Web3 lending app and yield aggregator Wise Lending has been drained of 170 Ether (ETH), worth $440,000 at current prices, in an apparent flash loan exploit on Jan. 12.
According to the report, the exploiter may have manipulated an oracle price through a flash loan in order to carry out the exploit.
Blockchain data shows that the attack took place at 7:29 pm UTC. The attacker used an unverified contract with an address ending in d82c to drain the funds.
See Also: Zurich-based Bank, UBS, Steps Into Cryptocurrency, Trades Bitcoin ETFs
Multiple tokens were transferred into this contract, including $9,000 worth of USD Coin (USDC), $2,000 worth of Tether (USDT), $5,000 worth of Dai (DAI), 18.51 Wrapped Ether (WETH), and numerous Pendle Finance associated tokens.
The attacker borrowed 1,110 Lido Staked Ether (stETH) tokens ($2.9 million) from the Aave lending protocol as part of the exploit. Exploiters often use flash loans to manipulate oracle prices.
Pseudonymous blockchain security researcher Spreek alerted the crypto community about the attack on X (formerly Twitter), stating, “Looks like Wise Lending exploited for ~170 eth.”
Looks like Wise Lending exploited for ~170 eth pic.twitter.com/FKivuNIKZV
— Spreek (@spreekaway) January 12, 2024
In a reply to their own post, Spreek speculated that the vulnerability may have been associated with a new Pendle Finance derivative token.
Another security researcher, Officer’s Notes, shared the post, commenting, “Another day, another exploit.”
Another day, another exploit. https://t.co/qxOrIMGO8q
— Vladimir S. | Officer's Notes (@officer_cia) January 12, 2024
According to Officer’s Notes, the vulnerability may have been caused by a 7% swing in price between stETH and ETH within a particular pool, which was in turn “b/c of AAVE v2 stETH flashloan.”
Looks like Pendle had a 7% stETH/ETH swing b/c of AAVE v2 stETH flashloan.
Wise got drained accordingly (probably a 1:1 fixed exchange somewhere).
Source: https://t.co/xNR62SELnh
Info by @charliemktplace ⬆️ pic.twitter.com/9oVBL3x0Of
— Vladimir S. | Officer's Notes (@officer_cia) January 12, 2024
2024 just got started, but decentralized finance protocols have already lost at least $5 million through exploits.
On Jan. 3, Radiant Capital was hit for over $4.5 million. The following day, liquidity manager Gamma Protocol lost over $400,000 in an exploit.
See Also: Argentina Registers First Lease Agreement Denominated In Bitcoin
In 2023, over $1.8 billion was lost from crypto hacks, scams and exploits, according to blockchain security platform Certik.
Disclaimer: The information provided is not trading advice, Bitcoinworld.co.in holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.