Visor Finance, an active liquidity management protocol, has been the latest victim of a decentralized finance (DeFi) scam this week.
In the late hours of December 21, the DeFi protocol team tweeted about the occurrence. The staking contract had been exploited, and user cash will be replaced, according to the statement.
“We are aware of an exploit of the vVISR staking contract and are implementing a migration plan for affected VISR. No positions or hypervisor’s are at risk.”
Visor Finance announced an hour later that it would be executing a token migration based on a snapshot taken prior to the attack.
This isn’t the first time.
A rogue smart contract emptied the protocol’s staking contract of 8,812,958 VISR tokens, according to a post mortem released a few hours later by the Visor team. This was worth roughly $8.1 million at the time of the exploit.
The staking contract has a bug that allowed a user-created contract to manipulate the transfer function and empty the staking pool.
Although it is a little late, Visor Finance has stated that its current audits are underway. Also, and that a new contract will be drafted;
“We are engaged with both Quantstamp and ConsenSys Diligence for December. Then, and January audits and this new staking contract will be included.”
The team announced that a new coin will be launched, with the previous VISR token ticker symbol. Which is being replaced with the new one. It went on to say that this has already begun, and that users will be compensated 1:1 wit
h the new token, which it has began listing. The blog article claimed, “No one should buy VISR because it will not be redeemed for the new token.”
This isn’t the first time the protocol has been used in this way. An attacker gained access to an account that handled part of the company’s administrative tasks in late June, resulting in the theft of about $500,000.