The attacker withdrew $8 million from the protocol using a flash credit scheme. It allows you to take loans for a short period without collateral, provided that the loan is returned immediately, within one block. This handy feature is often used by cybercriminals to steal money from DeFi protocols.
Warp Finance promises to return the money
The Warp Finance team confirmed the hack and recommended that users not place deposits in stablecoins until the circumstances are clarified.
"We are investigating suspicious loans made in the last hour and recommend not depositing stablecoins into the account until we have clarified all the details."
Later, the project reported that the hacker stole $7.7 million, while one of the vaults still contains $5.5 million. The developers plan to restore these funds and pay them to the affected users.
“In the coming days, we will publish a detailed analysis of what happened and talk about the next steps,” they wrote .
Hacker went broke on commissions
Experts point out that the hacker used the Tornado Cash mixer to hide traces of ETH transactions and used a complex scheme involving the Uniswap and dYdX protocols. Similar manipulations were used to break the Pickle Finance protocol.
This time, the hacker was less calculating. According to popular crypto-twitter blogger Nick Chong, the attacker got only $1 million in ETH. The rest had to be spent on commissions.
The expert claims that the hacker poured a lot of money into illiquid pairs on Uniswap, which led to large slippage in flash swaps. In addition, at least $2.4 million was spent on commissions for the automated market maker (AMM).
As a reminder, in November, Origin Dollar protocol was hacked for an estimated $7 million.
According to CipherTrace analysts, since the beginning of 2020, the damage from hacking DeFi-protocols has exceeded $99 million. Also, due to hack attacks, the blockchain industry has lost almost $14 billion since the beginning of the year.
Read also: 5 Platforms That Will Help You Avoid Falling For DeFi Scams
Think we missed something? Let us know in the comment section below.