Bitcoin

Warp Finance Protocol Suffers Flash Loan Attack – Attacker Pocketing $7.7 Million

The Warp Finance protocol has just come under a major attack. A malicious individual managed to steal 7.77 million dollars in stable corners of the protocol, thanks to a flash loan type attack.

Warp Finance loses 7.7 million dollars

The world of decentralized finance (DeFi) is once again the victim of a flash loan type attack. Yesterday, the Warp Finance loan protocol was targeted by a malicious individual, who stole 7.77 million dollars in stablecoins. Specifically, 3.85 million DAI and 3.92 million USDC were stolen.

A few hours before the attack, the Warp Finance team was already recommending to its users not to deposit stablecoins, as it suspected that there were anomalies in its system. And the team was right:

Warp Finance was exploited by a complex flash loan attack that allowed the user to borrow more than its collateral value, resulting in a loss of funds from the stablecoin lenders,“ the team said on Twitter.

The complex attack involved multiple flash swaps to three liquidity pools on the Binbot decentralized exchange, totaling $180 million, as well as two loans on the dYdX platform, totaling $51 million. The funds were then allegedly used to bypass the Warp Finance system.

Analyst Nick Chong tells us that the attacker would have managed to carry out this operation from 1 ETH, previously made anonymous via Tornado Cash, a non-custodial Ethereum mixer.

Out of the 7.7 million dollars lost, the Warp Finance team estimates that it will be able to recover approximately 5.5 million dollars stored in the collateral vault. These funds will theoretically be redistributed to users who suffered a financial loss as a result of the attack.

A bad security audit?

Warp Finance had been audited by HackenClub, a company specializing in the security of DeFi protocols. Recognized for its reliability in the DeFi world, the protocol community struggles to understand how such a flaw was not found and then corrected beforehand.

This proves once again that DeFi protocols are far from being infallible, even when they have been audited by specialized companies. The world of decentralized finance is still young, and this umpteenth major attack reminds us of this.

Launched on December 8, Warp Finance is already out of the game and will struggle to regain the confidence of new users. The team plans to publish a detailed analysis of the attack and the continuation of its operations in the coming days.

Little by little, solutions are being put in place to reinforce the security of the DeFi ecosystem. Recently, a project called ONION raised $3.9 million to develop risk management tools specifically dedicated to DeFi protocols.

This is crucial for the development of the sector on a large scale, the risks inherent to DeFi are still too high and must be addressed as soon as possible.