DeFi project Warp Finance said Sunday its efforts to recover stolen funds from last week’s $7.7 million hack were partially successful, with over $5.85 million recovered as of this morning.
The project is a decentralized lending platform that allows users to deposit Liquidity Provider (LP) tokens—issued to users who provide liquidity on decentralized exchanges like —and take out stablecoin loans (against the LP tokens as collateral).
Warp said it was able to recover the liquidity provider tokens that represented the collateral for $5.85 million. “We successfully recovered the exploiter’s loan collateral in the form of ETH/DAI-LP tokens. The value is approximately $5.85m, which is ~75% of the $7.76m lost funds,” it said in a statement.
On December 20th, 2020 at 0216 UTC we successfully recovered the loan collateral from the exploit, in the form of ETH/DAI-LP tokens. The value is approximately $5.85m, which is ~75% of the $7.76m lost funds.
Full statement: https://t.co/SzrE3irylJ
— warp.finance (@warpfinance) December 20, 2020
The project said it would distribute the recovered funds to affected users in the next 24 hours. The amount would be proportional to 75% of the liquidity token amount deposited by users, as the $7.7 million in stablecoins (held by the hacker) have still not been recovered.
Apart from victims, Warp said it would also compensate users who deposited liquidity tokens after the attack and endured a loss. And as an additional gesture, the project added it would issue a “Portal IOU” token in the coming days to fully make up for the victims’ losses (and potentially even make a profit).
With a promising model, Warp Finance attracted millions of dollars’ worth of liquidity provider token deposits from users since its launch in early November. However, a complex attack involving a faulty “oracle”—a third-party service that fetches verified data from various sources to a blockchain—was conducted last week and the hackers were successfully able to withdraw a $7.7 million loan, as several on-chain researchers pointed out.
Quite interesting the attacker asked 3 loans via flash swaps to 3 different pools on Uniswap
It’s definitely a batch flash loan via flash swaps!
And this is just the beginning… pic.twitter.com/beVLShZlI6
— Emiliano Bonassi | emiliano.eth (@emilianobonassi) December 18, 2020
The attack was one in a series of hacks against DeFi projects that saw hackers manipulating oracles to trick such protocols into unlocking a far greater amount (for the hackers) than what their staked collateral allowed.
DeFi projects have since improved security measures and implemented changes to fend off oracle-led hacks. But the attackers have been one step ahead so far.
Coins, ETHRead More