Avalanche Protocols Get Flash Loan Attacked

avatar

In todays edition of YIYL (You Invest You lose), we take a look at one of those forked EVM chains that claimed they were going to become Ethereum killers, man are there a lot of these things out there as everyone tries to push the L1 rotation thesis, and that they are going to be some foundational part of the internet, which is sadly not going to be the case, but investors will hodl to zero and I think that's marvelous.

If you believe in something, if you have a thesis, by all means hold it all the way down to zero, that's the noble thing to do. We all make mistakes, that's being human and once you're fully rekt, you can take the time to think, maybe I missed something here, maybe I should start laying off the hopium.

So, back to the story, The shitcoin space really is the oeff, that keeps on oeffing and Avalance is no exception.

avaxflashloan.png

Gone in a flash

On Tuesday blockchain cybersecurity firm CertiK warned users of this shitcoin that A flash loan attack had extracted $370,000 in USDC from a smart contract, as well as several liquidity providers.

https://twitter.com/CertiKAlert/status/1567314528357990401

The exDecentralized exchange Trader Joe, staking platform Nereus Finance and automated market maker Curve Finance are thought to have been impacted, the firm said in a tweet.

Honestly, I hate using the words exploit or hack, because that is not the case, this isn't some brute force attack. THIS is the way the protocols work, if you can run code and it works, then that's how code works.

https://twitter.com/nereusfinance/status/1567574661311102976?

The user just happened to find a way to run a command and a tactic that gave them a better return than anyone else, and more power to that person, you go Glen Coco.

Glen Coco.gif

Wtf is a flash loan?

A flash loan exploit is an trading strategy used against these smart contract platforms whereby a smart person does the math borrows uncollateralized funds from a lending protocol and manipulates the price of a given asset, driving up its value.

The user then sells back the borrowed capital in the same transaction after they’ve managed to arbitrage the asset, pocketing the difference.

How did this flash loan work?

As a result, of the loan from the curve, the anonymous user was able to mint 998,000 worth of Nereus' native token NXUSD against $508,000 worth of collateral. They then swapped this capital into different assets via various liquidity pools and managed to walk away with a net profit of $371,406 once the flash loan was returned.

The incident saw the creation of $500,000 of NXUSD which is seen as “bad debt” in the NXUSD protocol. The decision was to pay bad debt using NXUSD from the team’s treasury, sounds pretty decentralised. How do you have a protocol with a central team doing poor open market operations and call it decentralised, lol I guess this is gender-fluid reasoning in finance.

It will be different next time

According to Nereus, the exploit resulted from a “missed step” in the price calculation, resulting in the opportunity to be exploited. Nereus now claims the bug was fixed and the same exploit won’t be possible a second time.

You don't get a fucking next time mate, that's not how it works. Once you bugger up once, only a small percentage of retards are going to come back for a second bite at losing their funds, but you do you.

A bounty on his head

The Nereus team embarrassed decided they wouldn't follow other protocols and beg the user for the funds back, instead offering anyone a fee for his capture. If anyone can identify the hacker and track the funds and Nereus offered a 20% White Hat reward for the return of the funds, no questions asked.

I wonder if team Binance would bother picking up the 70k, or is that too small a fee?

I sure do enjoy waking up to seeing web3 show us in real-time, that proof of work and having a native asset that is secured by something other than server requests ain't going to be secure. Some of us have learned that lesson, others are doomed to repeat the mistake.

Watching people fight gravity sure is fun.

Sources:

Have your say

What do you good people of HIVE think?

So have at it my Jessies! If you don't have something to comment, "I am a Jessie."

Let's connect

If you liked this post, sprinkle it with an upvote or esteem and if you don't already, consider following me @chekohler and subscribe to my fanbase

Earn Free bitcoin & shopEarn Free Bitcoin & shopClaim Free Bitcoin & Shop
lightning.jpgSmiles.jpgthebitcoincompany.jpg

Posted Using LeoFinance Beta



0
0
0.000
9 comments
avatar

It is part of the game as a developer to make your smart contract hacker-proof! Not always easy to build a good DeFi project these days!

0
0
0.000
avatar

Indeed and I sure do love watching them try, it just provides a clear value of why the trade-off bitcoin has made is so damn important

0
0
0.000
avatar

So basically some user manage to smell opportunity to make money. Stupid coders blames the user who totally played by the rules. No scam, No stealing, No hacking. Just random Web3 user doing their thing now with a bounty on head. Devs totally lost the chance of getting any credibility from me!

Posted Using LeoFinance Beta

0
0
0.000
avatar

lol most DEFI projects that get attacked are like that, but they label it as a hack so it can excuse them for their incompetence

0
0
0.000
avatar

Amazing how people do money finding or creating opportunities of Sell Hight Buy Low.

Posted Using LeoFinance Beta

0
0
0.000
avatar

If protocols want to give people the chance to rip it apart for free money, why not

0
0
0.000