The DeFi Warp Finance protocol was hacked by $ 7.7 million in a “flash loan attack”. The project has a plan to recover $ 5.5 million and reimburse affected users.
The decentralized finance space (DeFi) continues to suffer frequent attacks, and the latest victim is Warp Finance. The project admitted earlier today that undisclosed perpetrators compromised the protocol and took almost $ 8 million to initiate a “flash loan attack”.
$ 7.7 million obtained in attack
The significant growth of the DeFi space that has attracted billions of dollars in various protocols has also attracted the attention of malefactors. Hackers often explore different projects, and Warp Finance is the last to fall victim.
The platform that allows users to deposit cryptocurrency assets in exchange for stablecoins described the events as a “complex attack”. The perpetrator managed to borrow more than the amount of the guarantee, which resulted in the loss of funds from the stablecoin lender.
The attacker managed to remove $ 7.7 million from several stablecoins. However, Warp Finance’s security team said it has a “plan to recover approximately $ 5.5 million that is still protected in the guarantee vault”.
2 / The exploiter was able to remove $ 7.7m of stablecoins. The team has a plan to recover approximately $ 5.5m that is still secured in the collateral vault. Upon successful recovery, these will be distributed to users who experienced a loss.
– warp.finance (@warpfinance) December 18, 2020
“Hackers managed to remove $ 7.7 million of stablecoins. The team has a plan to recover approximately $ 5.5 million that is still secured in the collateral safe. After successful recovery, they will be distributed to users who have experienced losses. ”
If the recovery process is successful, the project plans to return the funds to the affected users. For the remaining amount of about $ 2.2 million, Warp Finance said it will work to compensate these customers over time.
Flash Loans and their vulnerabilities
While traditional cryptocurrency loans require users to provide some form of collateral, usually on crypto assets, flash loans operate differently. Users can borrow without placing any collateral, because the lender expects the funds to be returned immediately (within the same block).
If the borrower fails to do so, the contract will be canceled as if it never existed. The popularity of flash loans grew enormously during the DeFi craze due to speed and convenience. However, malicious actors have used them in numerous similar attacks in recent months.
Previous victims include protocols such as bZx, Balancer, Harvest, Akropolis and Origin Protocol.
The blockchain analytics company Glassnode investigated the potential reasons behind the growing number of flash loan attacks. It was concluded that most exploits come from centrally priced oracles and manipulated asset prices.
DeFi protocols have updated their platforms in an attempt to combat vulnerabilities. However, as Warp Finance’s situation shows, DeFi’s relatively recent invention still presents security problems, and investors should be aware of the dangers before allocating any funds.