No one is safe from the ever-growing wave of decentralized finance (DeFi) exploits, not even prominent technologists and investors.
Today, an up-and-coming DeFi protocol built on Ethereum by prominent Silicon Valley developers such as Yu Pan, a founding member of PayPal and the earliest Youtube employee, was attacked with a flash loan.
This is the fifth flash loan attack of the past three weeks, making it clear that this is an issue that all Ethereum users should be aware of.
On Monday evening, a suspicious transaction was spotted by many users on Twitter. At first, few knew what had happened: this unknown user had withdrawn 70,000 ETH from dYdX, an Ethereum decentralized exchange, as a flash loan, then used those funds to withdraw millions in stablecoins.
Some thought it was a normal arbitrage, but I suggested it was a flash loan exploit on a yield aggregator protocol.
The reason why I thought so was that the account affiliated with this suspicious transaction had sent millions worth of DAI and Ethereum from the flash loan transaction to his own address, implying that he made a profit. It was also clear that the transaction involved Origin USD (OUSD), a meta-stablecoin that natively yields interest to holders.
https://twitter.com/n2ckchong/status/1328510606647848961?ref_src=twsrc%5Etfw” target=”_blank” rel=”nofollow noopener noreferrer
In all $7.5 million worth of funds were taken from the protocol, which was all the funds in the Origin pool at the time. The attacker immediately began to try and wash the funds, withdrawing $2 million worth of RenBTC into Bitcoin proper, then converting the censorable stablecoins into ETH and DAI.
This attack wasn’t fully confirmed by the team until hours later, when Origin’s co-founders shared the following blog online:
According to them, what had happened was a “reentrancy bug.” A reentrancy bug is an infamous type of Ethereum smart contract exploit that basically allows someone to pretend they deposited a coin without actually depositing that coin. In basic terms, it’s like double-spending BTC.
The bug allowed the attacker to mint a large number of OUSD tokens without them having the stablecoins to back them. This allowed them to subsequently withdraw more coins in the pool than those they deposited.
https://twitter.com/matthewliu/status/1328568370573299712?ref_src=twsrc%5Etfw” target=”_blank” rel=”nofollow noopener noreferrer
The Origin team will be working nonstop to try and make affected users whole:
“We will be taking exhaustive measures in the next few days in an attempt to recover lost user funds before discussing a compensation plan for affected OUSD holders.”
What makes this notable is that this is the fifth flash loan attack of the past three weeks.
The post No one is safe: Ethereum DeFi protocol by PayPal co-founder exploited for $7.5m appeared first on CryptoSlate.
Bitcoin has been around since 2009 and is the first and most well-known cryptocurrency.However, many…
Ethereum layer 2 is a concept that, in my opinion, been somewhat forgotten, and one…
Not all NFT loan and liquidity systems are made equal, and some may provide more…
Cryptocurrency has been there for a while now and recently it's all over. Millennials have…
mBit casino is a fully regulated and licensed Bitcoin casino that provides new players a…
Voyager Digital submits a Chapter 11 bankruptcy filing and offers a recovery strategy. Voyager Digital…