DeFi lending protocol Warp Finance has reportedly faced a flash loan attack resulting in the loss of as much as $ 8 million in digital assets.
Reports are coming in that an attacker has made between $ 1 million and even $ 8 million according to DeFi Prime. The losses follow a series of flash loans who have exploited vulnerabilities in the Warp Finance protocol.
Warp Finance is a new DeFi platform announced in early November that allows users to deposit liquidity provider (LP) tokens of other protocols and receive stablecoin loans in return.
The Warp Finance Twitter feed had no details at the time of writing, aside from this:
“We are investigating irregular stablecoin loans taken out in the past hour, we recommend that you do not deposit any more stablecoins until we have clarity on the irregularities”
An user [@Swind11001] responded to the message claim to have lost 40,000 DAI;
“Please help me. This is my first time using defi. I have invested a total of 40000 Dai. This money is all my savings. I can’t live without it.”
DeFi analysis portal DeFi Prime has flagged the relevant suspicious transaction;
⚠️ Flash Lending Attack on a Warp Protocol ⚠️
About $ 8 million stolen ♂️
h / t @CryptoCatVC
This TX ⤵️https://t.co/CMEPxk4838
– defiprime (@defiprime) December 17, 2020
White hat hackers are investigating the spurious transactions that led to the raid. Co-founder of the Marqet Exchange, Emiliano Bonassi, delved into what happened citing;
“This is the second attack using multiple flash liquidity, flash swaps through Uniswap and flash lending through dYdX,”
He added that the attacker asked for three wrapped Ether loans via flash swaps to three different pools on Uniswap and two more on the dYdX trading platform. The money was then used to store WETH / DAI liquidity pool (LP) tokens that were used as collateral for Warp Finance to clear the USDC and DAI vaults.
A flash loan is when crypto collateral is borrowed and paid back within the the same transaction. Smart contract audits, like this one performed for Warp by Hacken, do not necessarily protect against them, as they exploit the design of the system.
The attack vector was the weapon of choice for crypto thieves of DeFi protocols this year with various protocols including bZX, Balancer, Origin of the protocol, Akropolis and Harvest Finance are all victims. Warp Finance appears to be the latest victim.