{"id":145883,"date":"2023-07-11T11:43:59","date_gmt":"2023-07-11T11:43:59","guid":{"rendered":"https:\/\/crypto-economy.com\/?p=145883"},"modified":"2023-09-04T16:59:15","modified_gmt":"2023-09-04T16:59:15","slug":"another-defi-hack-arbitrum-based-rodeo-finance-suffers-1-5m-exploit","status":"publish","type":"post","link":"https:\/\/crypto-economy.com\/another-defi-hack-arbitrum-based-rodeo-finance-suffers-1-5m-exploit\/","title":{"rendered":"Another DeFi Hack; Arbitrum Based Rodeo Finance Suffers $1.5M Exploit"},"content":{"rendered":"<p style=\"text-align: justify\"><a href=\"https:\/\/www.rodeofinance.xyz\" target=\"_blank\" rel=\"noopener\"><strong>Rodeo Finance<\/strong><\/a>, an <a href=\"https:\/\/crypto-economy.com\/arbitrum\/\" target=\"_blank\" rel=\"noopener\">Arbitrum (ARB)<\/a> based decentralized finance (<a href=\"https:\/\/crypto-economy.com\/defi-decentralized-finances\/\" target=\"_blank\" rel=\"noopener\">DeFi<\/a>) protocol, <strong>fell prey to an oracle manipulation attack that resulted in a loss of about 810 Ethereum (ETH), approximately worth $1.5 million<\/strong>, on the Arbitrum network. <!--more--><\/p>\n<p style=\"text-align: justify\">On July 11, blockchain security company, Peckshield took to Twitter to issue an alert, claiming Rodeo Finance suffered an exploit with the perpetrator making off with a whopping $1.53 million. As per an analysis of on-chain\u00a0data, Peckshield stated the perpetrator transferred the dirty profits from Arbitrum to Ethereum.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Our analysis shows that the <a href=\"https:\/\/twitter.com\/Rodeo_Finance?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener\">@Rodeo_Finance<\/a> hack (w\/ ~$1.53M loss) is a so-called &quot;ForceInvestment&quot; hack: the Investor.earn() routine has a flaw that can be forced to swap <a href=\"https:\/\/twitter.com\/search?q=%24USDC&amp;src=ctag&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener\">$USDC<\/a> -&gt; <a href=\"https:\/\/twitter.com\/search?q=%24WETH&amp;src=ctag&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener\">$WETH<\/a> -&gt; $unshETH, but the slippage control cannot take effect as expected due to the flawed\u2026 <a href=\"https:\/\/t.co\/2j0bmQRe2r\" target=\"_blank\">pic.twitter.com\/2j0bmQRe2r<\/a><\/p>\n<p>&mdash; PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1678700465587130368?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener\">July 11, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h2 style=\"text-align: left\">Rodeo Finance Falls Victim to Another DeFi Hack<\/h2>\n<p style=\"text-align: justify\">Furthermore, the attacker then exchanged the stolen tokens for various other assets before converting them back to ETH. <strong>The final stage of the exploit saw the Ethereum (ETH) being routed through Tornado Cash, the infamous sanctioned cryptocurrency mixer on the Ethereum network, effectively concealing the trail of funds.<\/strong> Peckshield tweeted,<\/p>\n<p style=\"text-align: center\"><em>&#8220;Here comes the flow of stolen funds. The exploiter has bridged the stolen funds (~810.1 ETH) from Arbitrum to Ethereum, swapped 285 ETH for unshETH and deposited them to Ankr: ETH2 Staking, and transferred 150 ETH to Tornado Cash.&#8221;<\/em><\/p>\n<p style=\"text-align: justify\">This comes hot on the heels after Arcadia Finance a DeFi platform, <a href=\"https:\/\/crypto-economy.com\/arcadia-finance-defi-platform-loses-455k-usd\/\" target=\"_blank\" rel=\"noopener\">suffered<\/a> an exploit on July 10, resulting in the loss of approximately $455,000 across the Ethereum and Optimism networks. As per Peckshield, another decentralized firm, <strong>Libertify, an AI-based automated investment platform had also endured an attack that drained $452K on Polygon and Ethereum.\u00a0<\/strong><\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Our analysis shows that the <a href=\"https:\/\/twitter.com\/Libertify_?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener\">@Libertify_<\/a> hack (w\/ ~452K loss) is possible due to the lack of reentrancy protection, which allows the hacker to mint more shares via re-entering deposit() routine. <a href=\"https:\/\/t.co\/11Utp3idhN\" target=\"_blank\">https:\/\/t.co\/11Utp3idhN<\/a> <a href=\"https:\/\/t.co\/h9rDfr3g7b\" target=\"_blank\">pic.twitter.com\/h9rDfr3g7b<\/a><\/p>\n<p>&mdash; PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1678688731908411393?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener\">July 11, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h2 style=\"text-align: left\">DeFi Attacks Dent Investor Confidence<\/h2>\n<p style=\"text-align: justify\"><strong>Such exploits have been plaguing the Arbitrum network for quite some time now.<\/strong> In April, Sentiment, another DeFi protocol running on Arbitrum, lost $1 million to a hacker. This was followed by an even larger security breach in May, where the Jimbos protocol lost a colossal amount of nearly $7.5 million.<\/p>\n<p style=\"text-align: justify\">In the past couple of years, the DeFi ecosystem has continued to succumb to increasing crypto attacks, serving as the biggest targets in the cryptocurrency industry. <strong>Fraudsters have increasingly targeted DeFi platforms, using more sophisticated tools to carry out these exploits.<\/strong><\/p>\n<p style=\"text-align: justify\"><img fetchpriority=\"high\" decoding=\"async\" class=\"aligncenter wp-image-145900 size-full\" src=\"https:\/\/crypto-economy.com\/wp-content\/uploads\/2023\/07\/DeFi-Hacks-1-e1689074684551.jpeg\" alt=\"DeFi Attacks Dent Investor Confidence\" width=\"825\" height=\"305\" srcset=\"https:\/\/crypto-economy.com\/\/wp-content\/uploads\/2023\/07\/DeFi-Hacks-1-e1689074684551.jpeg 825w, https:\/\/crypto-economy.com\/\/wp-content\/uploads\/2023\/07\/DeFi-Hacks-1-e1689074684551-300x111.jpeg 300w, https:\/\/crypto-economy.com\/\/wp-content\/uploads\/2023\/07\/DeFi-Hacks-1-e1689074684551-768x284.jpeg 768w, https:\/\/crypto-economy.com\/\/wp-content\/uploads\/2023\/07\/DeFi-Hacks-1-e1689074684551-18x7.jpeg 18w\" sizes=\"(max-width: 825px) 100vw, 825px\" \/><\/p>\n<p style=\"text-align: justify\"><span data-preserver-spaces=\"true\">Flash loans, exit scams, cross-bridge exploits, reentrancy attacks, and rug pulls among numerous others are some of the most common methods of attack in the DeFi space. <\/span>Commenting on the rising sophistication among bad actors, <span style=\"font-size: inherit;background-color: var(--base-3);color: var(--contrast)\">Dmitry Mishunin, CEO at crypto auditing firm HashEx, said,<\/span><\/p>\n<div class=\"gb-container gb-container-2246dbe3\" style=\"text-align: justify\">\n<div class=\"gb-inside-container\">\n<div class=\"dynamic-entry-content\">\n<p style=\"text-align: center\"><em>\u201cHackers have gotten smarter, gained more experience, and learned how to look for bugs. The crypto industry is still relatively new, and everyone is growing with each other, so it\u2019s difficult to get too far ahead of bad actors.\u201d<\/em><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p style=\"text-align: justify\"><strong>Such attacks continue to dent investor confidence in the digital assets industry which is already going through a whirlwind phase coupled with macroeconomic uncertainty and the barrage of attacks from regulators all around the world,<\/strong> Recently, data from Naoris Protocol, a global cyber security firm,\u00a0<a href=\"https:\/\/www.globalsecuritymag.com\/Analysis-reveals-rise-in-reported-Web3-and-DEFI-hacks-during-Q1-2023.html\" target=\"_blank\" rel=\"noopener\">revealed<\/a>\u00a0there was a\u00a0rise in the number of reported cyber security hacks on Web3 and DeFi in Q1 2023 compared to the same period in 2022 and 2021.<\/p>\n<div class=\"gb-container gb-container-276f0303\">\n<div class=\"gb-inside-container\" style=\"text-align: justify\"><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Rodeo Finance, an Arbitrum (ARB) based decentralized finance (DeFi) protocol, fell prey to an oracle manipulation attack that resulted in a loss of about 810 Ethereum (ETH), approximately worth $1.5 million, on the Arbitrum network.<\/p>\n","protected":false},"author":21,"featured_media":145903,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[111,84,74],"tags":[5271,5502,4708],"_links":{"self":[{"href":"https:\/\/crypto-economy.com\/wp-json\/wp\/v2\/posts\/145883"}],"collection":[{"href":"https:\/\/crypto-economy.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crypto-economy.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crypto-economy.com\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/crypto-economy.com\/wp-json\/wp\/v2\/comments?post=145883"}],"version-history":[{"count":0,"href":"https:\/\/crypto-economy.com\/wp-json\/wp\/v2\/posts\/145883\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crypto-economy.com\/wp-json\/wp\/v2\/media\/145903"}],"wp:attachment":[{"href":"https:\/\/crypto-economy.com\/wp-json\/wp\/v2\/media?parent=145883"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crypto-economy.com\/wp-json\/wp\/v2\/categories?post=145883"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crypto-economy.com\/wp-json\/wp\/v2\/tags?post=145883"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}