Avalanche DeFi Staking Platform Suffers Flash Loan Attack

Avalanche-based DeFi staking platform – Nereus Finance – suffered a flash loan arbitrage attack. Decentralized exchange (DEX) Trader Joe and DeFi platform Curve Finance are also believed to have been impacted by the event that was executed around 3:26 pm ET on September 6.

Both Avalanche and Nereus are yet to release an official statement regarding the exploit.

Uphold Head of Research Dr. Martin Hiesboeck cited on-chain data from Snowtrace that revealed the attacker launched the exploit with a $51 million flash loan.
These funds were then used to execute a flash loan attack that manipulated token pricing on the staking platform.
While the entity behind the attack did pay back the $51 million loan, they still had $370,000 in USDC stablecoin after the completion of the arbitrage trade.
The attacker reportedly then transferred the ill-gotten funds from the Avalanche blockchain to the Ethereum network, following which the bridged funds were swapped into 194 ETH and 15,800 DAI in this address.
In a recently published report, CertiK’s on-chain security software Skynet disclosed more than $2.33 billion had been lost to various scams and exploits in the Web 3 space, and a total of nearly 377 attacks have been recorded so far this year.
August alone recorded 44 such attacks, with 33 being exit scams and seven deemed as flash loan attacks, among others.
Even as flash loans continue to be a major pain point for the ecosystem, Skynet’s report stated that these attacks have significantly decreased compared to July.
In fact, a drop of 95% was seen for these sorts of attacks cumulating to a $745k loss, the second lowest number logged this year after February. It said,

“August boasts the lowest total amount lost since February this year and did not even break $1 million in loss. Over the course of 7 attacks, we recorded $745,244 in damages, an immense 95% decrease compared to the previous month of July. The average loss per attack this month was $106,463 the lowest amount we at CertiK have ever recorded for flashloans.”

The post Avalanche DeFi Staking Platform Suffers Flash Loan Attack appeared first on CryptoPotato.

Leave a Reply

Your email address will not be published.