Hackers on a Defi platform paid $ 15,000 to transfer stolen assets!

altcoin

Hackers on a Defi platform paid $ 15,000 to transfer stolen assets!

Hackers on a Defi platform paid $ 15,000 to transfer stolen assets! : Hours ago, the price of the Cream token, which belongs to an anonymous Defi lending protocol of the same name, plummeted from $ 288 to $ 193 in just one hour. Evidence suggests that the reason for this is the attack of the cyber attackers on the Cream protocol and the eviction of $ 37 million of the assets deposited in it in the form of an instant loan (Flash Loan).

According to Dikripet, no official announcement has yet been made by the Cream Finance protocol development team confirming the attack; However, the team issued a tweet warning of an Exploit Attack cyber attack. Two hours after the tweet was sent, Alpha Finance, another Diffie protocol, announced that it had been the victim of an exploitative attack. Cyber ​​attackers exploit vulnerabilities and possible vulnerabilities in software or operating systems to their advantage by launching exploit attacks.

Cream Finance
Cream Finance

Analyzing the attacks, an analyst at The Block found that several defi hackers had been able to steal $ 37.5 million in assets under the protocols in the form of an instant loan in a complex, multi-step operation.

Cream Finance
Cream Finance

Evidence shows that the attackers first withdrew digital currency loans from lending protocols and then re-secured some of them in the Iron Bank lending protocol. Iron Bank recently received an update that allows it to borrow without collateral from the Alpha Finance protocol, and in this context, the attacker was able to seize special derivative tokens called cySUSD.

An analyst at The Block writes in a tweet:

The attacker then spends the money he previously earned in the form of an instant loan to buy a large number of cySUSD tokens, thus borrowing whatever he wanted from Iron Bank.

The attacker continued his operations with 13,244 ether units (approximately $ 23.8 million), $ 5.6 million StableCoin Tetra, $ 3.6 million StableCoin USDC and $ 4.2 million StableCoin Dai ( Has acquired DAI) from the Iron Bank platform in the form of a loan. The total dollar value of these tokens is about $ 37 million.

By tracking transactions related to the attack in the Block Etruscan browser, the researchers found that of these tokens, 1,000 ethers (approximately $ 1.8 million) were re-pledged in the Cream Finance and Alpha protocols, and 320 ethers (approximately 577,000). Dollars) has also been sent to the Tornado escape tool. It should be noted that the repayment and re-bail of these sums along with another part of the tokens was necessary to carry out such an attack.

In addition, a developer nicknamed pantsme claims that the attacker has allocated 100 ether units of the proceeds to fund the reward defined on the Gitcoin platform. This award is given to developers working on the development of the Tornado platform. Eventually, the attacker appears to have kept about $ 19.9 million in stolen money for himself or his team.

It is worth mentioning that carrying out this attack and withdrawing the mentioned amount from DeFi protocols, $ 14,754 in the form of a fee, cost the attackers.

Since the attack, Alpha Finance tweeted that the breach in its protocol had been resolved, and Karim Finance announced that Karim’s contracts and markets had been reviewed and that everything was back to normal; However, the stance of the teams developing these protocols frightens users into their ambiguity and risk.

Decentralized finance protocols, or DIFAs, are highly susceptible to lending in the form of instant loans. Before Christmas, a platform called Warp Finance DeFi was attacked in a similar way, and the attackers were able to steal a large number of StableCoins worth $ 7.7 million. In another attack on the Compound lending platform, the attackers managed to pocket $ 89 million.

In the end, we should not overlook the fact that there is still a lot of unfinished work on the ground to prevent money leakage from Defi domain protocols.

Hackers on a Defi platform paid $ 15,000 to transfer stolen assets!

Twitter
Twitter

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *