Avalanche DeFi Staking Platform Suffers Flash Loan Attack

hacker steal cover

Avalanche-based DeFi staking platform – Nereus Finance – suffered a flash loan arbitrage attack. Decentralized exchange (DEX) Trader Joe and DeFi platform Curve Finance are also believed to have been impacted by the event that was executed around 3:26 pm ET on September 6.

Both Avalanche and Nereus are yet to release an official statement regarding the exploit.

  • Uphold Head of Research Dr. Martin Hiesboeck cited on-chain data from Snowtrace that revealed the attacker launched the exploit with a $51 million flash loan.
  • These funds were then used to execute a flash loan attack that manipulated token pricing on the staking platform.
  • While the entity behind the attack did pay back the $51 million loan, they still had $370,000 in USDC stablecoin after the completion of the arbitrage trade.
  • The attacker reportedly then transferred the ill-gotten funds from the Avalanche blockchain to the Ethereum network, following which the bridged funds were swapped into 194 ETH and 15,800 DAI in this address.
  • In a recently published report, CertiK’s on-chain security software Skynet disclosed more than $2.33 billion had been lost to various scams and exploits in the Web 3 space, and a total of nearly 377 attacks have been recorded so far this year.
  • August alone recorded 44 such attacks, with 33 being exit scams and seven deemed as flash loan attacks, among others.
  • Even as flash loans continue to be a major pain point for the ecosystem, Skynet’s report stated that these attacks have significantly decreased compared to July.
  • In fact, a drop of 95% was seen for these sorts of attacks cumulating to a $745k loss, the second lowest number logged this year after February. It said,

“August boasts the lowest total amount lost since February this year and did not even break $1 million in loss. Over the course of 7 attacks, we recorded $745,244 in damages, an immense 95% decrease compared to the previous month of July. The average loss per attack this month was $106,463 the lowest amount we at CertiK have ever recorded for flashloans.”

SPECIAL OFFER (Sponsored)

Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).

PrimeXBT Special Offer: Use this link to register & enter POTATO50 code to receive up to $7,000 on your deposits.

You Might Also Like: