A decentralized finance (DeFi) platform, Warp Finance, which had just gone live a week before, just became the latest victim of a flash loan attack, as per the announcement by the team. As per the announcement, the attacker had used the attack for siphoning off a whopping $8 million in stablecoins and they had managed to accomplish this by exploiting a bug that enabled them to borrow more than they were permitted to. According to Warp Finance, the exploiter had managed to get away with $7.7 million in stablecoins that had been on the lending platform. However, this doesn’t mean that all is lost.
The Warp Finance Team was quick to say that they already had plans in place for recovering about $5.5 million that had been stolen, which are still kept in the collateral vault. The DeFi platform also said that users had also seen a loss due to this attack would not have to suffer as the funds will be distributed to them. It was just before the hack that the Warp Finance team had informed the users to not deposit stablecoins into the DeFi platform as they had come to see some irregularities. As far as Warp is concerned, the protocol had been launched at the end of October and the official launch of the platform had been made on December 9th.
What does this mean? This means that it took only eight days after the launch of the platform for it to see a theft of around $7.7 million, which makes its introduction and entrance into the relentless world of decentralized finance exploits as a rather harsh one. The flash loan attack that happened at Warp Finance involves users borrowing collateral and then returning it through a single transaction, after they have used the same assets for manipulating the price. A white hat hacker, Emiliano Bonassi, put in some effort for investigating the attack.
He is convinced that multiple ‘flash swaps’ had been involved in the attack and three liquidity pools of Uniswap had also been involved. These three pools of the decentralized exchange included Wrapped BTC, USDT and USDC. Two loans from a crypto trading platform dYdX were also involved in the flash loan attack, which involved Ether and DAI. This assessment from Bonassi makes it clear that the flash loan attack had been planned well in advance, as there were a number of steps that were part of the process.
Sadly, DeFi protocols across the board have had to deal with the problem of flash loan attacks, as Compound had to deal with a loss of $89 million while Harvest Finance ended up losing a total of $34 million. This doesn’t include the numerous exploits and thefts that had occurred due to exploited codes and more. Nonetheless, these decentralized finance (DeFi) protocols have come a long way before they begin finding their feed and it appears that they are going to learn some very expensive lessons on the way. Warp has promised to provide a more detailed post-mortem to its clients.