Warp Finance, a decentralized finance (DeFi) lending protocol officially launched on December 9, has suffered a massive flash loan attack, resulting in the siphoning of almost $8 million in digital assets.
The team behind the DeFi project confirmed on Twitter that the attacker removed $7.7 million in stablecoins from the lending platform. However, the team already has plans to recover around $5.5 million that is still secured in the collateral wallet.
2/ The exploiter was able to remove $7.7m of stablecoins. The team has a plan to recover approximately $5.5m that is still secured in the collateral vault. Upon successful recovery, these will be distributed to users who experienced a loss.
— warp.finance (@warpfinance) December 18, 2020
Is DeFi Safe?
Flash loans allow users to borrow and return the amount in the same transaction. Attackers exploit this service to gain control of the lending assets without keeping any collateral. This exploitation technique is widely used to target vulnerable DeFi platforms.
White hat hacker and Co-founder of Marqet Exchange, Emiliano Bonassi, detailed that the attackers used multiple flash Swaps to three Liquidity pools on decentralized exchange Uniswap and a couple more on dYdX.
Taking a look...https://t.co/UzyDETcmur
This is the second attack whish uses multiple flash liquidity, flash swaps via Uniswap and flash loans via dYdX We will see very complex things via @AaveAave V2 batch flash loans :) https://t.co/jAjWa3WAi6 — Emiliano Bonassi | emiliano.eth (@emilianobonassi) December 17, 2020
Wrap Finance team publicly announced the project in November and launched it earlier this month. It offers users the ability to receive loans using crypto assets as collateral.
However, the attack costing millions of dollars within days of going live has raised serious questions about its security. The team has promised to publish a detailed analysis of the attack and the ‘next steps for [Warp Finance] in the coming days.’ However, no assurance of any refund has been made to the victims as of yet.
DeFi is seen as the real decentralized alternative to the mainstream banking system, but even the top platforms remain vulnerable to attacks. Attackers used the same flash loan exploitation to previously target Compound and Harvest Finance.