Commenting on the attack, Ola Finance noted it was still investigating the incident. It promised to provide a detailed report.
Lending protocol Ola Finance has announced the loss of funds amounting to about $3.6 million in what is the latest DeFi hack. The hack took place on the Fuse network, one of several blockchains on which it operates.
How the DeFi Hack Took Place
According to blockchain security and analytics firm, PeckShield, the hacker exploited a common incompatibility flaw between the compound fork and ERC677/ERC777 tokens. The flaw, called the reentrancy bug, allows a user to make repeated requests on a protocol for funds to steal assets.
With Ola Finance, the user placed personal assets as collateral to borrow funds. Afterward, they exploited the smart contract vulnerability to receive the collateral back without paying what was borrowed. In a series of flash loan attacks, the hacker then repeated the process across five other pools. The pools hit was USDC, $FUSD, $BUSD, $WBTC, $WETH & $FUSE pools.
Commenting on the attack, Ola Finance noted it was still investigating the incident. It promised a detailed report as soon as it was available. In the interim, it has paused its lending services on the Fuse network, while its services on other blockchains remain unaffected.
DeFi Protocol, Voltage Finance, who uses the lending protocol said:
“We became aware of a breach on the @voltfinance lending platform around 3 hours ago leading to the theft of $4M in $USDC, $FUSD, $BUSD, $WBTC, $WETH & $FUSE”.
The protocol clarified that the DeFi hack had nothing to do with its protocol. However, it announced it collaborating with Ola Finance to investigate the situation.
Rising Hacks, a Problem for DeFi adoption
A similar reentrancy vulnerability was exploited on the Gnosis chain a few weeks ago. Two DeFi protocols, Hundred Finance and Agave lost about $11 million to flash loan attacks.
Just this week, Axie Infinity sidechain, Ronin, lost over $615 million in USDC and Ethereum. Interestingly, the hack was not noticed until a customer reported his inability to withdraw about 5000ETH.
With the hacks increasing, there are concerns it will negatively impact the rising DeFi adoption. It is only expected that users will begin to worry about their funds and perhaps start to pull out funds.
An experienced writer and Fintech enthusiast, passionate about helping people take charge of, scale and secure their finances. Has ample experience creating content across a host of niche. When not writing, he spends his time reading, researching or teaching.