Teacher
Professional
- Messages
- 2,669
- Reaction score
- 819
- Points
- 113
The team of the decentralized exchange WOOFi reported an exploit of the swap service in the L2 network Arbitrum, which led to a loss of $8.75 million.
The hacker borrowed approximately 7.7 million WOO tokens and other assets through flash loans.
The attacker manipulated the price in the Synthetic Proactive Market Making (AMM platform) mechanism, taking advantage of low liquidity, as a result of which the token exchange rate was close to zero. He then" almost costlessly " exchanged 10 million WOO on the platform.
The hacker repeated the attack three times in a "short period of time." Its profit after repayment of instant loans was about $8.75 million.
According to the statement, the exploit was detected almost immediately by the exchange's internal monitoring system and a number of partners like Hypernative, Chainalysis and Wintermute.
Developers have suspended the Swap smart contract and launched an investigation.
"WOOFi's other contracts, including Stake, Earn and Pro, were not affected and remain fully operational. If any of the depositors want to withdraw funds, they will be able to do so in the usual way," they assured.
The team noted that Swap is supported in more than 10 networks, but none of them has the same lending market as Arbitrum. Along with the low liquidity of WOO on the L2 protocol, this made the attack economically feasible for a hacker.
The latter was offered to return the stolen goods for a reward of 10% of the amount. The company Arkham Intelligence has expressed its willingness to pay for information about the attacker.
WOOFi developers are making changes to the Swap contract and expect to complete all the necessary tests within two weeks.
"We will work with leading cybersecurity firms to ensure that vulnerabilities are identified at an earlier stage. This is the first time such an incident has happened to us, and we want to make sure that this does not happen again," the statement said.
The hacker borrowed approximately 7.7 million WOO tokens and other assets through flash loans.
The attacker manipulated the price in the Synthetic Proactive Market Making (AMM platform) mechanism, taking advantage of low liquidity, as a result of which the token exchange rate was close to zero. He then" almost costlessly " exchanged 10 million WOO on the platform.
The hacker repeated the attack three times in a "short period of time." Its profit after repayment of instant loans was about $8.75 million.
According to the statement, the exploit was detected almost immediately by the exchange's internal monitoring system and a number of partners like Hypernative, Chainalysis and Wintermute.
Developers have suspended the Swap smart contract and launched an investigation.
"WOOFi's other contracts, including Stake, Earn and Pro, were not affected and remain fully operational. If any of the depositors want to withdraw funds, they will be able to do so in the usual way," they assured.
The team noted that Swap is supported in more than 10 networks, but none of them has the same lending market as Arbitrum. Along with the low liquidity of WOO on the L2 protocol, this made the attack economically feasible for a hacker.
The latter was offered to return the stolen goods for a reward of 10% of the amount. The company Arkham Intelligence has expressed its willingness to pay for information about the attacker.
WOOFi developers are making changes to the Swap contract and expect to complete all the necessary tests within two weeks.
"We will work with leading cybersecurity firms to ensure that vulnerabilities are identified at an earlier stage. This is the first time such an incident has happened to us, and we want to make sure that this does not happen again," the statement said.
