List of Crypto Hacks in the Month of March — ImmuneBytes

3 min readMar 6, 2024

😈On March 5, 2024, Wootrade’s @_WOOFi WooPPV2 contract was targeted by malicious actors and got away with $8.5M worth of crypto assets on the Arbitrum chain.

The cause of the exploit is a price manipulation attack.
The price calculation in the WooPPV2 contract was flawed. The hacker exploited this flaw by flash-loaning $USDC.e and $Woo to manipulate the price.

This was followed by successive token swaps, which allowed the hacker to rake in profits due to price differences.

The attacker was initially funded by @TornadoCash on $ETH. Post exploit, the attacker has started obfuscating the stolen funds by transferring it to different EOAs and bridging them to other chains.

Exploited Contract:

Exploiter Address:

At the time of writing this, the exploiter is still holding ~$730K at this address.

Other Address Receiving Stolen Funds: (~$7.4M)

Hack Txn:

Hack Response:

On realizing the exploit, @_WOOFi immediately paused the affected contract and asked all its users to revoke approvals to the said contract.

The contract was paused within 13 minutes of the exploit, as per the officially released statement. This prevented the losses from escalating.

The vulnerabilities in the exploited contract are being rectified. WOOFi Swap is expected to be fully functional again within the next two weeks, as per the team @_WOOFi.

The team also confirmed that the current user assets in Earn vaults were not impacted in the exploit.
Oracle price manipulation attacks using flash loans are not new. There have been several crypto exploits in the past which have caused huge losses to the defi projects.

Know about Oracle Price Manipulation attacks and how they are executed in detail here:
What are Oracle Manipulation Attacks in Blockchain?

A detailed insight into flash loan attacks can be found here:
What Is A Flash Loan Attack, And How To Prevent It?

Top 10 Flash Loan Attacks

👿On Mar 6, 2024, a user on the Ethereum chain lost ~1.1 million $PAAL, worth ~$700K, when it signed a Uniswap Permit2 malicious signature.


Contract Address: 0x0528BEc5405178F112A0cdA7266c92c04Ad28260


  • 0xf3f436aa46406eb77ede9abeee410aadddfb68f4
  • 0x0000db5c8B030ae20308ac975898E09741e70000 (#Fake_Phishing187019)

Phishing Txn:

Do you know what Permit2 signatures are and what risks are associated with them? Learn about it here: PERMIT2 ERC-20 Token Approvals and Associated Risks

👿On Mar 6, 2024, the TGBS token was exploited for ~$151k by using a flash loan attack.

What Is A Flash Loan Attack, And How To Prevent It?

The hacker’s modus operandi was to repeatedly transfer a small amount of TGBS to themself, which triggered the burning of tokens on the LP.

As a result, the token price fluctuated, which the exploiter manipulated to rake in profits.

The attacker was initially funded by Tornado Cash


Due to the exploit, the TGBS token prices took a steep fall and have yet to regain their lost levels.

Hack Txn:

Malicious Contract:

Victim contract:
0xedecfa18cae067b2489a2287784a543069f950f4 (TGBS)

👿On March 7, 2023, defi lender Tender Finance (Now Glend @GemachLend ) was exploited for ~$1.59 million through flash loan attacks.

By manipulating the misconfigured price oracle, the hacker borrowed $1.59 million worth of assets from the protocol by depositing 1 GMX token, which was valued at $71

The exploiter (who later turned out to be a white hat / ethical hacker) sent an on-chain message to mentioning that Tender Finance’s Oracle was misconfigured and asking them to get in touch with him to fix this misconfiguration.


Tender Finance later confirmed that the white hat hacker returned the funds for a bounty reward of $97,000 (62.15 ETH).

Oracle price manipulations have the potential to wreck any defi project.

Oracles act as a bridge between blockchains and the outside world by supplying them with real-world data, most commonly price feeds. Any error in the feed can be manipulated by malicious actors, resulting in big losses.

Good Read: What are TWAP Oracles, and How are they different from Uniswap?

Originally published at on March 6, 2024.




Build a hack-proof solution with the industry’s leading blockchain security company.