Hackers have marked yet another DeFi flash loan hack this year after stealing $2 million from Akropolis. The project has revealed the event in an official blog post yesterday, stating that funds were stolen from the yCurve and sUSD pools. For now, the hacker and his real identity remain anonymous.
Akropolis notes that the team realized a discrepancy in the APY yield rates of their stablecoin pools around 14:36 GMT on November 12. Later on, they have seen that hackers have drained around $2 million in DAI from the sUSD and yCurve liquidity pools.
According to the team, two independent blockchain auditing firms have reviewed the liquidity pools. Nevertheless, the hacker has discovered an exploit that was not spotted within the reports. While there is no highly detailed information regarding how the hack exactly went, Acropolis has stated:
“The essence of the exploit in question is a combination of a re-entrancy attack with dYdX flash loan origination.”
Akropolis plans to reimburse all users affected by the hack
Since releasing the announcement yesterday, the Akropolis team has worked on multiple security procedures. The team notes that “a majority of funds” are safe. Explaining the latest state of the protocol, the announcement revealed how much in crypto funds were stolen and which address currently holds the funds.
A majority of the liquidity pools on Akropolis are not affected. These include Compound (USDC DAI), AAVE (sUSD bUSD), and Curve (bUSD sBTC.) The native ADEL and AKRO staking pools are not affected as well.
So far, the team has decided to pause all stablecoin pools and inform all exchanges. Akropolis is working on the issue with several security specialists and has employed the team to review all security processes related to the hack. In the next few days, the platform plans to publish a review of their new smart contract analysis and reimburse all affected users.
CipherTrace Reports that 50% of all 2020 Hacks have targetted DeFi
At this point in time, a DeFi hack may not seem like news at all. A recent report by the leading blockchain security firm CipherTrace has revealed that 50% of all hacking events in 2020 have targeted the DeFi market. The firm believes that the rise in DeFi hacks can be mainly attributed to the sudden rise of popularity. In previous years, such as 2019, the overall volume of DeFi hacks was ‘virtually negligible.’
Developers represent one part of the hacking problem. Technical teams often do not sufficiently test and review their smart contracts before launching a platform. In some cases, teams have launched a platform even though it contained numerous high-level exploits. But developers are not the only ones to blame.
Despite publicly publishing the audit results, investors still participate in these risky projects. On that account, we can conclude that both parties share the blame.
One factor that is unaccounted for is represented by the global regulatory bodies that have not yet interacted with DeFi. However, CipherTrace believes that the situation may soon change. Watchdogs such as the FATF and FinCEN already plan to implement VASP licenses and multiple regulatory measures upon decentralized exchanges.
By doing so, they could bottleneck the rate at which new projects are launched. Theoretically, it would lead to users only having access to ‘higher quality’ protocols that are more secure.
If you found this article interesting, here you can find more DeFi News