Warp Finance, a DeFi platform that went live barely a week prior, has now suffered a flash loan attack, as the team announced. According to the announcement in question, the attacker managed to siphon out a whopping $8 million in stablecoins, doing this by exploiting a bug where they borrowed more than they were allowed to.
$7.7 M Gone With Plans To Recover $5.5 M
The Warp Finance tweeted that the exploiter managed to pull out $7.7 million in stablecoins from the lending platform. All is not lost, however, and the Warp finance Team was quick to state that it already has plans to recover about $5.5 million of those stolen funds, which is still secured within the collateral vault.
1/ Approximately 2 hours ago, https://t.co/nS5MGArVoP was exploited with a complex flash loan attack which allowed the user to borrow more than their collateral value resulting in a loss of stablecoin lender funds.
— warp.finance (@warpfinance) December 18, 2020
Warp Finance stated that users that saw a loss thanks to this attack would have these recovered funds distributed to them.
It was just earlier when the protocol announced that users should opt-out of depositing stablecoins into the platform, having come to investigate some irregularities.
Just Passed A Week And Attacked Already
As for Warp itself, the protocol made its debut at the end of October, with the platform seeing its official launch on the 9th of December, 2020. What this means is the platform saw a theft of $7.7 Million after just eight days of operation, making its entrance and introduction to the relentless world of DeFi exploits a harsh one indeed.
Flash loan attacks, as what happened to Warp, occurs when a user borrows collateral and returns it within a single transaction, after using those same assets to manipulate the price. Emiliano Bonassi, a white hat hacker, took the time to investigate the attack, and is convinced that the attack actually had multiple “flash swaps” involved with three of Uniswap’s liquidity pools.
These pools of the decentralized exchange included USDC, Wrapped BTC, and USDT. Another step in the flash loan attack was two loans from dYdX, a crypto trading platform, that involved DAI and Ether.
A Common Trend In DeFi
From Bonassi’s assessment, it’s clear that this flash loan attack was planned in advance, with numerous planned steps in the process. Sadly, flash loan attacks have been a problem for DeFi protocols across the board, with Harvest finance seeing a loss of $34 million and Compound seeing one of $89 million.
This, of course, is excluding various exploits and thefts occurring thanks to exploited codes and so on. DeFi protocols have a long way to come before they start finding their feed, and it seems that they’re going to learn expensive lessons along the way as well.
As it stands now, Warp had promised the public of a more detailed post-mortem within the next few days.