | <ref name="guronghuierictwitter-5462">[https://mobile.twitter.com/guronghuieric/status/1343672295857016832 https://mobile.twitter.com/guronghuieric/status/1343672295857016832] (Jan 10, 2022)</ref> | ||
[https://mobile.twitter.com/certik_io/status/1343730470962536448 https://mobile.twitter.com/certik_io/status/1343730470962536448] (Jan 10) | <ref name="certikiotwitter-5463">[https://mobile.twitter.com/certik_io/status/1343730470962536448 https://mobile.twitter.com/certik_io/status/1343730470962536448] (Jan 10, 2022)</ref> | ||
[https://mobile.twitter.com/certikorg/status/1343584463171825664 https://mobile.twitter.com/certikorg/status/1343584463171825664] (Jan 10) | <ref name="certikorgtwitter-5464">[https://mobile.twitter.com/certikorg/status/1343584463171825664 https://mobile.twitter.com/certikorg/status/1343584463171825664] (Jan 10, 2022)</ref> | ||
[https://twitter.com/amanusk_/status/1343554855261138944 @amanusk_ Twitter] (Jul 24) | <ref name="amanusktwitter-8743">[https://twitter.com/amanusk_/status/1343554855261138944 @amanusk_ Twitter] (Jul 24, 2022)</ref></references> | ||
Revision as of 11:33, 17 February 2023
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Cover protocol is a market for insurance, allowing you to protect your assets on other platforms against loss.
Except that the protocol itself got hacked, and there was nobody to insure it. Luckily, the firm which had conducted the breach owned up to it and gave the money back.
This is a global/international case not involving a specific country. [1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25]
About Cover Protocol
Cover is "A peer-to-peer coverage market - A platform where you can buy coverage on anything." "COVER Protocol allows DeFi users to protect against smart contract risk. It stabilizes the turbulent DeFi space by instilling confidence and trust between protocols and their users. At the core of Cover Protocol are the fungible cover tokens. Fungible cover tokens are created when a user deposits collateral into a Cover smart contract. Each Cover contract specifies the protocol to be covered (ie Curve), the preferred collateral (ie DAI), the amount to deposit, and then the expiration date of coverage."
"The decentralized finance (DeFi) insurance project Cover Protocol was hacked earlier Monday in an infinite printing scheme, causing the price of the COVER token to plunge. Hours later, Grap.Finance, a “white hat hacker” claimed responsibility for the attack via their Twitter account, saying all funds had been returned."
"A hacker has exploited a bug in the incentives smart contract of Cover Protocol. This has allowed the hacker to get away with 11,761 COVER tokens, worth $3.62 million at press time."
"COVER (formerly known as SAFE) fell ~90% when an infinite mint loophole was uncovered and exploited, causing the total supply of tokens to increase by 48 quadrillion percent, from 84,477 to 40,796,131,214,802,600,000."
"The attackers managed to exploit a bug in the Cover’s incentive contract called infinite mining bug’." "They successfully discovered a process that gave them COVER tokens as rewards. They then staked, unstaked, and restaked LP tokens in rapid succession." "Nansen, an analyst group focused on Ethereum wallets revealed that the exploiter managed to carry on his exploits for over 2 hours and all of the $2 million stolen funds were minted token."
"Banteg, Yearn Finance’s core developer, commented on Twitter, saying that they are investigating the issue. Yearn Finance entered into a merger with Cover protocol on Nov.28. Binance has halted trading and deposits of Cover Protocol as well."
"“The 4350 ETH that has been returned by the attacker will also be handled through a snapshot to the LP token holders. We are still investigating,” according to the project’s Twitter account." "After claiming responsibility for the hack, the attacker sent a message telling Cover Protocol to “take care of your own shit.”"
"The Cover protocol has now come up with a compensation plan to refurbish those who were impacted by the exploit a couple of days ago. The team behind the defi insurance protocol released a medium post informing traders that the refurbishment plans would be based on the snapshot of block 11541218 which is the block before the first exploit took place."
"We will use the snapshot to calculate each user’s ownership percentage of all outstanding COVER-ETH LP tokens and distribute the ETH proportionally. We have received a total of 4,441.8 (4,350 + 1 + 90.8) ETH. The final distribution will be the total amount of ETH returned by exploiters to the dev multi-sig."
This is a global/international case not involving a specific country.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| December 28th, 2020 12:00:00 AM | Main Event | Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. |
Total Amount Lost
The total amount lost has been estimated at $9,400,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
The total amount recovered has been estimated at $3,696,000 USD.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Prevention Policies
The decentralized finance space is still new and developing.
It is essentially impossible to prove that a smart contract is secure. More secure storage of funds involve multi-signature offline storage.
References
- ↑ Rekt - Leaderboard (May 12, 2021)
- ↑ Rekt - Cover - REKT (May 15, 2021)
- ↑ Cover Protocol Attack Perpetrated by White-Hat - All Funds Returned, Hacker Claims (May 17, 2021)
- ↑ COVER Hack: Cover Protocol and Binance Announce Compensation Plan for Hack Victims | Headlines | News | CoinMarketCap (May 17, 2021)
- ↑ @CoverProtocol Twitter (May 17, 2021)
- ↑ Cover Protocol Hacker Makes Off With Millions, Binance Halts Token Trading | Crypto Briefing (May 17, 2021)
- ↑ Cover Protocol (May 17, 2021)
- ↑ COVER Hack: Cover Protocol and Binance Announce Compensation Plan for Hack Victims (May 17, 2021)
- ↑ @sassal0x Twitter (May 17, 2021)
- ↑ Breaking: Hyped Defi Project COVER Protocol Exploited, Hacker Mints Unlimited COVER Token (May 17, 2021)
- ↑ Hacker Returns Stolen Funds to Cover Protocol - The Chain Bulletin (May 17, 2021)
- ↑ Cover Protocol Exploit Takes a Bizzare Turn, Hacker Returns All The Funds With an Important Message (May 17, 2021)
- ↑ COVER Hack: Cover Protocol and Binance Announce Compensation Plan for Hack Victims - Crypto World News (May 17, 2021)
- ↑ @GrapFinance Twitter (May 18, 2021)
- ↑ Attacker mints more than 1 quintillion tokens in DeFi Cover Protocol hack | Cryptonary (May 18, 2021)
- ↑ Messari - Bitcoin & crypto price, news, charts, and research (May 18, 2021)
- ↑ CipherTrace Cryptocurrency Crime and Anti-Money Laundering Report 2020 (Jun 19, 2021)
- ↑ SlowMist Hacked - SlowMist Zone (May 17, 2021)
- ↑ Blockchain Hacks: 2020 | $15 billion lost, how can we mitigate hacks in 2021? | CertiK Foundation Blog (Jul 22, 2021)
- ↑ Comprehensive List of DeFi Hacks & Exploits - CryptoSec (Jan 8, 2022)
- ↑ DeFi protocol Cover exploited, attackers minted at least 40 quintillion tokens (Jan 9, 2022)
- ↑ https://mobile.twitter.com/guronghuieric/status/1343672295857016832 (Jan 10, 2022)
- ↑ https://mobile.twitter.com/certik_io/status/1343730470962536448 (Jan 10, 2022)
- ↑ https://mobile.twitter.com/certikorg/status/1343584463171825664 (Jan 10, 2022)
- ↑ @amanusk_ Twitter (Jul 24, 2022)