Attackers Leverage Sophisticated Flaw to Target Liquidity Provider | Cyware Hacker News


Cryptocurrencies and their associated services are already considered a risky bet due to the lack of any global regulatory agency. And any technically sophisticated attack on such a currency system can cause huge setbacks for both the system developers and the end-users. Something similar happened with the decentralized financer Balancer Pool recently.

Attackers drain the liquidity provider

Balancer Pool, the Decentralized finance (Defi) liquidity provider, witnessed a sophisticated cyber fraud, where hackers exploited a loophole in the transaction protocol to steal a large sum of money.
  • Recently, unknown attackers targeted at least two Balancer multi-token pools and exploited a vulnerability in the context of AMM and token with the deflationary model.
  • To carry out this fraud, the attackers borrowed $23 million worth of Wrapped Ether (wETH) tokens and then traded these tokens among themselves in such a way that the value of wETH returned back to the attackers remained same even after several transactions.
  • The attackers also performed the same attack using other tokens, wrapped Bitcoin (wBTC), LINK, and SNX, resulting in a release of $500,000 worth of tokens.

Other recent attacks via cryptocurrency flaws

Several technically sound hackers have been taking undue advantages of such flaws in cryptocurrency systems and making easy money by illegitimate means.

  • In April, the Chinese decentralized finance protocol dForce lost around $25 million worth of its customers’ cryptocurrency, due to a known vulnerability with ERC777.
  • In February, unknown hackers exploited a price feed-related flaw in the Ethereum-based lending project bZx, thus stealing $630,000-worth of the ether cryptocurrency.

Previous warning

Hex Capital, the San Fransisco-based Venture capital and portfolio management company claimed that it had already submitted this exact attack vector to the Balancer Labs’ Bug Bounty program at the beginning of May. At that time, the total risk on the user funds was just $250, which had then grown to $500,000.



Source link

Add a Comment

Your email address will not be published. Required fields are marked *