The Avalanche Blockchain was hit by a flash loan attack that allowed the hacker to manipulate the token prices and escape with $370K worth of USDC.
A flash loan exploit allows hackers to increase the price of a token by borrowing uncollateralized assets from a smart contract's liquidity pool. The perpetrator then re-sells their borrowed funds, thus making a profit from the transaction.
The on-chain data from SnowTrace, Avalanche’s Blockchain Explorer, reveals that the hacker used an exploit to launch a $51M flash loan attack and escaped with $370K in USDC after paying back the loan.
Subsequently, they swapped the USDC tokens into 194 ETH and 15,800 DAI. Data from EtherScan reveals that the hacker has transferred most of the ETH tokens to Free Float's crypto exchange, probably in an attempt to cash out the profits.
According to Twitter user Edwardo,
“This appears to be an unauthorized fork of Abracadabra’s code run by nereus finance. We have confirmed that none of the MIM Spell cauldrons are vulnerable to this type of LP token price manipulation.“
Blockchain security firm, Certik, stated that the attack was picked up by its on-chain security software Skynet around 3:26 PM ET on September 6. The firm believes Decentralized Exchange Trader Joe, DeFi staking platform Nereus Finance and Curve Finance were affected by the flash loan attack.
Although the number of hacking attacks on crypto platforms recorded in August is expected to be around 44, data from Skynet reveals the number has decreased significantly since July.
We’re glad you read to this point!
Every week, we publish an email newsletter highlighting all the juicy stories we covered in the crypto space, bringing all the major happenings to your doorstep.
So, if you want to have top stories delivered to your email inbox every week, subscribe to our newsletter!