Key Takeaways
- Voltage Finance was the goal of an assault at this time that resulted in additional than $4 million stolen from the platform.
- In response to one safety agency, a reentrancy bug allowed attackers to empty the DeFi platform’s lending pool.
- Comparable assaults have been carried out towards Hundred Finance and Agave earlier this month, leading to $11 million stolen.
Share this text
Voltage Finance has suffered a reentrancy assault resulting in the theft of $4 million in stablecoins and cryptocurrencies.
$4 Million Have Been Stolen
One other DeFi exploit has resulted in hundreds of thousands misplaced.
Voltage Finance announced the theft on Twitter on Mar. 31. “We turned conscious of a breach on the [Voltage Finance] lending platform… resulting in the theft of [$4 million],” it wrote.
Numerous stablecoins have been stolen, together with USDCoin (USDC) and Binance USD (BUSD). Wrapped Bitcoin and Ethereum tokens (WBTC and WETH) have been additionally stolen. Fuse Greenback (FUSD) and its non-stablecoin counterpart FUSE have been stolen as properly.
Voltage assured customers that each one funds inside its custody are secure, together with staked tokens and tokens in liquidity swimming pools. It added that its contracts have been topic to numerous audits.
The attacker’s deal with has been flagged on Etherscan, and Voltage has known as on the exchanges CEX and Circle to dam transactions from that deal with. Voltage is now trying to contact the attacker and negotiate a bounty for the return of funds.
The platform added that it’s working with its lending-as-a-service associate Ola Finance to analyze the problem.
Official Report Nonetheless Pending
Ola Community mentioned that it’s going to quickly publish an official report that particulars the exploit. Within the meantime, it has endorsed a third-party report from the blockchain safety agency PeckShield.
Peckshield has stated that the hack was because of a reentrancy bug that allowed hackers to empty the lending pool. This vulnerability arose from a difficulty between ERC-677/777 tokens (the idea of a lot of the affected stablecoins) and forks of the Compound Community (one thing that Ola Community permits builders to create).
Related attacks occurred on Hundred Finance (a fork of Compound Finance) and Agave (a fork of Aave) round Mar. 15. About $11 million in complete was stolen throughout these assaults.
Disclosure: On the time of writing, the creator of this piece owned BTC, ETH, and different cryptocurrencies.
