Reserved IP Address°C
03-31-2025
BSV
$31.24
Vol 15.87m
-2.85%
BTC
$82122
Vol 21218.04m
-1.27%
BCH
$297.66
Vol 175.81m
-2.93%
LTC
$81.97
Vol 372.74m
-4.74%
DOGE
$0.16
Vol 1147.94m
-3.87%
Getting your Trinity Audio player ready...

On Thursday, November 12th, the DeFi platform Akropolis–which allows users to earn interest on deposits as well as borrow–was the victim of an exploit that resulted in roughly $2 million in stolen funds. The attacker, who has not been identified yet, was able to exploit Akropolis by taking out flash loans and making use of a flaw within the Akropolis smart contract.

The attacker was able to make off with roughly $2 million worth of the stablecoin DAI by draining Akropolis’s YCurve and sUSD pools. The stolen funds are currently sitting in a wallet that has already been marked as “the Akropolis hackers wallet” 

How it happened

According to Akropolis’s post-mortem report,

The hacker created a flash-loan to borrow funds then called SavingsModule.deposit() with fake token (his own contract 0xe2307837524db8961c4541f943598654240bd62f) 

During “transferFrom” of this fake token, he executed another deposit with real 800k DAI borrowed from DyDx. 

The balance of the pool was actually increased during the first deposit and as a result, our PoolTokens were minted twice.

 Thus he was able to withdraw almost double the amount.

What’s unique about the Akropolis exploit, is that unlike many of the other DeFi projects in the space, Akropolis claims to have been independently audited twice. Regardless, Akropolis Founder and CEO Ana Andrianova says that the two attack vectors exploited to pull of this attack were missed during the audits.

Shortly after the attack took place, Akropolis, halted trading in all of its stablecoin pools, informed digital currency exchanges of the exploit, and put their development team and security specialists to work to create a patch.

The DeFi death toll rises 

Several DeFi exploits have taken place in 2020. According to blockchain analytic firm CipherTrace, DeFi related thefts and hacks are on the rise while digital currency crime, in general, is declining.

When it comes to DeFi, you must proceed with caution and thoroughly research before investing. The DeFi ecosystem is very new, which means that there are several unexplored attack vectors and bugs waiting to be exploited. To add insult to injury, several DeFi projects do not get their code-audited and launch their projects with insecure infrastructure; and as we see with the Akropolis exploit, even if the project does get its code audited, it does not guarantee that it will be bullet-proof.

Recommended for you

India to transform Parliamentary processes with AI
Called 'Sansad Bhashini,' the initiative by the Lok Sabha Secretariat and IndiaAI Mission is expected to transform parliamentary processes through...
March 31, 2025
Metaverse trends, solutions on the rise: report
The metaverse ecosystem is set to thrive in the coming years as industry use cases and trends grow with enterprise...
March 31, 2025
Advertisement
Advertisement
Advertisement