The attacker used an unverified contract to borrow 1,100 Lido Staked Ether, which may have been used to manipulate prices and drain funds from the protocol.
Web3 lending app and yield aggregator Wise Lending was drained of 170 Ether
ETH
tickers down
$2,554
, worth $440,000 at current prices, in an apparent exploit on Jan.
12, according to multiple security experts. The exploiter may have manipulated an oracle price through a flash loan in order to carry out the exploit.
Blockchain data shows that the attack took place at 7:29 pm UTC.
The attacker used an unverified contract with an address ending in d82c to drain the funds. Multiple tokens were transferred into this contract, including $9,000 worth of USD Coin
USDC
tickers down
$1.00
, $2,000 worth of Tether
USDT
tickers down
$1.00
, $5,000 worth of Dai
DAI
tickers down
$1.00
, 18.51 Wrapped Ether (WETH) ($47.694) and numerous Pendle Finance associated tokens.
The attacker borrowed 1,110 Lido Staked Ether (stETH) tokens ($2.9 million) from the Aave lending protocol as part of the exploit. Exploiters often use flash loans to manipulate oracle prices.
Pseudonymous blockchain security researcher Spreek alerted the crypto community about the attack on X (formerly Twitter), stating, “Looks like Wise Lending exploited for ~170 eth.”
In a reply to their own post, Spreek speculated that the vulnerability may have been associated with a new Pendle Finance derivative token. Another security researcher, Officer’s Notes,
shared the post, commenting, “Another day, another exploit.” According to Officer’s Notes, the vulnerability may have been caused by a 7% swing in price
إقرأ أيضا:Nifty News: Adidas unveils resident Web3 artists, Mutant Ape sells for 500 ETH and morebetween stETH and ETH within a particular pool, which was in turn “b/c of AAVE v2 stETH flashloan.”
2024 just got started, but decentralized finance protocols have already lost at least $5 million through exploits. On Jan. 3, Radiant Capital was hit for over $4.5 million.
The following day, liquidity manager Gamma Protocol lost over $400,000 in an exploit.
In 2023, over $1.8 billion was lost from crypto hacks, scams and exploits, according to blockchain security platform Certik.
