No one is safe: Ethereum DeFi protocol by PayPal co-founder exploited for $7.5m

Spread the love

No one is safe from the ever-growing wave of decentralized finance (DeFi) exploits, not even prominent technologists and investors.

Today, an up-and-coming DeFi protocol built on Ethereum by prominent Silicon Valley developers such as Yu Pan, a founding member of PayPal and the earliest Youtube employee, was attacked with a flash loan.

This is the fifth flash loan attack of the past three weeks, making it clear that this is an issue that all Ethereum users should be aware of.

OriginUSD hacked for $7.5 million in ETH and DAI

On Monday evening, a suspicious transaction was spotted by many users on Twitter. At first, few knew what had happened: this unknown user had withdrawn 70,000 ETH from dYdX, an Ethereum decentralized exchange, as a flash loan, then used those funds to withdraw millions in stablecoins.

Some thought it was a normal arbitrage, but I suggested it was a flash loan exploit on a yield aggregator protocol.

The reason why I thought so was that the account affiliated with this suspicious transaction had sent millions worth of DAI and Ethereum from the flash loan transaction to his own address, implying that he made a profit. It was also clear that the transaction involved Origin USD (OUSD), a meta-stablecoin that natively yields interest to holders.

https://twitter.com/n2ckchong/status/1328510606647848961?ref_src=twsrc%5Etfw” target=”_blank” rel=”nofollow noopener noreferrer

In all $7.5 million worth of funds were taken from the protocol, which was all the funds in the Origin pool at the time. The attacker immediately began to try and wash the funds, withdrawing $2 million worth of RenBTC into Bitcoin proper, then converting the censorable stablecoins into ETH and DAI.

This attack wasn’t fully confirmed by the team until hours later, when Origin’s co-founders shared the following blog online:

According to them, what had happened was a “reentrancy bug.” A reentrancy bug is an infamous type of Ethereum smart contract exploit that basically allows someone to pretend they deposited a coin without actually depositing that coin.  In basic terms, it’s like double-spending BTC.

The bug allowed the attacker to mint a large number of OUSD tokens without them having the stablecoins to back them. This allowed them to subsequently withdraw more coins in the pool than those they deposited.

https://twitter.com/matthewliu/status/1328568370573299712?ref_src=twsrc%5Etfw” target=”_blank” rel=”nofollow noopener noreferrer

The Origin team will be working nonstop to try and make affected users whole:

“We will be taking exhaustive measures in the next few days in an attempt to recover lost user funds before discussing a compensation plan for affected OUSD holders.”

What makes this notable is that this is the fifth flash loan attack of the past three weeks.

We covered many of these attacks, including the one that took place just last week on Akropolis, and another that took place this weekend on Value DeFi. 

The post No one is safe: Ethereum DeFi protocol by PayPal co-founder exploited for $7.5m appeared first on CryptoSlate.



Source: No one is safe: Ethereum DeFi protocol by PayPal co-founder exploited for .5m

Recent Posts

  • Cryptocurrency

Altcoin Investments In 2022: A Compact Guide

Bitcoin has been around since 2009 and is the first and most well-known cryptocurrency.However, many…

  • Cryptocurrency

Crypto payments will once again “make sense” with layer-2 scaling

Ethereum layer 2 is a concept that, in my opinion, been somewhat forgotten, and one…

  • NFT

Want Your NFTs to Be Liquid? Here Are the Best Choices for 2022

Not all NFT loan and liquidity systems are made equal, and some may provide more…

  • Cryptocurrency

Basic understanding of Bitcoin Wallet

Cryptocurrency has been there for a while now and recently it's all over. Millennials have…

  • Gaming & Gambling

mBit Casino – Legit Bitcoin Casino Review 2022

mBit casino is a fully regulated and licensed Bitcoin casino that provides new players a…

  • Cryptocurrency

Voyager Digital submits a Chapter 11 bankruptcy and recovery strategy

Voyager Digital submits a Chapter 11 bankruptcy filing and offers a recovery strategy. Voyager Digital…