Avalanche DeFi Staking Platform Suffers Flash Loan Attack:
Nereus Finance, an Avalanche-based DeFi staking platform has suffered a flash loan arbitrage attack, reports revealed.
The attack also impacted on Decentralized exchange (DEX) Trader Joe and DeFi platform Curve Finance, around 3:26 pm ET on September 6.
Till now, both Avalanche and Nereus are yet to release an official statement regarding the exploit.
According to cryptopotato, the Uphold Head of Research Dr. Martin Hiesboeck flagged on-chain data from Snowtrace which revealed the attacker launched the exploit with a $51 million flash loan.
These funds were then used to execute a flash loan attack that manipulated token pricing on the staking platform.
While the attackers paid back the $51 million loan, they still had $370,000 in USDC stablecoin in their possession after the arbitrage trade completion.
After that, the attacker(s) reportedly transferred the laundered funds from the Avalanche blockchain to the Ethereum network, where the bridged funds were swapped into 194 ETH and 15,800 DAI in this address.
The attacker then ‘bridged’ the funds from the Avalanche blockchain to the Ethereum network. Bridging in crypto means the transfer of tokens across different blockchains. The bridged funds were then swapped into 194 $ETH and 15,800 $DAI and kept in this address
— Dr Martin Hiesboeck (@MHiesboeck) September 7, 2022
In a Certik published report, CertiK’s on-chain security software Skynet revealed that more than $2.33 billion had been lost to various exploitations in the Web 3 space, and a worrisome total of nearly 377 attacks have been recorded so far this year.
In August alone, 44 attacks, with 33 being exit scams and seven deemed as flash loan attacks, was recorded.
Flash loans continues to be a major pin in the ass for web3 ecosystem, but Skynet’s report stated that these attacks have significantly decreased compared to July.
In fact, skynet revealed a 95% drop for these sorts of attacks cumulating to a $745k loss, the second lowest number filed this year after February.
According to Skynet;
“August boasts the lowest total amount lost since February this year and did not even break $1 million in loss. Over the course of 7 attacks, we recorded $745,244 in damages, an immense 95% decrease compared to the previous month of July. The average loss per attack this month was $106,463 the lowest amount we at CertiK have ever recorded for flashloans.”