Another day, another DeFi exploit.
On December 17th, the DeFi project Warp.Finance–whose official launch date was December 9th–was the victim of a flash loan attack that resulted in $7.7 million in stablecoins being stolen from the Warp.Finance DAI and USDC liquidity pools.
How it happened
The Warp Finance team first noticed the attack when they realized that “irregular stablecoin loans” were being taken out.
A few hours later, Warp.Finance followed up with an official announcement, saying that they had been the victim of a flash-loan attack. The attacker took out a flash loan which allowed them to borrow more than the amount of collateral they put down, which resulted in the loss of 3.85 million DAI and 3.92 million USDC.
Fortunately–and unlike many attacks that take place in the DeFi sector–the Warp Finance team said that the team has a plan to recover $5.5 million because that money is stored in the collateral vault. The $5.5 million will be distributed to individuals that experienced a loss (Warp.Finance DAI and USDC lenders) as a result of the flash-loan attack. The team says that they will be publishing a post-mortem report in the next few days.
More exploits before the year ends?
Several DeFi attacks have taken place this year because DeFi platforms have become low-hanging fruit for attackers looking to steal funds. DeFi platforms often have insecure infrastructure, code that has been copy and pasted from other projects, and several attack vectors.
The flash-loan attack vector is a very popular method that has been used many times this year. For instance, Origin Protocol, Harvest protocol, Pickle Finance, Value DeFi, and Akropolis were all exploited by way of flash-loan attack.
Given how susceptible DeFi platforms are to exploits and hacks, it would not be surprising to see a few more DeFi projects get exploited before the end of the year.
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.