In June, CertiK Skyfall team conducting whitehat research discovered a critical vulnerability in the Kraken platform. We notified the exchange to ensure this important vulnerability was fixed—which was a win for blockchain and Web3 security.
On June 30th, 2023, the liquidity migrator contract of Biswap, for migrating liquidity from v2 to v3, was exploited. The vulnerable code is located on the `MigratorV3` contract, which is not audited by Certik.
On June 14th, 2023, Hashflow experienced a loss of ~$605k across five chains. The vulnerable contract is unverified and the vulnerable `0x1ce5` function contains a `transferFrom` function the attacker could trigger to steal user funds when approved. The vulnerable function was absent from the audited codebase, it is out of the audit scope.