Unagii Whitehat Hack
In June 2023 the Unagii team got notified of a vulnerability in their system. Their WethZap contract (meant to help with (un)wrapping ETH and interact with the Unagii system in a single transaction) had missing ownership checks, allowing anyone to execute privileged functions. The team was notified of this vulnerability after one user lost over $60k to an automated MEV operator.
After being notified, the team withdrew the vulnerable funds to a wallet they controlled to mitigate the damage. They were able to rescue the remaining user funds (around $100k) and no further funds were lost. The Unagii team has since returned the rescued funds and reimbursed any users affected by the vulnerability.