Old DeFi Projects Under Siege: $5 Million Gone in a Week

Three Old DeFi Projects Lose $5 Million in a Week

In the past week, three abandoned or no longer maintained DeFi projects from the 2020-2022 era have suffered significant losses. Some speculate these hacks might be part of a larger, AI-driven campaign targeting old contracts.

Ribbon Finance: A Sudden Reversal

• Date: Last Friday
• Loss: $2.7 million
• Details:
• Hack on old DOV vaults.
• Initially promised to reimburse users from their own funds and inactive accounts.
• Later reversed the decision, stating users would lose everything.

Rari Capital: A Week-Long Unnoticed Hack

• Date: December 10
• Loss: $2 million
• Details:
• Hacker withdrew assets without collateral.
• Rari Capital had already shut down after major hacks in 2021 and 2022.
• Settled with the SEC in 2024 for misleading investors.

Yearn Finance: A Five-Year-Old Contract Exploited

• Date: Recent
• Loss: $250,000
• Details:
• Misconfigured adapter caused a chain reaction across multiple DeFi protocols.
• Exploited the same vulnerability as a 2023 attack that lost $11 million.
• Previously suffered a $1.4 million loss from slippage in 2023.

Rising Concerns About AI-Driven Hacks

• Smart Contract Hacks on the Rise: These recent attacks are concerning, especially as smart contract hacks have generally been declining.
• AI Targeting Old Contracts: A security researcher suggests someone might be using AI tools to target old contracts.
• Expert Advice: Users are advised to withdraw funds from old, abandoned contracts.
• Future Risks: AI could make it much harder for DeFi developers in the future.

AI Agents and Smart Contract Vulnerabilities

• Anthropic Study: A recent study by Anthropic showed AI agents could exploit smart contracts and even find new vulnerabilities.
• Future Implications: This raises concerns about how AI might be used in future hacks.