Another DeFi Hack: $7.7 Million Stolen In A Flash Loan Attack From Warp Finance
The decentralized finance (DeFi) space continues to experience frequent attacks, and the latest victim is Warp Finance. The project admitted earlier today that undisclosed perpetrators have compromised the protocol and taken nearly $8 million by initiating a flash loan attack.
$7.7M Taken In A Flash Loan Attack
The significant growth of the DeFi space that attracted billions of dollars locked in numerous protocols has also garnered the attention of bad actors. Hackers have frequently exploited different projects, and Warp Finance is the latest to fall victim.
The platform enabling users to deposit cryptocurrency assets in exchange for stablecoins described the events as a “complex flash loan attack.” The perpetrator was able to borrow more than the collateral value, which has resulted in a loss of stablecoin lender funds.
The attacker managed to remove $7.7 million of various stablecoins. Nevertheless, Warp Finance’s security team claimed that it has a “plan to recover approximately $5.5 million that is still secured in the collateral vault.”
2/ The exploiter was able to remove $7.7m of stablecoins. The team has a plan to recover approximately $5.5m that is still secured in the collateral vault. Upon successful recovery, these will be distributed to users who experienced a loss.
— warp.finance (@warpfinance) December 18, 2020
Should the recovery process succeeds, the project plans to return the funds to affected users. For the remaining amount of about $2.2 million, Warp Finance said it will work on compensating those clients over time.
Flash Loans And Their Vulnerabilities
While traditional cryptocurrency loans require users to provide some sort of collateral, typically in crypto assets, flash loans operate differently. Users can borrow without posting any collateral because the lender expects the funds to be returned immediately (within the same block).
If the borrower fails to do so, the contract will be void as if it never existed. The popularity of flash loans has grown massively during the DeFi craze because of the speed and convenience. However, bad actors have used them for countless similar attacks in the past several months.
Previous victims include protocols such as bZx, Balancer, Harvest, Akropolis, and Origin Protocol.
The blockchain analytics firm Glassnode investigated the potential reasons behind the growing numbers of flash loan attacks. It concluded that most exploits come from centralized price oracles, manipulated assets’ prices, and “siphon funds from contracts.”
DeFi protocols have upgraded their platforms in an attempt to fight the vulnerabilities. However, as the Warp Finance situation shows, the relatively recent invention DeFi still displays security issues, and investors have to be aware of the dangers before allocating any funds.