Ola Finance Loses $3.6 Million in Latest DeFi Hack

On Apr 1, 2022 at 9:01 am UTC by · 2 min read
an image

Commenting on the attack, Ola Finance noted it was still investigating the incident. It promised to provide a detailed report.

Lending protocol Ola Finance has announced the loss of funds amounting to about $3.6 million in what is the latest DeFi hack. The hack took place on the Fuse network, one of several blockchains on which it operates.

How the DeFi Hack Took Place

According to blockchain security and analytics firm, PeckShield, the hacker exploited a common incompatibility flaw between the compound fork and ERC677/ERC777 tokens. The flaw, called the reentrancy bug, allows a user to make repeated requests on a protocol for funds to steal assets.

With Ola Finance, the user placed personal assets as collateral to borrow funds. Afterward, they exploited the smart contract vulnerability to receive the collateral back without paying what was borrowed. In a series of flash loan attacks, the hacker then repeated the process across five other pools. The pools hit was USDC, $FUSD, $BUSD, $WBTC, $WETH & $FUSE pools.

Commenting on the attack, Ola Finance noted it was still investigating the incident. It promised a detailed report as soon as it was available. In the interim, it has paused its lending services on the Fuse network, while its services on other blockchains remain unaffected.

DeFi Protocol, Voltage Finance, who uses the lending protocol said:

“We became aware of a breach on the @voltfinance lending platform around 3 hours ago leading to the theft of $4M in $USDC, $FUSD, $BUSD, $WBTC, $WETH & $FUSE”.

The protocol clarified that the DeFi hack had nothing to do with its protocol. However, it announced it collaborating with Ola Finance to investigate the situation.

Rising Hacks, a Problem for DeFi adoption

A similar reentrancy vulnerability was exploited on the Gnosis chain a few weeks ago. Two DeFi protocols, Hundred Finance and Agave lost about $11 million to flash loan attacks.

Just this week, Axie Infinity sidechain, Ronin, lost over $615 million in USDC and Ethereum. Interestingly, the hack was not noticed until a customer reported his inability to withdraw about 5000ETH.

With the hacks increasing, there are concerns it will negatively impact the rising DeFi adoption. It is only expected that users will begin to worry about their funds and perhaps start to pull out funds.

Share:

Related Articles

Solana-Based Meme Coin Bonk Killer Hits $328T Market Cap to Trap Investors

By April 30th, 2024

Bonk Killer amassed a market value swiftly. Howeve­r, this growth halted abruptly when traders found the­y couldn’t sell their tokens.

Stripe Announces Integration with Avalanche

By April 29th, 2024

Several prominent Avalanche ecosystem partners have already signaled their intention to integrate with Stripe, including GoGoPool, Avvy, Pakt, zeroone, Halliday, The Arena, Shrapnel, and DeFi Kingdoms.

Consensys: US SEC Chairman Gary Gensler All Along Believed Ethereum Was Security

By April 29th, 2024

The revelations come a few days after Consensys sued the US SEC for attempting to label Ethereum amid decreased odds of spot Ether ETF approval.

Exit mobile version