Uncategorized

Wise Lending drained of $440K worth of crypto in apparent flash loan exploit

The attacker used an unverified contract to borrow 1,100 Lido Staked Ether, which may have been used to manipulate prices and drain funds from the protocol.

Web3 lending app and yield aggregator Wise Lending was drained of 170 Ether
ETH

tickers down
$2,554

, worth $440,000 at current prices, in an apparent exploit on Jan.

12, according to multiple security experts. The exploiter may have manipulated an oracle price through a flash loan in order to carry out the exploit.

Blockchain data shows that the attack took place at 7:29 pm UTC.

The attacker used an unverified contract with an address ending in d82c to drain the funds. Multiple tokens were transferred into this contract, including $9,000 worth of USD Coin
USDC

tickers down
$1.00

, $2,000 worth of Tether
USDT

tickers down
$1.00

, $5,000 worth of Dai
DAI

tickers down
$1.00

إقرأ أيضا:Billionaire’s suit over scam crypto ads on Meta dismissed in Australia

, 18.51 Wrapped Ether (WETH) ($47.694) and numerous Pendle Finance associated tokens.

The attacker borrowed 1,110 Lido Staked Ether (stETH) tokens ($2.9 million) from the Aave lending protocol as part of the exploit. Exploiters often use flash loans to manipulate oracle prices.

Pseudonymous blockchain security researcher Spreek alerted the crypto community about the attack on X (formerly Twitter), stating, “Looks like Wise Lending exploited for ~170 eth.”

In a reply to their own post, Spreek speculated that the vulnerability may have been associated with a new Pendle Finance derivative token. Another security researcher, Officer’s Notes,

إقرأ أيضا:How can Web3 bring financial freedom closer to reality for freelancers across the globe?

shared the post, commenting, “Another day, another exploit.” According to Officer’s Notes, the vulnerability may have been caused by a 7% swing in price

between stETH and ETH within a particular pool, which was in turn “b/c of AAVE v2 stETH flashloan.”

2024 just got started, but decentralized finance protocols have already lost at least $5 million through exploits. On Jan. 3, Radiant Capital was hit for over $4.5 million.

The following day, liquidity manager Gamma Protocol lost over $400,000 in an exploit.

In 2023, over $1.8 billion was lost from crypto hacks, scams and exploits, according to blockchain security platform Certik.

السابق
Less than 7% of Web3 VC funding went to female-led startups: Report
التالي
‘Enjoyable experience’ — Su Zhu loved his 3 months in Singapore prison

اترك تعليقاً