Ana Andrianova, the Akropolis founder and CEO, has denied allegations that the latest attack was done similarly to the one DeFi protocol Harvest Finance encountered in October.
Akropolis is the latest decentralized finance (DeFi) project to be hacked through flash loans. The Gibraltar-based DeFi platform runs a protocol that generates interest on pooled Ethereum-based assets. The latest reports reveal that hackers managed to exploit saving pools and got away with over $2,051,159 in DAI stablecoins. They later moved the funds to a different address away from Akropolis.
The project announced:
“At ~14:36 GMT we noticed a discrepancy in the APYs of our stablecoin pools and identified that ~2.0mn DAI had been drained out of the yCurve and sUSD pools.”
Akropolis said via Twitter that it had discovered a hack that was executed across a body of smart contracts in the saving pools. The firm explained that the areas that these cybercriminals targeted had already been audited twice. They only included “Curve Y and Curve sUSD savings pools.”
We recently identified a hack executed across a body of smart contracts in the "savings pools" that have been audited twice. We are working with security specialists and on-chain analytics providers and aim to make a more detailed statement shortly. Thank you for your patience.
— Akropolis (@akropolisio) November 12, 2020
Ethereum blockchain records indicate that the criminals stole 2,030,850 Dai (DAI) by exploiting saving pools. Since then, the firm published on its site that most of the funds are safe and it decided to suspend all stablecoin pools. For now, Akropolis is exploring different ways of reimbursing affected users.
How the Akropolis Attack Happened
Ana Andrianova, the Akropolis founder and CEO, has denied allegations that the latest attack was done similarly to the one DeFi protocol Harvest Finance encountered in October. In this case, hackers exploited over $24 million from Harvest’s pools and exchanged it for renBTC (rBTC).
According to Akropolis, the exploit utilized “a combination of a re-entrancy attack with dYdX flash loan origination”. The security firm that audited smart contracts for Akropolis, CertiK, did not find the two attack vectors that the hackers used. The firm also allegedly audited lending protocol bZx that has been compromised thrice in 2020.
CipherTrace reported on November 10 that while the hacks on DeFi protocols were almost negligible in 2019; they currently account for 20% of cryptocurrency losses from the hacks and thefts. The report said:
“The surge in DeFi was what ultimately attracted criminal hackers, resulting in the most hacks for the sector this year.”
Other news from the crypto world can be here.
next