Wise Lending drained of $440K worth of crypto in apparent flash loan exploit

The attacker used an unverified contract to borrow 1,100 Lido Staked Ether, which may have been used to manipulate prices and drain funds from the protocol.

Web3 lending app and yield aggregator Wise Lending was drained of 170 Ether

tickers down

, worth $440,000 at current prices, in an apparent exploit on Jan.

12, according to multiple security experts. The exploiter may have manipulated an oracle price through a flash loan in order to carry out the exploit.

Blockchain data shows that the attack took place at 7:29 pm UTC.

The attacker used an unverified contract with an address ending in d82c to drain the funds. Multiple tokens were transferred into this contract, including $9,000 worth of USD Coin

tickers down

, $2,000 worth of Tether

tickers down

, $5,000 worth of Dai

tickers down

إقرأ أيضا:Google responds to accusations of ads tracking data of children

, 18.51 Wrapped Ether (WETH) ($47.694) and numerous Pendle Finance associated tokens.

The attacker borrowed 1,110 Lido Staked Ether (stETH) tokens ($2.9 million) from the Aave lending protocol as part of the exploit. Exploiters often use flash loans to manipulate oracle prices.

Pseudonymous blockchain security researcher Spreek alerted the crypto community about the attack on X (formerly Twitter), stating, “Looks like Wise Lending exploited for ~170 eth.”

In a reply to their own post, Spreek speculated that the vulnerability may have been associated with a new Pendle Finance derivative token. Another security researcher, Officer’s Notes,

إقرأ أيضا:9GAG CEO buys Stephen Chow NFT at 3,155% premium to floor price

shared the post, commenting, “Another day, another exploit.” According to Officer’s Notes, the vulnerability may have been caused by a 7% swing in price

between stETH and ETH within a particular pool, which was in turn “b/c of AAVE v2 stETH flashloan.”

2024 just got started, but decentralized finance protocols have already lost at least $5 million through exploits. On Jan. 3, Radiant Capital was hit for over $4.5 million.

The following day, liquidity manager Gamma Protocol lost over $400,000 in an exploit.

In 2023, over $1.8 billion was lost from crypto hacks, scams and exploits, according to blockchain security platform Certik.

Less than 7% of Web3 VC funding went to female-led startups: Report
‘Enjoyable experience’ — Su Zhu loved his 3 months in Singapore prison

اترك تعليقاً