• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About us
  • Write for us
  • Terms and Conditions
  • Privacy Policy
  • Disclaimer
  • Contact
  • All Posts
  • Advertise

TronWeekly

Crypto World News

  • Home
  • Education
    • Best TRON Wallets
    • Beginner’s guide to TRON
  • Opinion
    • Tron Tokens
    • Market Analysis
  • Industry
    • Tron Exchange
    • Project Review
  • Press Release
  • Advertise
  • About us
    • The Team
    • Editorial Policy
    • Write for us
    • Privacy Policy
    • Disclaimer
    • Terms and Conditions
    • Contact
You are here: Home / News / DeFi / Another DeFi Protocol Loses $7 Million In Flash Loan Exploit
Another DeFi Protocol Loses $7 Million In Flash Loan Exploit

Another DeFi Protocol Loses $7 Million In Flash Loan Exploit

November 17, 2020 by Reena Shaw

Malicious actors are increasingly leveraging flash loans to fund attacks on decentralized finance [DeFi] protocols. Another one is biting the dust. This time, the Origin Protocol’s yield-generating stablecoin protocol, OUSD, was attacked and drained by nearly $7 million, of which $1 million was deposited by the company’s founders and employees.

After tracing the movement of the funds, the Founder of Origin Protocol Matthew Liu revealed that the attacker used both Tornado Cash and renBTC to wash and move funds. Additionally, there was still 7,137 ETH and 2.249 million DAI sitting in one of the attacker’s wallets.

Nature of the Attack

The exec explained,

“The attack was a reentrancy bug in our contract. Unfortunately, our contract was safe from reentrancy bugs unless one of our supported stablecoins was attacking us.”

Reentrancy attacks are known to be the most devastating attacks when developing smart contracts. They are devastating for two reasons: they can completely drain a smart contract of its funds, and they can sneak their way into the code if the developers are not careful.

In the case of OUSD, the entity reportedly exploited a missing validation check in mint multiple (when minting OUSD with multiple stablecoins) to pass in a fake “stablecoin” under their control. This “stablecoin” was then called “transferFrom” on by the vault. This essentially allowed the attacker to exploit the contract with a “reentrancy attack” in the middle of the mint.

As a response to the attack, Liu reminded the users not to buy OUSD on Uniswap or Sushiswap as the current prices do not reflect OUSD’s underlying assets.

Here’s what prominent DeFi influencer Autism Capital had to say about the entire fiasco:

For the constant stress of staking, unstaking, wrapping, wrapping a wrapper, wrapping a wrapper of that, worrying about smart contract risk, worrying about peg risk, worrying about flash loans, worrying about dark autism, worrying about custodial risk, we need at least 500% APY.

— Autism Capital 🧩 (@AutismCapital) November 17, 2020

 

Em8HlxjXMAABsvO scaled

Of late, flash loans have become one of the most popular as well as powerful new liquidity mechanisms that have recently emerged in the decentralized finance [DeFi] ecosystem.

Origin’s breach is the fifth major flash loan attack to hit the DeFi ecosystem in the past three weeks, after security breaches targeting platforms such as Harvest, Akropolis, Value, and CheeseBank. Additionally, it is the tenth DeFi platform to have been exploited in terms of year to date.

Filed Under: DeFi, News Tagged With: flash loan

Primary Sidebar

Recent Posts

  • ECB Garners Over 8,000 Responses To Its Public Digital Euro Consultation April 15, 2021
  • Grayscale Total Assets Under Management Reaches $50 Billion April 15, 2021
  • XRP’s Retracement Seems Likely Before Knocking Off $2-mark April 15, 2021
  • Fed Chairman Powell Needs To Dig Deeper Into Crypto, Suggests Republican Leader April 15, 2021
  • Bitcoin Goes To The Nightclub; Miami’s E11even Announces Support For BTC April 15, 2021


Footer

News

  • Altcoin News
  • Bitcoin News
  • Blockchain
  • Tron News
  • World

Digest

  • Meet the Founder
  • Price Winning Article
  • DeFi
  • Cyber Security
  • Crypto Scam

Industry

  • Project Review
  • Technology
  • Fintech
  • Tron Exchange
  • New in Town

Tron Universe

  • Event and Tron Parties
  • New in Town
  • Tron Tokens

Follow Us

Subscribe US

Copyright © 2021 · Tron Weekly. All Rights Reserved. NOTE: Tron Weekly is an independent crypto news site that adheres to the strict journalism policy anchored on transparency, trust, and objectivity, we have no affiliation with the TRON Foundation, its founder Justin Sun or any other cryptocurrency firm.